+

Search Tips   |   Advanced Search

Configure security for a WS-MetadataExchange request

We can configure message-level security for a Web Services etadata Exchange (WS-MetadataExchange) GetMetadata request by specifying a suitable policy set and binding. You do this when we configure a web service provider to share its policies or a web service client to obtain the policies of a service provider.

For a service provider, we have completed the procedure to configure a service provider to share its policy configuration, up to and including the step to enable WS-MetadataExchange.

For a service client, we have completed the procedure to configure the client policy to use a service provider policy, up to and including the step to use WS-MetadataExchange.

By default, the WS-MetadataExchange GetMetadata request uses the transport-level security configuration of the application. We might want to apply message-level security if transport-level security is not available on the application endpoint, or if transport-level security is not adequate for our requirements. An advantage of message-level security is that it provides end-to-end security, which is especially important for the exchange of security metadata.

We can configure security for a WS-MetadataExchange request using the administrative console. We can also configure security for a WS-MetadataExchange request using wsadmin commands.


Tasks

  1. For a service provider, in the Policy Sharing panel on the administrative console, select Attach a system policy set to the WS-MetadataExchange. For a service client, in the Policies Applied panel on the administrative console, select Attach a system policy set to the WS-MetadataExchange.

  2. Select a system policy set to provide message-level security from the Policy set list. We can select from system policy sets that contain only WS-Security policies, only WS-Addressing policies, or both. The default policy set is SystemWSSecurityDefault. If the policy sets listed are not suitable for our requirements, create our own system policy set, then return to this procedure.

  3. Select a general binding for the policy set attachment from the Binding list. We can select from general bindings that are scoped to the global domain, or the security domain of this service. If the bindings listed are not suitable for our requirements, create our own general binding, then return to this procedure.

  4. Click OK.

  5. Save changes to the master configuration.

Message-level security is applied to the WS-MetadataExchange GetMetadata request.


Related:

  • WS-MetadataExchange requests
  • System policy sets
  • Configure a service provider to share its policy configuration
  • Configure the client policy to use a service provider policy
  • Configure system policy sets
  • Define and manage service client or provider bindings
  • WS-Policy commands for the AdminTask object