Configuring a binding for the WS-Security policy
To use the WS-Security policy with your Web service clients, you must first configure bindings for the policy.
The WS-Security specification includes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. This specification provides protection for a message by encrypting or digitally signing (or both) a message body, headers, attachment, or any combination (or parts) of these. The specification also provides a mechanism for associating security tokens with messages.
To configure a binding for the WS-Security policy:
- In the Client Side Policy Set Attachment wizard, select the WSSecurity policy type in the
Bindings Configuration table; then click
Configure.
- On the Digital Signature Configuration tab:
- Under
Outbound Message Security Configuration, select the type of information that your key contains and the algorithm that will be used to transform your outbound messages that have digital signatures. Use the
Key Store Settings button to specify settings for your key store.
- Under
Inbound Message Security Configuration, select the algorithm that will be used to transform your outbound messages that have digital signatures. Select the
Trust Any Certificate check box if you want to accept all incoming messages that have digital signatures, without verifying credentials. If you clear this check box, use the
Key Store Settings button to specify settings for your key store, and optionally specify a certificate in the
Certificate Path field.
- On the XML Encryption Configuration tab:
- Under
Outbound Message Security Configuration, select the type of information that your key contains and the algorithm that will be used to transform your outbound messages that have digital signatures. Use the
Key Store Settings button to specify settings for your key store. Select the
Enable MTOM WS-Security Optimization check box if you want to use the SOAP Message Transmission Optimized Mechanism (MTOM) when sending binary data with your messages. Select the
Enable Encrypted Header for WS-Security 1.0 check box if you want to use encrypted SOAP headers in the WS-Security version 1.0 specification format.
- Under
Inbound Message Security Configuration, use the
Key Store Settings button to specify settings for your key store.
- On the Token Authentication tab:
- In the
Callback handler list, select a Java™ class to handle messages that use token authentication.
- Type your user name and password for token authentication.
- Select the
Enable Message Expiration check box if you want to enable expiration of your sent messages. If you select this check box, type the number of minutes after which your sent messages will expire in the
Message Expiration Interval field. This number should be a positive integer. By default, sent messages remain permanently valid.
- Click OK.
Note: The window displays read-only information about the token types, callback handlers, and JAAS logins in the binding to help you with specifying the required values.
Related tasks
Specifying key store settings for bindings configuration