I need to implement the following configuration (policy set and bindings) for a JAX-WS service provider deployed on WAS v7:
Every incoming request contains:
1. a digital signature for a SOAP body
2. BinarySecurityToken based on X509v3 (digital certificate).
WAS should make the following checks:
1. verify those signatures
2. check that the certificate is trusted against a white list (I guess trust.p12)
The outgoing response should be digitally singed with provider's certificate.
How to configure policy set and bindings?
I will appreciate any kind of help here.
Barbara_Jensen 110000MH113 Posts
Re: WS-Security in WAS v72012-11-06T17:26:23ZThis is the accepted answer. This is the accepted answer.Please refer to this information center article for instructions:
Here is another one:
The first is very flexible (dsig and/or encryption inbound and/or outbound). The second one is for only dsig both ways.
I suggest that you first follow the example(s) as-is, then go back and replace the originally configured trust store/keystore(s) with your own.
By default, when dsig is configured, the following will be signed if they exist in the message:
The 'flexible' example describes how to tailor what is signed in step 2e-iii.