How to create SOAP connectors that use WSS username tokens and timestamps
If your Process Commander application is to call a Web service that requires the WS-Security protocol, special configuration steps are required. You must configure the connector rule to include the necessary credentials in the SOAP request envelope header.
(The WS-Security standard, managed by OASIS, is also called WSS and includes support for International Telecommunication Union's ITU X.509 public key certificates.)
Depending on the service, the connector can be configured to include any combination of the following:
- Encryption — An encrypted token which matches the configuration of the web service.
- Signature — A digital signature based on one of several common algorithms
- Timestamp — A limit on the amount of time the SOAP request is valid for.
- Username — A username/password combination.
This example demonstrates how to secure a SOAP connector with UsernameToken Authentication
To create a secure SOAP connector:
- Assuming you've already created a connector using the Connector and Metadata Accelerator, navigate to the Advanced tab of the Connect-SOAP rule.
- Click the Open icon next to the Security Profile field.
In the New Instance of a Rule dialog, complete the Security Profile Name field and click Create.
- On the WS-Security Profile form, click the Add a Row button to add a configuration.
Select the Username Configuration Type.
- Complete the Username Configuration Type form. Click OK.
- Add a Timestamp to the Configuration type. The Timestamp will be used to verify the response returned from the server.
Note: Settings defined on the WS-Security form must match the configuration of the service you are trying to connect to.
- Navigate to the In Flow tab. The In Flow Configuration Type is used for response messages from the SOAP service. In order to configure properly, you must know what value the server is configured to return. In this example, the server returns a Timestamp.
Note: If you are using the Encryption or Signature Configuration type in your WS-Security profile, specify an existing Keystore or a create a new Keystore data instance. A keystore is a binary file (with either a .jks or .pfx file extension) that is used to mathematically transform plain text into an unreadable format for secure transfer.
- Save both the WS-Security Profile data instance and the Connect SOAP rule.
With a properly functioning Connect rule and SOAP service, the request envelope header contains the following information:
<wsse:Password Type= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"> password</wsse:Password> </wsse:UsernameToken>
OASIS standards including WSS http://www.oasis-open.org/specs/index.php#wssv1.1