+

Search Tips   |   Advanced Search

Configuring security for a WS-MetadataExchange request

We can configure message-level security for a Web Services Metadata Exchange (WS-MetadataExchange) GetMetadata request by specifying a suitable policy set and binding. You do this when you configure a web service provider to share its policies or a web service client to obtain the policies of a service provider.

For a service provider, we have completed the procedure to configure a service provider to share its policy configuration, up to and including the step to enable WS-MetadataExchange.

For a service client, we have completed the procedure to configure the client policy to use a service provider policy, up to and including the step to use WS-MetadataExchange.

By default, the WS-MetadataExchange GetMetadata request uses the transport-level security configuration of the application. We might want to apply message-level security if transport-level security is not available on the application endpoint, or if transport-level security is not adequate for the requirements. An advantage of message-level security is that it provides end-to-end security, which is especially important for the exchange of security metadata.

We can configure security for a WS-MetadataExchange request using the administrative console. We can also configure security for a WS-MetadataExchange request by using wsadmin commands.

  1. For a service provider, in the Policy Sharing panel on the administrative console, select Attach a system policy set to the WS-MetadataExchange. For a service client, in the Policies Applied panel on the administrative console, select Attach a system policy set to the WS-MetadataExchange.

  2. Select a system policy set to provide message-level security from the Policy set list. We can select from system policy sets containing only WS-Security policies, only WS-Addressing policies, or both. The default policy set is SystemWSSecurityDefault. If the policy sets listed are not suitable for the requirements, create our own system policy set, then return to this procedure.

  3. Select a general binding for the policy set attachment from the Binding list. We can select from general bindings that are scoped to the global domain, or the security domain of this service. If the bindings listed are not suitable for the requirements, create our own general binding, then return to this procedure.

  4. Click OK.

  5. Save the changes to the master configuration.


Results

Message-level security is applied to the WS-MetadataExchange GetMetadata request.


Related concepts

  • WS-MetadataExchange requests
  • System policy sets


    Related tasks

  • Configure a service provider to share its policy configuration
  • Configure the client policy to use a service provider policy
  • Configure system policy sets using the administrative console
  • Define and manage service client or provider bindings

  • WS-Policy commands (AdminTask)