Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services Using WS-SecurityPolicy | WS-SecurityPolicy Assertions Reference | Supporting Tokens
 
Supporting Tokens
Use supporting tokens to add additional tokens to a message. You can also use Supporting tokens to sign and encrypt additional elements with the help of protection assertions.�
Important:
If you are implementing WS-SecurityPolicy 1.2 standards, the sp prefix in the assertions described below represents this namespace: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702. If you are implementing WS-SecurityPolicy 1.1 standards, the sp prefix represents this namespace: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy.
The following table lists the WS-Security supporting token assertions that Integration Server supports.
Supporting Token Assertion
Add to a WS-Policy to...
<sp:SupportingTokens>
Identify the tokens to use to populate the <Supporting Tokens> property. Supporting tokens are included in the security header and can optionally include additional message parts to sign or encrypt.
Integration Server supports the following nested assertions:
*[Token Assertion] (See Token Assertions)
*<sp:AlgorithmSuite>
*<sp:SignedParts>
*<sp:SignedElements>
*<sp:EncryptedParts>
*<sp:EncryptedElements>
<sp:SignedSupportingTokens>
Include signed tokens in the message signature and can optionally include additional message parts to sign and/or encrypt.
Integration Server supports the following nested assertions:
*[Token Assertion] (See Token Assertions)
*<sp:AlgorithmSuite>
*<sp:SignedParts>
*<sp:SignedElements>
*<sp:EncryptedParts>
*<sp:EncryptedElements>

<sp:Endorsing SupportingTokens>
Sign the message signature and can optionally include additional message parts to sign and/or encrypt.
Integration Server supports the following nested assertions:
*[Token Assertion] (See Token Assertions)
*<sp:AlgorithmSuite>
*<sp:SignedParts>
*<sp:SignedElements>
*<sp:EncryptedParts>
*<sp:EncryptedElements>

<sp:SignedEndorsing SupportingTokens>
Sign the token used for the message signature and are also signed by the signed endorsing token and can optionally include additional message parts to sign and/or encrypt.
Integration Server supports the following nested assertions:
*[Token Assertion] (See Token Assertions)
*<sp:AlgorithmSuite>
*<sp:SignedParts>
*<sp:SignedElements>
*<sp:EncryptedParts>
*<sp:EncryptedElements>

<sp:SignedEncrypted SupportingTokens>
Include supporting tokens in the security header that are also encrypted when they appear in the security header. Make sure that the tokens are encrypted in order to guarantee token confidentiality.
Integration Server supports the following nested assertions:
*[Token Assertion] (See Token Assertions)
*<sp:AlgorithmSuite>
*<sp:SignedParts>
*<sp:SignedElements>
*<sp:EncryptedParts>
*<sp:EncryptedElements>

<sp:Encrypted SupportingTokens>
Include supporting tokens in the security header that are also encrypted when they appear in the security header.
Note:
WS-SecurityPolicy 1.2 only.
The sp:EncryptedSupportingTokens element should be used only when you cannot provide the “message signature”. Make sure that the tokens are encrypted in order to guarantee token integrity and confidentiality.
Integration Server supports the following nested assertions:
*[Token Assertion](See Token Assertions)
*<sp:AlgorithmSuite>
*<sp:SignedParts>
*<sp:SignedElements>
*<sp:EncryptedParts>
*<sp:EncryptedElements>

<sp:EndorsingEncrypted SupportingTokens>
Include endorsing supporting tokens that are also encrypted when they appear in the security header. Make sure that the tokens are encrypted in order to guarantee token confidentiality.
Note:
WS-SecurityPolicy 1.2 only.
Integration Server supports the following nested assertions:
*[Token Assertion](See Token Assertions)
*<sp:AlgorithmSuite>
*<sp:SignedParts>
*<sp:SignedElements>
*<sp:EncryptedParts>
*<sp:EncryptedElements>

<sp:SignedEndorsingEncrypted SupportingTokens>
Include signed, endorsing supporting tokens that are also encrypted when they appear in the security header. Make sure that the tokens are signed and encrypted in order to guarantee token confidentiality.
Integration Server supports the following nested assertions:
*[Token Assertion](See Token Assertions)
*<sp:AlgorithmSuite>
*<sp:SignedParts>
*<sp:SignedElements>
*<sp:EncryptedParts>
*<sp:EncryptedElements>