Modify an existing WS-Security configuration
We can add or modify the configuration details for a WS-Security configuration configured for use with service integration bus-enabled web services. We use WS-Security configurations to secure the SOAP messages that pass between service requesters (clients) and inbound services, and between outbound services and target web services.
WS-Security configurations specify the level of security that you require (for example "The body must be signed"). This level of security is then implemented through the run-time information contained in a WS-Security binding. You receive the security configuration information direct from the service requester or target service provider, in the form of an ibm-webservicesclient-ext.xmi file for the client, and an ibm-webservices-ext.xmi file for the target web service, which contain the information about the levels of security (integrity, confidentiality and identification) required. You extract the information from these .xmi files, then manually enter it into the WS-Security configuration forms.
Configurations are administered independently from any web service that uses them, so we can create a configuration then apply it to many web services. However, the security requirements for an inbound service (which acts as a target web service) are significantly different to those required for an outbound service (which acts as a client). Consequently, configurations are further divided by service type (inbound or outbound).
To list the WS-Security configurations, and to view and modify their configuration details:
Tasks
- Start the administrative console.
- In the navigation pane, click Service integration -> Web services -> WS-Security configurations. A list of WS-Security configurations is displayed in a WS-Security service configurations collection form.
Each available configuration is flagged as either Inbound or Outbound. We use an inbound configuration to secure the SOAP messages that pass between a service requester (client) and an inbound service (which acts as a target web service). We use an outbound configuration to secure the SOAP messages that pass between an outbound service (which acts as a client) and a target web service.
Each available configuration is also flagged as complying with either the Web Services Security (WS-Security) 1.0 specification or the WS-Security Draft 13 specification.
Use of WS-Security Draft 13 was deprecated in WebSphere Application Server v6.0. Use of WS-Security Draft 13 is deprecated, and should only be used to allow continued use of an existing web services client application written to the WS-Security Draft 13 specification.
- Click the name of a WS-Security configuration in the list. The current settings for this WS-Security configuration are displayed.
- Modify the configuration details for this WS-Security configuration. For detailed reference information about each value that we can set, click on the associated link in the following table:
WS-Security 1.0 inbound configuration WS-Security 1.0 outbound configuration Request consumer
- Required integrity
- Required confidentiality
- Required security token
- Caller
- Add time stamp
- Properties
Response generator
Request generator
Response consumer
- Required integrity
- Required confidentiality
- Required security token
- Caller
- Add time stamp
- Properties
- Save changes to the master configuration.
If the processing completes successfully, the list of WS-Security configurations is redisplayed. Otherwise, an error message is displayed.
Related:
Service integration technologies and WS-Security Deleting WS-Security configurations