Outbound WS-Security configuration [Settings]
WS-Security configuration for an outbound request. This defines WS-Security requirements for the request generated and response consumed from the target. The objects created may be applied to one or more outbound ports.
To view this page in the console, click the following path:
We can configure the service integration bus for secure transmission of SOAP messages by using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) 1.0 specification.
Alternatively, we can configure the bus in accordance with the previous WS-Security specification, WS-Security Draft 13 (also known as the Web Services Security Core Specification). However, use of the WS-Security Draft 13 specification is deprecated, and you should only use it to allow continued use of an existing web services client application that has been written to the WS-Security Draft 13 specification.
You use an outbound configuration to secure the SOAP messages that pass between an outbound service (which acts as a client) and a target web service. The configuration specifies the level of security that you require (for example "The body must be signed"). This level of security is then implemented through the run-time information contained in the following types of WS-Security binding:
For WS-Security Version 1.0:
- request generator, for use when generating requests from an outbound service to a target web service.
- response consumer, for use when consuming responses from a target web service to an outbound service.
For WS-Security Draft 13:
- request sender, for use when sending requests from an outbound service to a target web service.
- response receiver, for use when receiving responses from a target web service to an outbound service.
WS-Security configurations are administered independently from any web service that uses them, so we can create an outbound configuration then apply it to many outbound services.
Configuration tab
The Configuration tab shows configuration properties for this object. These property values are preserved even if the runtime environment is stopped then restarted. See the information center task descriptions for information about how to apply configuration changes to the runtime environment.
General Properties
WS-Security version
Identifies the version of the WS-Security specification this configuration uses.
| Information | Value |
|---|---|
| Required | No |
| Data type | String |
Service type
The type of service the WS-Security configuration applies to.
| Information | Value |
|---|---|
| Required | No |
| Data type | String |
Name
The name of the outbound WS-Security configuration.
This name must be unique across both WS-Security Version 1.0 and Draft 13 Inbound configurations, and it must obey the following syntax rules:
- It must not start with "." (a period).
- It must not start or end with a space.
- It must not contain any of the following characters: \ / , # $ @ : ; " * ? < > | = + & % '
| Information | Value |
|---|---|
| Required | Yes |
| Data type | String |
Actor URI
WS-Security headers within the consumed response message will only be processed if they have the specified actor URI.
| Information | Value |
|---|---|
| Required | No |
| Data type | String |
Request generator
- Actor
- Defines the Actor URI to be included in the WS-Security headers of a generated message.
- Integrity
- Integrity constraints applied to generated messages. This includes specifying which message parts within the generated message must be digitally signed, and the message parts to attach digitally signed Nonce and time stamp elements to.
- Confidentiality
- Confidentiality constraints applied to generated messages. This includes specifying which message parts within the generated message must be encrypted, and the message parts to attach encrypted Nonce and time stamp elements to.
- Security Token
- Specifies stand-alone security tokens to insert into the generated message. Stand-alone security tokens are those not already used for signature or encryption. Standard and custom security tokens may be defined by URI and local name.
- Add time stamp
- When add time stamp is specified for a consumer, a time stamp is added indicating when the message was consumed. For a generator, a time stamp is added indicating when the message was generated.
- Properties
- General properties for the outbound WS-Security configuration.
Response consumer
- Required integrity
- Integrity constraints consumed messages must meet. This includes specifying which message parts within the incoming message must be digitally signed, and the message parts to which attached digitally signed Nonce and time stamp elements are expected.
- Required confidentiality
- Confidentiality constraints consumed messages must meet. This includes specifying which message parts within the incoming message must be encrypted, and the message parts to which attached encrypted Nonce and time stamp elements are expected.
- Required security token
- Specifies accepted stand-alone security tokens within a consumed message. Stand-alone security tokens are those not already used for signature or encryption. Defining a required security token means that messages containing a token of that type will be processed according to the usage assertion. The security token will not be used for authentication unless it is also specified within a caller.
- Caller
- Security token, signed part or encrypted part used for authentication. If a signed or encrypted part is used, the value of the part attribute must be the name of a defined required integrity or required confidentiality constraint. If a stand-alone security token is used for authentication, then the URI and local name attributes must define the type of security token used for authentication.
- Add time stamp
- When add time stamp is specified for a consumer, a time stamp is added indicating when the message was consumed. For a generator, a time stamp is added indicating when the message was generated.
- Properties
- General properties for the outbound WS-Security configuration.
Related information:
Reference topic