Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Administer Web Services Security
Configure XML digital signature for v5.x web services with the administrative console
XML digital signature provides both message integrity and authentication capabilities when it is used with SOAP messages. XML digital signature is one of the methods WAS provides to secure web services. We can use the WAS administrative console to configure XML digital signature.
- Login mappings collection
Use this page to view a list of configurations for validating security tokens within incoming messages. Login mappings map an authentication method to a JAAS login configuration to validate the security token. Four authentication methods are predefined in the WAS: BasicAuth, Signature, IDAssertion, and Lightweight Third Party Authentication (LTPA).
- Login mapping configuration settings
Use this page to specify the JAAS login configuration settings that are used to validate security tokens within incoming messages.
- Configure nonce using Web Services Security tokens
Nonce is a randomly generated, cryptographic token used to thwart the highjacking of user name tokens, which are used with SOAP messages. Use nonce in conjunction with the BasicAuth authentication method.
- Configure trust anchors
Use the WAS administrative console to configure trust anchors that specify key stores which contain trusted root certificates to validate the signer certificate.
- Configure the client-side collection certificate store
We can configure the client-side collection certificate store by .
- Configure the server-side collection certificate store
We can configure the collection certificate either by using an assembly tool or the WAS administrative console.
- Configure default collection certificate stores at the server level in the WAS administrative console
We can define a single collection certificate store for all of the applications that need to use the same certificates. Use the WAS administrative console to configure the default collection certificate store at the server level.
- Configure default collection certificate stores at the cell level in the WAS administrative console
A collection certificate store is a collection of non-root certificate authority (CA) certificates and certificate revocation lists (CRLs). Use this collection of CA certificates and CRLs to check the signature of a digitally signed SOAP message. A certificate store typically refers to a certificate store that is located in the file system.
- Configure key locators
We can configure binding information and key locators using the WAS administrative console.
- Configure server and cell level key locators
A key locator typically locates a key store in the file system. We can configure server and cell-level key locators for a specific application by using the WAS administrative console. We can configure binding information in the administrative console; however, for extensions, use an assembly tool.
- Configure the security bindings on a server acting as a client
Use the web services client editor within an assembly tool to include the binding information, that describes how to run the security specifications found in the extensions, in the client EAR file.
- Configure the server security bindings
Use the WAS administrative console to edit bindings for a web service after these bindings are deployed on a server.