+

Search Tips   |   Advanced Search

Modify an existing WS-Security configuration

We can add or modify the configuration details for a WS-Security configuration configured for use with service integration bus-enabled web services. We use WS-Security configurations to secure the SOAP messages that pass between service requesters (clients) and inbound services, and between outbound services and target web services.

WS-Security configurations specify the level of security that you require (for example "The body must be signed"). This level of security is then implemented through the run-time information contained in a WS-Security binding. You receive the security configuration information direct from the service requester or target service provider, in the form of an ibm-webservicesclient-ext.xmi file for the client, and an ibm-webservices-ext.xmi file for the target web service, which contain the information about the levels of security (integrity, confidentiality and identification) required. You extract the information from these .xmi files, then manually enter it into the WS-Security configuration forms.

Configurations are administered independently from any web service that uses them, so we can create a configuration then apply it to many web services. However, the security requirements for an inbound service (which acts as a target web service) are significantly different to those required for an outbound service (which acts as a client). Consequently, configurations are further divided by service type (inbound or outbound).

To list the WS-Security configurations, and to view and modify their configuration details:


Tasks

  1. Start the administrative console.

  2. In the navigation pane, click Service integration -> Web services -> WS-Security configurations. A list of WS-Security configurations is displayed in a WS-Security service configurations collection form.

    Each available configuration is flagged as either Inbound or Outbound. We use an inbound configuration to secure the SOAP messages that pass between a service requester (client) and an inbound service (which acts as a target web service). We use an outbound configuration to secure the SOAP messages that pass between an outbound service (which acts as a client) and a target web service.

    Each available configuration is also flagged as complying with either the Web Services Security (WS-Security) 1.0 specification or the WS-Security Draft 13 specification.

    Use of WS-Security Draft 13 was deprecated in WebSphere Application Server v6.0. Use of WS-Security Draft 13 is deprecated, and should only be used to allow continued use of an existing web services client application written to the WS-Security Draft 13 specification.

  3. Click the name of a WS-Security configuration in the list. The current settings for this WS-Security configuration are displayed.

  4. Modify the configuration details for this WS-Security configuration. For detailed reference information about each value that we can set, click on the associated link in the following table:

    WS-Security 1.0 inbound configuration WS-Security 1.0 outbound configuration
    Request consumer

    Response generator

    Request generator

    Response consumer

    WS-Security Draft 13 inbound configuration WS-Security Draft 13 outbound configuration
    Request receiver

    Response sender

    Request sender

    Response receiver

  5. Save changes to the master configuration.

If the processing completes successfully, the list of WS-Security configurations is redisplayed. Otherwise, an error message is displayed.


Related:

  • Service integration technologies and WS-Security
  • Deleting WS-Security configurations