Configuring WS-Security for communication with a Producer

Portal, Express Beta Version 6.1
Operating systems: i5/OS, Linux,Windows

Configuring WS-Security for communication with a Producer

You can configure WS-Security for the communication with a particular Producer portal by specifying the appropriate security profile for each WSRP port type in the Producer configuration on your Consumer portal.

IBM^® WebSphere^® Portal Express Version 6.1 provides three security profiles for the most common scenarios. These scenarios are described in the list below. Additionally, the portal allows you to add custom security profiles if required for your environments. By default, none of the Producer ports specifies a security profile.

LTPA_Token

Security Profile for LTPA token forwarding. This works only if the Consumer and Producer portals share the same user registry and LTPA configuration. The Consumer portal authenticates to the Producer by propagating the LTPA token information in the WS-Security SOAP header.

Username_Token

Security Profile for Username token forwarding. This configuration propagates the clear text username in the WS-Security SOAP header.

Signed_Username_Token

Security Profile for Username token forwarding including a signature, nonce, and timestamp. The signature signs the security token only and uses the following algorithms according to the WS Basic Security Profile recommendations:

Transformation: exclusive c14n. Refer to
http://www.w3.org/2001/10/xml-exc-c14n#.
Canonicalization: exclusive c14n. Refer to
http://www.w3.org/2001/10/xml-exc-c14n#.
Digest: sha-1. Refer to
http://www.w3.org/2000/09/xmldsig#sha1.
Signature: rsa-sha1. Refer to
http://www.w3.org/2000/09/xmldsig#rsa-sha1.

The key that is used to encrypt the digest and signature is taken from the default self-signed certificate configuration from the WebSphere Application Server by using the default alias. For more information refer to the URL given under Related information below.

You can set the security profiles by either of the following two ways:

By using the administration portlet Web Service Configuration. In the portlet, navigate to the section for the security settings of a particular Producer, and specify security profiles for each port name. For details refer to Using the Web Service Configuration portlet to work with Producer definitions online.

By using the XML configuration interface. For information on how to set security profiles by using the XML configuration interface, refer to Using the XML configuration interface to work with Producer definitions.

Parent topic: Securing WSRP by WS-Security for a Consumer portal Next topic: Creating and deploying custom WS-Security profiles Related information

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_ssldefselfsigncertconf.html

Library | Support | Terms of use |