Configuring Virtual Services for Sender-Vouches Processing
Next, you need to configure the desired virtual services so they can use the STS for Sender-Vouches processing.
To configure virtual services for SAML Sender-Vouches processing
1. Write an IS wrapper service that includes the predefined Java service mediator.security.ws:AddSamlSenderVouchesToken. This service will be called by Mediator during request processing.
For details about the AddSamlSenderVouchesToken service, see the CentraSite documentation (in the section Virtualized Services in CentraSite Control > Invoking webMethods IS Services in Virtualized Services > Using the Security API in webMethods IS Services).
2. In the Request Processing step of the desired virtual services, invoke the IS wrapper service you just created. For the procedure to do this, see the section Virtualized Services in CentraSite Control > Configuring Virtual Services in the CentraSite documentation.
The virtual services are now ready to be deployed and invoked by the client.
3. Client requests must meet the following requirements:
The client must invoke the virtual services with valid
Integration Server user credentials (HTTP Basic Authentication).
The credentials must be able to be used by
Mediator to invoke the virtual services.
Mediator will use the identified
Integration Server user as the value for the
<wst:OnBehalfOf> element, shown below. If a virtual service's policy includes security actions such as the "Require WSS Username Token" action, the user identified by that token will be used as the value for
<wst:OnBehalfOf> element when sending requests for SAML Sender-Vouches tokens.
<wst:OnBehalfOf>
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss
-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-
wssecurity=utility- 1.0.xsd" wsu:Id="UsernameToken-28549389">
<wsse:Username>Administrator</wsse:Username>
</wsse:UsernameToken>
</wst:OnBehalfOf>
