Set system policy sets using the admin console

By defining a custom policy set or defining assertions about how services are defined, we can configure WS-Security. Use the admin console to manage custom policy sets.

A policy set specifies a set of common message policy assertions that can be specified within a policy. For example, a policy set can define general security policy assertions that apply to other protocols, such as WS-Security, SOAP messages, Web Services Secure Conversation (WS-Secure Conversation) and Web Services Trust (WS-Trust).

There are two main types of policy sets; application policy sets and system policy sets. Application policy sets are used for business-related assertions. These assertions are related to the business operations defined in the Web Services Description Language (WSDL) file. System policy sets, on the other hand, are used for non-business-related system messages. These messages are defined in other specifications which apply qualities of service (QoS). Examples of QoS are the request security token (RST) messages defined in WS-Trust, the create sequence messages defined in WS-Reliable Messaging, and the metadata exchange messages defined by WS-MetadataExchange.

Use system policy sets with the trust service, or Web Services MetadataExhange (WS-MEX). The requestor (client) must utilize JAX-WS only. Requestors which use Java API for XML-based remote procedure calls (JAX-RPC) are incompatible with the policy set QOS.

Depending on the assigned security role when security is enabled, we might not have access to text entry fields or buttons to create or edit configuration data. Review the administrative roles documentation to learn more about the valid roles for the appserver.

Only custom policy sets can be modified. Default system policy sets are read only and cannot be changed.

 

1. To define system policy sets, click Services > Policy sets > System policy sets.

2. Click one of the following actions to work with the system policy set configurations:

   New

   To create a system policy set configuration. Enter a unique name for the system policy set configuration in the Name field. For example, we might specify EcommerceTrustServiceSecurity.

   Delete

   To delete an existing configuration. Select the check box next to an existing policy set name, and click Delete.

   Copy

   To copy an existing configuration. Select the check box next to an existing policy set name, and click Copy.

   Import

   To import an existing configuration. Select the check box next to an existing policy set name, and click Import. For more information, read about importing policy sets using the admin console.

   Export

   To export an existing configuration. Select the check box next to an existing policy set name, and click Export. For more information, read about exporting policy sets using the admin console.

3. To edit the settings of an existing policy set configuration, click the link for the existing custom system policy set that you want to change. Use the admin console to modify existing custom policy sets that have been created.

4. If creating a policy set, enter a short description for the new policy set. Default policy sets can only be viewed. For a custom policy set, edit the brief description of the policy set in the Description field. This description displays in the list on the System policy sets panel. The description should be meaningful to you and other potential users of this policy set.

5. If creating a new policy set, click Apply. The policy set name must be applied before we can add policy types to the new policy set.

6. If needed, add the policy type information, or change the policy types for an existing system policy set.

   We can add, delete, enable, or disable policy types for the selected policy set. We can add any valid policy types to the policy set collection.

   The following are available policy types for system policy sets:

   • HTTP transport - for HTTP transport policies

   • SSL transport - for HTTPS transport policies
   • WS-Addressing - for endpoint addressing policies

   • WS-Security - for secure SOAP messages policies

7. Click OK and then click Save to save the information directly to the master configuration.

 

Results

we have provided the basic information to create a system policy set. We can also create a new or update an existing system policy set for the WAS trust service, or Web Services MetadataExhange (WS-MEX), using the wsadmin tool. The wsadmin tool examples are written in Jython.

 

Next steps

After creating a system policy set and adding the policy types, attach the system policy set to a trust service operation for an endpoint, or attach it to one of the trust service default operations.

Define a new system policy set
System policy set collection
System policy set settings

 

Related tasks

Importing policy sets
Exporting policy sets
Manage policy sets
Importing and exporting policy sets to client or server environments using scripting
Set attachments for the trust service
Create policy sets using the wsadmin tool
Secure requests to the trust service using system policy sets

 

Related

Application policy sets collection
Import policy sets from a selected location settings
Administrative roles