Secure the producer by WS-Security
We can configure Web Services Security according to the WS-Security standard for the producer and the provided web services.
The producer in IBM WebSphere Portal provides a set of JAX-WS compliant service providers. We can manage the configuration of the WSRP service providers in IBM WebSphere Application Server through the concept of policy sets. We might want to configure the service providers of the producer for WS-Security-based authentication and caller identification. We can do so by attaching an appropriate policy set to the service provider, for example using the WAS admin console.
The WebSphere Application Server ensures message security and quality of service according to the configuration defined. The producer provides a set of default policy sets and default provider policy set bindings. Use them for configuring WSRP service providers. We do not have to create the own policy set and provider policy set binding.
Provided WSRP application policy sets and the provided WSRP provider policy set bindings:
WSRP application policy sets WSRP provider policy set bindings LTPA based LTPA-based message authentication policy set This policy set defines LTPA token-based message authentication. Does not define other security mechanisms such as message confidentiality, or other web service mechanisms such as WS-Addressing.
LTPA-based message authentication provider binding Use this provider policy set binding with the LTPA-based message authentication policy set. It defines the corresponding provider binding, including caller identification.
Username based Username-based message authentication policy set This policy set defines Username token-based message authentication. Does not define other security mechanisms such as message confidentiality, or other web service mechanisms such as WS-Addressing.
Username-based message authentication provider binding Use this provider policy set binding with the Username-based message authentication policy set. It defines the corresponding provider binding, including caller identification.
The WSRP application policy sets and client policy set bindings are contained in compressed format in the directory...
PortalServer/doc/policy-sets-samples
For instructions about how to import and attach policy sets and provider policy set bindings, read the WAS documentation.
To use the WSRP policy sets and provider policy set bindings for service configuration, use the procedure given later in this topic.
We are not limited to using the default policy sets and provider policy set bindings. Instead, we can also create and use a policy set and provider policy set binding of the choice. The producer supports all service configurations that WAS supports. Therefore, use all security tokens that WAS supports. Some token types might require a specific setup. Note that it is necessary to define a compatible web service configuration on the consumer portals.
- Import the WSRP policy sets and provider policy set bindings. To do so, use a WebSphere Application Server administrative client, such as the WAS admin console:
- Open the Application policy sets panel.
- Select Import (From Selected Location).
- Select the LTPA-based message authentication policy set.zip file or the username-based message authentication policy set.zip file to import.
- Open the General provider policy set bindings panel.
- Select Import (From Selected Location).
- Select the LTPA-based message authentication provider binding.zip file or username-based message authentication provider binding.zip file to import.
- Attach the policy set and provider policy set binding to a WSRP service provider....
- Open the Service providers panel.
- Open the service provider to configure. Do not select one of the internal service providers, such as WSRPBaseService_v2_internal, WSRPPortletManagementService_v2_internal, or WSRPServiceDescriptionService_v2_internal.
- Select the service. The service is the first resource listed.
- Use the Attach option to select and attach the LTPA-based message authentication policy set or the username-based message authentication policy set.
- Select the service. The service is the first resource listed.
- Use the Assign Binding option to select and assign the LTPA-based message authentication provider binding file or username-based message authentication provider binding.
- Save the changes to the master configuration.
- After completing this configuration, restart our portal.
Parent Configure security on the Producer portal
Related information
WebSphere Application Server product documentation V 8.5