Integration Server 10.3 | Built-In Services Reference Guide | Security Folder | About the Security Elements
 
About the Security Elements
Use the elements in the security folder to:
*Control which client certificates are sent to other services.
*Digitally sign data.
*Process digital signatures.
*Store and retrieve outbound passwords to access secure resources.
*Manage Integration Server keystores and truststores.
*Secure XML documents.
The services pub.security.keystore:setKeyAndChain, pub.security:setKeyAndChainFromBytes, and pub.security:clearKeyAndChain are used to control which client certificate the webMethods Integration Server presents to remote servers. You need to use these services to switch between certificates and certificate chains if you are not using aliases for remote servers. For more information about aliases for remote servers, see Setting Up a Remote Server Alias.
The pub.security.outboundPasswords services support the use of encrypted outbound passwords to access secure resources. You may wish to have a flow service access a secure resource such as a remote Integration Server, proxy server, or database. The service would need to provide a valid password to access the resource. The pub.security.outboundPasswords services allow a flow service to store passwords in and retrieve passwords from the Integration Server's outbound password store. The outbound password store is an encrypted store of passwords managed by the Integration Server. For more information about the outbound password store, see Working with Outbound Password Settings.
The pub.security.keystore services allow you to configure Integration Server SSL through access to its keys and associated certificates. These keys and certificates are now stored securely in industry-standard keystore and truststore files. For more information about Integration Server keystores and truststores, see Creating a Keystore and Truststore.
The pub.security.xml services are based on the Apache Security APIs. These services support encryption and digital signing of outbound XML documents from Integration Server, and decryption and signature verification of inbound XML from partner applications. The services provide the most commonly-used XML security options, including:
*Signing/encrypting the entire XML document or the content of specific nodes
*Selection of the signing and encryption algorithms
*Use of enveloping and enveloped signatures
Important:
Software AG recommends that you drop variables containing sensitive data from the pipeline once the data is no longer needed by the flow service. Sensitive data includes, but is not limited to, passwords, private keys, and pass phrases. The pipeline stores data in clear text. Because the entire output pipeline is returned to the calling client, avoid leaving variables containing sensitive data in the pipeline. This prevents the service from returning sensitive data to the calling client.