Policy Sets and Policy Set Bindings editor: Authentication and Protection Tokens panel
Use this panel, which is in the Policy Set Bindings section of the editor, to further configure any X.509 authentication tokens and username tokens that are defined in the associated policy set.
Fields
The table is prefilled, based on the following criteria
- Whether any X.509 authentication tokens exist in the associated policy set.
- Whether the SOAP message type of the authentication token is request or response.
- Whether this policy set binding is defined as being a consumer or provider.
Each authentication token identified as requiring further information is added to the table. An authentication token can require one of two types of additional information:
- Key information in the form of a key name and key alias, for lookup in the integration node keystore.
- Verification information, which can be either TrustAny or TrustStore.
Authentication X.509 tokens | |||||
---|---|---|---|---|---|
Policy set configuration | Policy set bindings configuration | SOAP message | Key information | Key password | Verification information |
request | provider | inbound | N/A | N/A | required |
response | provider | outbound | required | required | N/A |
request | consumer | outbound | required | required | N/A |
response | consumer | inbound | N/A | N/A | required |
Where N/A is displayed in a field, no information is required. Where an authentication token is displayed, enter information in all fields that do not display N/A, so that the policy set binding can be generated correctly in accordance with the associated policy set.
Configure the integration node to refer to a keystore and truststore. You might also need to configure passwords for these stores, and specific key passwords. See Viewing and setting keystore and truststore runtime properties at integration node level for further information.
Field name | Description and valid options |
---|---|
Authentication Token Name | Displays the names of all authentication X.509 tokens that require further configuration. The token name is displayed after either request: or response:, depending on the configuration of the token in the associated policy set. |
Key Name | The distinguished name (DN) that uniquely identifies the key in the keystore defined by the integration node. For example "CN=CommonName, O=Organisation, C=Country" |
Key Alias | The key alias of the key in the keystore defined by the integration node. The integration node also uses the key alias to look up the keystore password associated with this key. You define this in the integration node using the mqsisetdbparms command. |
Trust | Either: |
Authentication username tokens | |
---|---|
Field name | Description and valid options |
Authentication Token Name | Displays the names of all authentication username tokens that require further configuration. The token name is displayed after either request: or response:, depending on the configuration of the token in the associated policy set. |
Add Timestamp | Specifies whether a timestamp is added to the outbound username token field. This option is applicable only to consumer bindings. |
Add Nonce | Specifies whether a nonce is added to the outbound username token field. This option is applicable only to consumer bindings. |
Password Digest | Specifies whether a digest form of the password, instead of the plain text form of the password, is created. This option is applicable only to consumer bindings. |