Defining inbound SOAP messages for WS-Security profile data instances
Create a WS-Security profile to securely exchange messages between your application and a web service. Use the In Flow tab to configure WS-Security on inbound SOAP messages.
Note: The order of the configuration type is important. For example, if your outbound message
is first signed and then encrypted, the inbound message must first decrypt the message and
then check the signature.
- On the In Flow tab, click the Add new configuration icon.
-
In the Configuration type list, select one of the following
inbound SOAP message types.
- Decryption – Enables the decryption configuration on the
inbound SOAP message.
- In the Encryption key identifier list, select the encryption key to use in the SOAP message.
- Click Change decryption password and then enter the new password to change the private key password.
- To use symmetric key encryption, where the user and the service have a shared binary key, in the Embedded key field, enter the Base64 value of a binary shared key.
- In the Embedded key name field, enter the name of the shared embedded key.
- In the Encryption sym algorithm list, select the algorithm to encrypt the symmetric key.
- In the Key transport algorithm list, select the algorithm used for encrypting and decrypting the encryption key.
-
Signature – Enables the signature configuration type on an
inbound SOAP message.
- In the Signature algorithm list, select the digital signature algorithm to use for encryption.
- In the Digest algorithm list, select a hash code that verifies that the signature came from the claimed source.
- In the Signature key identifier list, select the key identifier type to use to identify the signature token.
- Timestamp – Enables the time stamp configuration type on an inbound SOAP message.
- Username – Enables the user name configuration type on an
inbound SOAP message.
- In the User name field, enter a user name for authentication.
- Click Change password to change or add a password associated with the specified user name.
- In the Password type list, select the type of the password
to use with the connection.
- Text – The password is sent as plain text in the SOAP message.
- Digest – The password is sent as a Base64-encoded SHA1 hash of the original value.
- To change the SOAP message to a randomly generated Based64 string, select the Add nonce value check box.
- To indicate the creation time of the message by including a time stamp in the SOAP message, select the Add created timestamp check box.
- SAML – Enables the SAML configuration type on an inbound
SOAP message.
- In the Saml version list, select the SAML version to use in the SOAP message.
- In the Clock skew field, enter the time difference (in seconds) between two different servers that are out of sync.
- Decryption – Enables the decryption configuration on the
inbound SOAP message.
- Repeat steps 1 and 2 to add more configurations.
- Click Save.