|
|
|
SOA Security Manager supports four authentication methods to meet the varying levels and types of protection your resources require:
Validates XML messages using credentials gathered from the message itself by mapping fields within the document to fields within a user directory.
Validates XML documents digitally signed with valid X.509 certificates.
Validates XML messages using credentials gathered from WS‑Security headers in the SOAP envelope of an incoming message.
SOA Security Manager can produce and consume WS‑Security tokens, enabling you to use the WS‑Security authentication scheme to deploy a multiple-web service implementation across federated sites.
Validates XML messages using credentials obtained from SOA Security Manager synchronized-sessioning SAML assertions (which contain an encrypted combination of a CA SiteMinder session ticket and a CA SiteMinder user public key) placed in the message HTTP header, SOAP envelope, or cookie.
SOA Security Manager can generate and consume SAML Session Ticket assertions. This enables you to use the SAML Session Ticket authentication scheme to deploy a multiple-web service implementation within a single Policy Server domain.
After you identify the web services to secure, in which we recommend identifying web service operations that share the same security requirements, consider the following questions:
Answering these types of questions helps you to
Note: For more information about configuring authentication schemes, see the [set the co variable for your book].
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |