Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services Using WS-SecurityPolicy | WS-SecurityPolicy Assertions Reference | Token Assertions
 
Token Assertions
 
Valid Values for <sp:IncludeToken> Attribute
Use token assertions to specify the types of tokens to use to protect messages. The following table lists the WS-Security token assertions that Integration Server supports.
Important:
If you are implementing WS-SecurityPolicy 1.2 standards, the sp prefix in the assertions described below represents this namespace: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702. If you are implementing WS-SecurityPolicy 1.1 standards, the sp prefix represents this namespace: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy.
Token Assertion
Add to a WS-Policy to...
<sp:UsernameToken>
Specify that a UserNameToken should be used to protect the message with a username and password. The child elements of <sp:UsernameToken> assertion are optional and are not needed for ordinary authentication.
Integration Server supports the following attribute of <sp:UsernameToken>:
*<sp:IncludeToken>
For more information on setting the value for the <sp:IncludeToken> attribute, see Valid Values for <sp:IncludeToken> Attribute.
Integration Server also supports the following nested assertions:
*<sp:NoPassword> (WS-SecurityPolicy 1.2 only)
*<sp:HashPassword> (WS-SecurityPolicy 1.2 only)
*<sp:WssUsernameToken10>
*<sp:WssUsernameToken11�>
Note:Integration Server supports the nested assertions <sp:NoPassword> and <sp:HashPassword> for consumer web service descriptors only.
<sp:X509Token>
Specify that an X509Token should be used to protect the message with an X.509 certificate.
Integration Server supports the following attribute of <sp:X509Token>:
*<sp:IncludeToken>
For more information on setting the value for the <sp:IncludeToken> attribute, see Valid Values for <sp:IncludeToken> Attribute.
Integration Server also supports the following nested assertions:
*<sp:RequireIssuerSerialReference>
*<sp:RequireThumbprintReference>
*<sp:WssX509V3Token10>
*<sp:WssX509PkiPathV1Token10>
*<sp:WssX509V1Token11>
*<sp:WssX509V3Token11>
*<sp:WssX509PkiPathV1Token11>
<sp:HttpsToken>
Indicate that an HttpsToken should be used to protect messages, which means HTTPS is used.
Integration Server supports the following nested assertions:
*<sp:HttpBasicAuthentication> (WS-SecurityPolicy 1.2 only)
*<sp:RequireClientCertificate>
<sp:IssuedToken>
Indicate that an issued token is required. An IssuedToken is issued by a token issuer using the mechanisms defined in WS-Trust and Integration Server uses this when authenticating using SAML. For example, the initiator may need to request a SAML token from a given token issuer in order to secure messages sent to the recipient.
Integration Server supports <sp:IssuedToken> only in case of provider web service descriptors.
Integration Server supports the following attribute of <sp:IssuedToken>:
*<sp:IncludeToken>
For more information on setting the value for the <sp:IncludeToken> attribute, see Valid Values for <sp:IncludeToken> Attribute
*Integration Server supports the following nested assertions:
*<sp:RequestSecurityTokenTemplate>
*<sp:RequireInternalReference>