Defining outbound SOAP messages for WS-Security profile data instances
Create a WS-Security profile to securely exchange messages between your application and a web service. Use the Out Flow tab to configure WS-Security on outbound SOAP messages.
Note: You can add as many configuration types for the outbound SOAP message as you
need.
- On the Out Flow tab, click the Add new configuration icon.
-
In the
Configuration type
list, select one of the following
outbound SOAP message types.
-
Encryption
– Enables the encryption configuration on the outbound
SOAP message.
- In the Encryption parts field, enter a semicolon separated list of element names to encrypt. Element names must be in the format: {Element}{Namespace URI}ElementName. For example, to encrypt and/or digitally sign the WS-Security UsernameToken element, the value would look like this: {Element}{http://schemas.xmlsoap.org/ws/2002/07/secext}UsernameToken
- In the Encryption key identifier list, select the encryption key to use in the SOAP message.
- In the Encryption user field, enter a certificate alias that is specified in the Keystore field on the Keystore tab in this rule form.
- To use symmetric key encryption, where the user and the service have a shared binary key, in the Embedded key field, enter the Base64 value of a binary shared key.
- In the Embedded key name field, enter the name of the shared embedded key.
- In the Encryption sym algorithm list, select an algorithm to encrypt the symmetric key.
- In the Key transport algorithm list, select an algorithm to encrypt and decrypt the encryption key.
-
Signature
– Enables the signature configuration type on an
outbound SOAP message.
- In the Signature algorithm list, select the digital signature algorithm to use for encryption.
- In the Signature key identifier list, select the key identifier type to use to identify the signature token. As a best practice, select Issuer Name and Serial. When you select this option, only the user name and serial number of the certificate are sent in the message; the certificate is not sent in the security header.
- Click Change signature password to change or add a password that is associated with the signature.
- In the Signature user field, enter the name of the alias listed in the Keystore field on the Keystore tab in this rule form.
- In the Signature parts field, enter a semicolon-separated list of element names to sign. Element names must be in the format: {Element}{Namespace URI}ElementName. For example, to encrypt and/or digitally sign the WS-Security UsernameToken element, the value would look like this: {Element}{http://schemas.xmlsoap.org/ws/2002/07/secext}UsernameToken
-
Timestamp
– Enables the time stamp configuration type on an
outbound SOAP message.
- In the Time to live field, enter the amount of time in seconds, for which the SOAP message is valid.
-
Username
– Enables the user name configuration type on an
outbound SOAP message.
- In the User name field, enter a user name for authentication.
- Click Change password to change or add a password that is associated with the specified user name.
-
In the
Password type
list, select the type of password to
use for the SOAP message.
- Text – Sends the password as a plain text in the SOAP message.
- Digest – Sends the password as a Base64-encoded SHA1 has of value of the original value.
- To change the SOAP message to a randomly generated Based64 string, select the Add nonce value check box.
- To indicate the creation time of the message by including a timestamp in the SOAP message, select the Add created timestamp check box.
-
Encryption
– Enables the encryption configuration on the outbound
SOAP message.
- Repeat steps 1 and 2 to add more configurations.
- Click Save.