Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services Using WS-SecurityPolicy | Securing Web Services Using Policies Based on WS-SecurityPolicy
 
Securing Web Services Using Policies Based on WS-SecurityPolicy
 
Requirements for Using SAML for Authentication
Using Kerberos for Authentication
The following lists the main steps you need to complete to secure a web service using WS-SecurityPolicy.
*To secure a web service using WS-SecurityPolicy
1. Determine the WS-SecurityPolicy policies you want to use to secure a web service.
*You can use out-of-the-box WS-SecurityPolicy policies that are provided with Integration Server. For more information, see Policies Based on WS-SecurityPolicy that Integration Server Provides.
*You can create custom WS-SecurityPolicy policies. If you want, you can use an out-of-the-box WS-SecurityPolicy policy as a template to start your custom WS-Policy. For more information about creating your own WS-Policy, see WS-Policy Files and Guidelines for Creating WS-Policy Files.
Be sure to only use WS-SecurityPolicy assertions that Integration Server supports. For more information, see WS-SecurityPolicy Assertions Reference.
2. If you want to use policies that include SAML tokens for authentication, ensure you have set up Integration Server to use SAML. For more information, see Requirements for Using SAML for Authentication.
If you want to use policies that include Kerberos tickets for authentication, make sure you have set up Integration Server to use Kerberos. For more information, see Using Kerberos for Authentication.
3. Ensure all the WS-SecurityPolicy policies you want to use to secure a web service are located in the following directory:


Software AG_directory
\IntegrationServer\instances\instance_name\
config\wss\policies
4. Ensure you have the certificates and keys needed to support the WS-SecurityPolicy policies in place. For more information, see WS-Security Certificate and Key Requirements.
5. Attach the WS-SecurityPolicy policies to the web service descriptor. For instructions, see webMethods Service Development Help.
Note:
If you want to use MTOM streaming, be aware that if the fields to be streamed are also being signed and/or encrypted, Integration Server cannot use MTOM streaming because Integration Server needs to keep the entire message in memory to sign and/or encrypt the message.