WAS v8.5 > Administer applications and their environment > Administer web services - Reliable messaging (WS-ReliableMessaging) > Administer reliable web services > Configure a WS-ReliableMessaging policy set

Configure WS-SecureConversation to work with WS-ReliableMessaging

Configure secure conversation to expect the reliable messaging headers to be signed, and to ensure the scoping security context token does not expire before reliable messaging recovers and resends persistent messages.

• Configure secure conversation to expect the reliable messaging headers to be signed
  
• Configure secure conversation to increase the timeout setting for the scoping security context token
  

Configure secure conversation to expect the reliable messaging headers to be signed

About this task

Although secure conversation allows message headers to remain unsigned, the reliable messaging policy requires the reliable messaging headers to be signed. To use secure conversation and reliable messaging policies in the same policy set, the secure conversation bindings must be configured to require the reliable messaging headers are signed. To achieve this, complete one of the following steps:

Procedure

• Create your policy set from a copy of one of the reliable secure profile default policy sets (WS-I RSP and WS-I RSP ND). These policy sets contain instances of the secure conversation and reliable messaging policies configured to work together.

• Create your policy set from a copy of the secure conversation policy set:

  1. Add the reliable messaging policy to your copy of the secure conversation policy set.

  2. Specify in the secure conversation bindings the reliable messaging headers must be signed. For more information about how to do this, see Define and managing policy set bindings.

  3. Save your changes to the master configuration.

  The reliable secure profile default policy sets (WS-I RSP and WS-I RSP ND) are specifically designed and configured to use secure conversation and reliable messaging in the same policy set. Only create your policy set from a copy of the secure conversation policy set if we have a clear business need to do so. Otherwise, always use a copy of one of the reliable secure profile default policy sets (WS-I RSP and WS-I RSP ND).

Configure secure conversation to increase the timeout setting for the scoping security context token

About this task

When we use a persistent WS-I RSP policy set, which includes WS-SecureConversation, if the scoping security context token is expired when the server is restarted then WS-ReliableMessaging cannot resend its messages and system messages are written to the log file stating the reliable messaging sequence was not secured using the correct security token.

To ensure the scoping security context token does not expire before WS-ReliableMessaging can recover and resend its messages, use the dmgr console to complete the following steps:

Procedure

1. In the navigation pane, click Services > Security cache. The Security cache detail form is displayed.

2. Set the Time token is in cache after timeout property to a value of at least 120 minutes. This value specifies the length of time to keep tokens after they expire. By default, this is 10 minutes. These expired tokens can be used for reliable messaging recovery.
3. In the navigation pane, click Services > Trust service > Token providers. In the content pane, select a security context token. The Security Context Token detail form is displayed.

4. Set the following values for the security context token:
   1. Check the Time in cache after expiration property is set to a value of at least 120 minutes.
   2. Check the Token timeout property is set to a value of at least 120 minutes.

   3. Select the Allow renewal after timeout check box.

5. Save your changes to the master configuration.

Related concepts:

Flow for establishing a security context token to secure reliable messaging

Related

Configure a WS-ReliableMessaging policy set using wsadmin
Add assured delivery to web services through WS-ReliableMessaging
Define and managing policy set bindings
Configure application and system policy sets for web services using scripting
WS-ReliableMessaging
Detecting and fixing problems with WS-ReliableMessaging
Configure the Web Services Security distributed cache

Reference:

WS-ReliableMessaging troubleshooting tips

+

Search Tips   |   Advanced Search