• 1 reply
  • Latest Post - ‏2012-11-06T17:26:23Z by Barbara_Jensen
1677 Posts

Pinned topic WS-Security in WAS v7

‏2011-06-21T06:16:45Z |

I need to implement the following configuration (policy set and bindings) for a JAX-WS service provider deployed on WAS v7:

Every incoming request contains:
1. a digital signature for a SOAP body
2. BinarySecurityToken based on X509v3 (digital certificate).

WAS should make the following checks:
1. verify those signatures
2. check that the certificate is trusted against a white list (I guess trust.p12)

The outgoing response should be digitally singed with provider's certificate.

How to configure policy set and bindings?

I will appreciate any kind of help here.

Updated on 2012-11-06T17:26:23Z at 2012-11-06T17:26:23Z by Barbara_Jensen
  • Barbara_Jensen
    3 Posts

    Re: WS-Security in WAS v7

    Please refer to this information center article for instructions:

    Here is another one:

    The first is very flexible (dsig and/or encryption inbound and/or outbound). The second one is for only dsig both ways.

    I suggest that you first follow the example(s) as-is, then go back and replace the originally configured trust store/keystore(s) with your own.

    By default, when dsig is configured, the following will be signed if they exist in the message:
    WSAddressing header

    The 'flexible' example describes how to tailor what is signed in step 2e-iii.