Secure messages at the request generator using Web Services Security APIs
We can secure SOAP messages without using policy sets by configuring signing information, encryption, and generator tokens to protect message integrity, confidentiality, and authenticity, respectively. This request (client-side) generator configuration defines the Web Services Security requirements for the outgoing SOAP message request. To secure web services with WebSphere Application Server, configure the generator and the consumer security constraints. Therefore, in addition to securing messages at the request generator level, we must also secure messages at the response consumer level. The request (client-side) generator configuration requirements involve generating a SOAP message request that uses a digital signature, incorporates encryption, and attaches security tokens. To secure web service applications, specify several different configurations. Although there is no specific sequence to specify these different configurations, some configurations reference other configurations. For example, decryption configurations reference encryption configurations.
The following high-level steps use the WSS APIs:
- Configure generator signing to protect message integrity
- Configure encryption to protect message confidentiality
- Attach generator tokens to protect message authenticity
- Propagate self-issued SAML bearer tokens
- Propagate self-issued SAML sender-vouches tokens with message protection
- Propagate self-issued SAML sender-vouches tokens with transport protection
- Send self-issued SAML holder-of-key tokens with symmetric key
- Send self-issued SAML holder-of-key tokens with asymmetric key
Subtopics
- Configure encryption to protect message confidentiality
- Configure generator signing information to protect message integrity
- Attaching the generator token to protect message authenticity
- Secure messages at the request generator
- Send self-issued SAML bearer tokens
- Inserting SAML attributes
- Send self-issued SAML sender-vouches tokens with message level protection
- Send self-issued SAML sender-vouches tokens with SSL transport protection
- Send self-issued SAML holder-of-key tokens with symmetric key
- Send self-issued SAML holder-of-key tokens with asymmetric key
- Request SAML bearer tokens from an external STS and transport level protection
- Request SAML sender-vouches tokens from an external STS and message level protection
- Request SAML sender-vouches tokens from an external STS and transport level protection
- Request SAML holder-of-key tokens with symmetric key from external security token service
- Request SAML holder-of-key tokens with asymmetric key from External Security Token Service
- Send a security token a generic security token login module
Related tasks
Secure messages at the response consumer using WSS APIs Send self-issued SAML bearer tokens using WSS APIs Send self-issued SAML sender-vouches tokens using WSS APIs with message level protection Send self-issued SAML sender-vouches tokens using WSS APIs with SSL transport protection