Defining outbound SOAP messages for WS-Security profile data instances

Create a WS-Security profile to securely exchange messages between your application and a web service. Use the Out Flow tab to configure WS-Security on outbound SOAP messages.

Note: You can add as many configuration types for the outbound SOAP message as you need.
  1. On the Out Flow tab, click the Add new configuration icon.
  2. In the Configuration type list, select one of the following outbound SOAP message types.
    • Encryption – Enables the encryption configuration on the outbound SOAP message.
      1. In the Encryption parts field, enter a semicolon separated list of element names to encrypt. Element names must be in the format: {Element}{Namespace URI}ElementName. For example, to encrypt and/or digitally sign the WS-Security UsernameToken element, the value would look like this: {Element}{http://schemas.xmlsoap.org/ws/2002/07/secext}UsernameToken
      2. In the Encryption key identifier list, select the encryption key to use in the SOAP message.
      3. In the Encryption user field, enter a certificate alias that is specified in the Keystore field on the Keystore tab in this rule form.
      4. To use symmetric key encryption, where the user and the service have a shared binary key, in the Embedded key field, enter the Base64 value of a binary shared key.
      5. In the Embedded key name field, enter the name of the shared embedded key.
      6. In the Encryption sym algorithm list, select an algorithm to encrypt the symmetric key.
      7. In the Key transport algorithm list, select an algorithm to encrypt and decrypt the encryption key.
    • Signature – Enables the signature configuration type on an outbound SOAP message.
      1. In the Signature algorithm list, select the digital signature algorithm to use for encryption.
      2. In the Signature key identifier list, select the key identifier type to use to identify the signature token. As a best practice, select Issuer Name and Serial. When you select this option, only the user name and serial number of the certificate are sent in the message; the certificate is not sent in the security header.
      3. Click Change signature password to change or add a password that is associated with the signature.
      4. In the Signature user field, enter the name of the alias listed in the Keystore field on the Keystore tab in this rule form.
      5. In the Signature parts field, enter a semicolon-separated list of element names to sign. Element names must be in the format: {Element}{Namespace URI}ElementName. For example, to encrypt and/or digitally sign the WS-Security UsernameToken element, the value would look like this: {Element}{http://schemas.xmlsoap.org/ws/2002/07/secext}UsernameToken
    • Timestamp – Enables the time stamp configuration type on an outbound SOAP message.
      • In the Time to live field, enter the amount of time in seconds, for which the SOAP message is valid.
    • Username – Enables the user name configuration type on an outbound SOAP message.
      1. In the User name field, enter a user name for authentication.
      2. Click Change password to change or add a password that is associated with the specified user name.
      3. In the Password type list, select the type of password to use for the SOAP message.
        • Text – Sends the password as a plain text in the SOAP message.
        • Digest – Sends the password as a Base64-encoded SHA1 has of value of the original value.
      4. To change the SOAP message to a randomly generated Based64 string, select the Add nonce value check box.
      5. To indicate the creation time of the message by including a timestamp in the SOAP message, select the Add created timestamp check box.
  3. Repeat steps 1 and 2 to add more configurations.
  4. Click Save.