Configure WS-Security for communication with a Producer

Configure WS-Security for the communication with a particular Producer portal by specifying the appropriate security profile for each WSRP port type in the Producer configuration on your Consumer portal.

IBM WebSphere Portal v8.0 provides three security profiles for the most common scenarios. These scenarios are described in the following list. Additionally, the portal allows us to add custom security profiles if required for the environments. By default, none of the Producer ports specifies a security profile.

LTPA_Token

Security Profile for LTPA token forwarding. This works only if the Consumer and Producer portals share the same user registry and LTPA configuration. The Consumer portal authenticates to the Producer by propagating the LTPA token information in the WS-Security SOAP header.

Username_Token

Security Profile for Username token forwarding. This configuration propagates the clear text user name in the WS-Security SOAP header.

Signed_Username_Token

Security Profile for Username token forwarding including a signature, nonce, and timestamp. The signature signs the security token only and uses the following algorithms according to the WS-I Basic Security Profile 1.0 recommendations:

Transformation

exclusive c14n. Refer to
http://www.w3.org/2001/10/xml-exc-c14n#.

Canonicalization

exclusive c14n. Refer to
http://www.w3.org/2001/10/xml-exc-c14n#.

Digest

sha-1. Refer to
http://www.w3.org/2000/09/xmldsig#sha1.

Signature

rsa-sha1. Refer to
http://www.w3.org/2000/09/xmldsig#rsa-sha1.

The key used to encrypt the digest and signature is taken from the default self-signed certificate configuration from the WAS using the default alias. Refer to the URL given under the Related section.

We can set the security profiles by either of the following two ways:

• By using the administration portlet Web Service Configuration. In the portlet, navigate to the section for the security settings of a particular Producer, and specify security profiles for each port name.

• By using xmlaccess.sh. For information on how to set security profiles using xmlaccess.sh, refer to the appropriate topic.

Parent: Secure WSRP by WS-Security for a Consumer portal
Next: Create and deploy custom WS-Security profiles
Related:

http://www.w3.org/2001/10/xml-exc-c14n#

http://www.w3.org/2000/09/xmldsig#sha1

http://www.w3.org/2000/09/xmldsig#rsa-sha1

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_ssldefselfsigncertconf.html