Understanding WS-Trust in Pega Platform
Pega Platform provides WS-Trust support. WS-Trust extends the WS-Security specification to allow issuing, renewing, and validating security tokens. WS-Trust utilizes a Secure Token Service (STS) to acquire secure tokens used to communicate with external systems that provide data to your application via web services.
External systems that provide data to your application are called resource providers.
Pega Platform supports WS-Trust versions 1.0 and 1.3, and WS-Policy version 1.2.
The following section provides some background on how your Pega Platform application uses web service technologies to implement trusted web service data messaging.
The implementation begins with a trusted relationship between your application and an STS for the procurement of tokens. This connection is handled by the STS SOAP connector that you create after you define your web service (WS) policies in Pega Platform.
A Pega Platform activity runs two Connect-SOAP connectors when the application needs data from the Resource Provider:
- The STS Connector sends a Request Security Token message.
- The application caches the token and invokes the Resource Provider Connector for secure messaging.
- Secure Token Service (STS) Model: The STS issues and validates security tokens. Your application sends the token to the resource provider, which might request validation from the STS.
- Token Caching: Pega Platform caches the token it receives from the STS connector call. Pega Platform makes a subsequent call to the STS only if the token has expired. Typically, the token persists for the duration of the application user's login, but you can set token expiration parameters.
The Pega Platform WS-Trust implementation relies on two SOAP-based standard web service policy files:
- STS web service policy: XML file, which defines interaction with the STS
- Resource provider web service policy: XML file, which defines interaction with the resource provider's web service
Define these files in Pega Platform before you create your connectors.
Before you configure WS-Trust in your application, make sure that you have the following items:
- The WSDL file(s) for your web services
- The web service policy XML files (typically embedded in the WSDL
- The URL of the address of the EndpointReference
- Desired namespaces as specified in your WSDL
To set up your application to acquire and use a security token for secure SOAP messaging, create two Connect-SOAP connectors and reference them in an activity called by an Integrator in your flow.
- Configuring WS-Trust in Pega Platform
Use WS-Trust to issue, renew, and validate security tokens. WS-Trust utilizes a Secure Token Service (STS) to acquire secure tokens that are used to communicate with external systems that provide data to your application via web services.