Specifying basic proxy operation

How to specify basic proxy operation without the wizard.

Procedure

  1. In the search field, enter web service proxy
  2. From the search results, click Web Service Proxy.
  3. Click Add.
  4. Define the basic properties - Name, administrative state, and comments.
  5. From the Service priority list, select the scheduling priority for the service.
  6. From the XML manager list, select an XML manager.
  7. Set the Propagate URI property to control the behavior of URI propagation. For TIBCO EMS, IBM® MQ, or WebSphere® JMS, disable URI propagation.
    URI propagation is meaningful in only the following situations.
    • The service uses a static target.
    • The service uses a dynamic target and dynamic routing is set with a route with stylesheet action. In this case, use the dp:set-target extension element to define the target server. For other dynamic routing options that are available with route actions, the URI is absolute.

    When enabled, the service rewrites the URI of the target URL to the URI in the client request. If URI propagation is enabled and the client submits http://host/service and the target URL is http://server/listener, the URL is rewritten to http://server/service.

    • When enabled, any matching rule in a response processing rule must match the rewritten URL.
    • Any action in the processing policy can change the URI that is sent to the target server. The rewritten URI can override the intended effect of this setting.
  8. Set the Proxy HTTP response property to control whether to proxy the response code from server unless the response code is set in the processing policy.
  9. In the Load balancer hash header field, enter the name of the HTTP header to calculate the hash to distribute traffic to servers.
    • When defined, the hash algorithm uses the value of the identified HTTP header.
    • When not defined, the hash algorithm uses the IP address of the client.
  10. From the Message processing mode list, select the checkboxes to control the in-order (serial) processing of queue-based messages during message processing.
  11. Set the Process messages whose body is empty property to control whether to process bodyless request and response messages.
  12. Define controls to protect against providing a padding oracle.
    1. Set the Rewrite error messages property to control the rewriting of error messages to avoid providing a padding oracle.
    2. Set the Delay error messages property to control the delay of error messages to avoid a padding oracle.
    3. In the Duration to delay error messages field, enter the duration to delay error messages after the decryption of requests.
  13. From the Type list, select the operational mode for the service.
  14. From the Endpoint rewrite policy list, select the endpoint rewrite policy.
  15. From the Authorization AAA policy list, select the AAA policy to provide only authentication and authorization to all messages that the service endpoints handle. Unlike an AAA policy in the processing policy that can modify messages and do postprocessing, this AAA policy does not employ any selective matching rules. Therefore, this AAA policy processes all messages.
  16. From the Processing Policy list, select the processing policy. The service automatically validates message traffic as well-formed SOAP XML, applies schema validation that is based on the WSDL, and filters for correct operation names.
  17. Define the behavior to control how to retrieve WSDL files.
    1. Set the Automatic retry property to on to try to connect to the remote server again after a TCP connection failure occurs.
    2. In the Retry interval field, enter the duration to wait between attempts.
    3. In the Reporting interval field, enter the number of failed attempts between writing error messages to the log.
    4. In the Total retries field, enter the number of attempts.
  18. In the Kerberos encryptor principal field, enter the full name of the client principal to decrypt automatically encrypted requests. Use this property when encryption uses a Kerberos session key or uses a key that was derived from the session key.
  19. In the Kerberos decryptor principal field, enter the full name of the client principal to decrypt automatically encrypted responses. Use this property when encryption uses a Kerberos session key or uses a key that was derived from the session key.
  20. From the Kerberos keytab list, select the keytab that contains the principals. The service uses these principals to decrypt automatically encrypted requests and responses.
  21. From the Decrypt key list, select the key that decrypts any encountered encrypted payloads. The decrypted node set is passed to the processing policy.
  22. In the EncryptedKeySHA1 cache lifetime field, enter the cache lifetime for the decrypted key.
  23. Optional: Set the Preserve EncryptedKey chain property to on to output the chain of elements for the decrypted encrypted data, such as xenc:EncryptedKey, wsc:DerivedKeyToken. Otherwise, all xenc:EncryptedKey elements are removed after decryption, even when some of the encrypted data was not decrypted successfully.
  24. Optional: Set the Decrypt with key from EncryptedData property to on to enable a decrypt action to attempt decryption with the key that is inside the EncryptedData element. This property is meaningful when the key is inside an EncryptedData element and the decrypt action cannot locate the key to decrypt the corresponding EncryptedData elements. This situation can occur when encryption is with a SAML assertion.
  25. From the SOAPAction policy list, select the handling of the HTTP SOAPAction header.
    • When lax, an empty header or a header that contains the empty string from the client is considered a match.
    • When strict, the client must provide the header as it is specified in the WSDL file.
    • When off, the SOAPAction header is ignored and never compared against the content in the WSDL.
  26. Optional: Set the Monitor with web services management agent property to on to automatically generate the monitoring records.
  27. Optional: Set the Message capture with web services management agent property to control the message capture mode.