Policies Based on WS-SecurityPolicy that Integration Server Provides
Integration Server provides pre-defined WS-Policies based on WS-SecurityPolicy. These policies contain settings for a number of standard security configurations. You can attach WS-Policies at the binding operation message type level, such as input, output, and fault, in consumer and provider web service descriptors.
Note:
When attaching pre-defined WS-Policies, ensure that you attach the policies at the appropriate binding operation message type levels.
In the policies, WS-SecurityPolicy assertions for authentication apply only to request messages, that is, to:
Consumer outbound request messages
Provider inbound request messages
WS-SecurityPolicy assertions for message integrity and confidentiality apply to all request and response messages.
The out-of-the-box policies are in the following directory:
Software AG_directory \IntegrationServer\instances\instance_name\config\wss\policies
You can use these policies as is, or you can use them as templates when creating your own custom policies.
All of the out-of-the-box policies include a Timestamp token to guard against replay attacks. The following table provides a quick glance at the other security options that each policy provides. Each policy is described in detail in the sections that follow the table.
Policy | Authentication | SOAP Body Signature | SOAP Body Encryption |
| Username | | |
| Username | X | |
| Username | | X |
| Username | X | X |
| X.509 certificates | | |
| X.509 certificates | X | |
| X.509 certificates | | X |
| X.509 certificates | X | X |
| SAML | | |
| SAML | X | |
| SAML | | X |
| SAML | X | X |
| Kerberos | | |