Topic
  • 1 reply
  • Latest Post - ‏2012-11-06T17:26:23Z by Barbara_Jensen
SystemAdmin
SystemAdmin
1677 Posts

Pinned topic WS-Security in WAS v7

‏2011-06-21T06:16:45Z |
Hello,

I need to implement the following configuration (policy set and bindings) for a JAX-WS service provider deployed on WAS v7:

Every incoming request contains:
1. a digital signature for a SOAP body
2. BinarySecurityToken based on X509v3 (digital certificate).

WAS should make the following checks:
1. verify those signatures
2. check that the certificate is trusted against a white list (I guess trust.p12)

The outgoing response should be digitally singed with provider's certificate.

How to configure policy set and bindings?

I will appreciate any kind of help here.

Gosha
Updated on 2012-11-06T17:26:23Z at 2012-11-06T17:26:23Z by Barbara_Jensen
  • Barbara_Jensen
    Barbara_Jensen
    3 Posts

    Re: WS-Security in WAS v7

    ‏2012-11-06T17:26:23Z  
    Please refer to this information center article for instructions:

    http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Ftwbs_general_policyset.html

    Here is another one:

    http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/topic/com.ibm.websphere.express.doc/info/exp/ae/twbs_xmlds_policyset.html

    The first is very flexible (dsig and/or encryption inbound and/or outbound). The second one is for only dsig both ways.

    I suggest that you first follow the example(s) as-is, then go back and replace the originally configured trust store/keystore(s) with your own.

    By default, when dsig is configured, the following will be signed if they exist in the message:
    Body
    Timestamp
    WSAddressing header

    The 'flexible' example describes how to tailor what is signed in step 2e-iii.