Configure WS-Security for communication with a Producer

Configure WS-Security for communication with a Producer

+
Search Tips | Advanced Search

You can configure WS-Security for the communication with a particular Producer portal by specifying the appropriate security profile for each WSRP port type in the Producer configuration on your Consumer portal.
IBM® WebSphere® Portal Express Version 6.1 provides three security profiles for the most common scenarios. These scenarios are described in the list below. Additionally, the portal allows you to add custom security profiles if required for your environments. By default, none of the Producer ports specifies a security profile.
LTPA_Token

Security Profile for LTPA token forwarding. This works only if the Consumer and Producer portals share the same user registry and LTPA configuration. The Consumer portal authenticates to the Producer by propagating the LTPA token information in the WS-Security SOAP header.

Username_Token

Security Profile for Username token forwarding. This configuration propagates the clear text username in the WS-Security SOAP header.

Signed_Username_Token

Security Profile for Username token forwarding including a signature, nonce, and timestamp. The signature signs the security token only and uses the following algorithms according to the WS-I Basic Security Profile 1.0 recommendations:
Transformation

exclusive c14n. Refer to http://www.w3.org/2001/10/xml-exc-c14n#.

Canonicalization

exclusive c14n. Refer to http://www.w3.org/2001/10/xml-exc-c14n#.

Digest

sha-1. Refer to http://www.w3.org/2000/09/xmldsig#sha1.

Signature

rsa-sha1. Refer to http://www.w3.org/2000/09/xmldsig#rsa-sha1.

The key that is used to encrypt the digest and signature is taken from the default self-signed certificate configuration from the WebSphere Application Server by using the default alias. For more information refer to the URL given under Related information below.

You can set the security profiles by either of the following two ways:
By using the administration portlet Web Service Configuration. In the portlet, navigate to the section for the security settings of a particular Producer, and specify security profiles for each port name.

By using the XML configuration interface. For information on how to set security profiles by using the XML configuration interface, refer to the appropriate topic.

Parent topic
Securing WSRP by WS-Security for a Consumer portal
Next topic: Creating and deploying custom WS-Security profiles

Related information
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/Default_self-signed_certificate_configuration294.html http://www.w3.org/2001/10/xml-exc-c14n# http://www.w3.org/2000/09/xmldsig#sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1