Configuring a binding for the WS-Security policy

To use the WS-Security policy with your Web service clients, you must first configure bindings for the policy.

The WS-Security specification includes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. This specification provides protection for a message by encrypting or digitally signing (or both) a message body, headers, attachment, or any combination (or parts) of these. The specification also provides a mechanism for associating security tokens with messages.

To configure a binding for the WS-Security policy:

  1. In the Client Side Policy Set Attachment wizard, select the WSSecurity policy type in the

    Bindings Configuration table; then click

    Configure.

  2. On the Digital Signature Configuration tab:

    1. Under

      Outbound Message Security Configuration, select the type of information that your key contains and the algorithm that will be used to transform your outbound messages that have digital signatures. Use the

      Key Store Settings button to specify settings for your key store.

    2. Under

      Inbound Message Security Configuration, select the algorithm that will be used to transform your outbound messages that have digital signatures. Select the

      Trust Any Certificate check box if you want to accept all incoming messages that have digital signatures, without verifying credentials. If you clear this check box, use the

      Key Store Settings button to specify settings for your key store, and optionally specify a certificate in the

      Certificate Path field.

  3. On the XML Encryption Configuration tab:

    1. Under

      Outbound Message Security Configuration, select the type of information that your key contains and the algorithm that will be used to transform your outbound messages that have digital signatures. Use the

      Key Store Settings button to specify settings for your key store. Select the

      Enable MTOM WS-Security Optimization check box if you want to use the SOAP Message Transmission Optimized Mechanism (MTOM) when sending binary data with your messages. Select the

      Enable Encrypted Header for WS-Security 1.0 check box if you want to use encrypted SOAP headers in the WS-Security version 1.0 specification format.

    2. Under

      Inbound Message Security Configuration, use the

      Key Store Settings button to specify settings for your key store.

  4. On the Token Authentication tab:

    1. In the

      Callback handler list, select a Java™ class to handle messages that use token authentication.

    2. Type your user name and password for token authentication.

  5. Select the

    Enable Message Expiration check box if you want to enable expiration of your sent messages. If you select this check box, type the number of minutes after which your sent messages will expire in the

    Message Expiration Interval field. This number should be a positive integer. By default, sent messages remain permanently valid.

  6. Click OK.

Note: The window displays read-only information about the token types, callback handlers, and JAAS logins in the binding to help you with specifying the required values.

 

Related tasks

Specifying key store settings for bindings configuration