Set up security on a message flow to control access based on the identity of a message passing through the message flow.
You can configure the broker to perform end-to-end processing of an identity carried in a message through a message flow. Administrators can configure security at message flow level, controlling access based on the identity flowed in a message. This security mechanism is independent of both the transport and the message format.
To set up security for a message flow, perform the tasks described in the following topics:
If the message flow is a Web service implemented by using the SOAP nodes, and the identity is to be taken from the WS-Security header tokens, you must also create appropriate Policy sets and bindings, then configure them on the relevant SOAP nodes (in addition to the security profile). See Associating policy sets and bindings with message flows and nodes.
In the policy set binding, the Certificates mode of the X.509 certificate authentication token must be set as Trust Any (rather than Trust Store), so that the certificate is passed to the security provider defined by the security profile. Setting Trust Store causes the certificate to be validated in the local broker trust store.
For more information, see Policy Sets and Policy Set Bindings editor: Authentication and Protection Tokens panel.