Configuring Virtual Services for Sender-Vouches Processing
After you configure STS for Senders-Vouchers processing, you must configure the desired virtual services so they can use the STS for Sender-Vouches processing.
To configure virtual services for SAML Sender-Vouches processing
1. Write an IS wrapper service that includes the predefined Java service mediator.security.ws:AddSamlSenderVouchesToken. Mediator calls this service during request processing.
For details about the AddSamlSenderVouchesToken service, see CentraSite User’s Guide.
2. In the Request Processing step of the desired virtual services, invoke the IS wrapper service you just created. For the procedure to do this, see CentraSite User’s Guide.
The virtual services are now ready to be deployed and invoked by the client.
3. Ensure that the following requirements are met by the client requests:
Mediator must be able to invoke the virtual services with the Integration Server user credentials.
The credentials must be able to be used by
Mediator to invoke the virtual services.
Mediator uses the identified
Integration Server user as the value for the
<wst:OnBehalfOf> element. If a virtual service's policy includes security actions such as the Require WSS Username Token action, the token identifies the user and this user is used as the value for
<wst:OnBehalfOf> element when sending requests for SAML Sender-Vouches tokens. For example,
<wst:OnBehalfOf>
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss
-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-
wssecurity=utility- 1.0.xsd" wsu:Id="UsernameToken-28549389">
<wsse:Username>Administrator</wsse:Username>
</wsse:UsernameToken>
</wst:OnBehalfOf>
