|
|
|
This example shows how to create a response that encrypts an incoming document and deliver the encrypted document to the web service.
The response generates a SAML assertion token using the sender vouches subject confirmation method and encrypts the SAML assertion and message body. The token and other related information are placed in a WS‑Security header identified by the SOAP actor/role samlrole.
The SAML assertion and the message body are encrypted using the public key certificate found in the WS‑Security header with the role pubkeyrole. The rsa-1_5 algorithm should be used to encrypt the symmetric encryption key; the tripledes-cbc algorithm should be used to encrypt the assertion and body data.
The document should be signed before encryption; the document and assertion should also be signed with a sender-vouches signature.
The following table shows the response attributes you must add to the response (all attributes are of type WebAgent-WS‑Security-Token):
|
Variable Name |
Variable Value |
Attribute Type |
|---|---|---|
|
TXM_WSSEC_TOKEN_TYPE |
SAML |
Static |
|
TXM_WSSEC_SAML_AFFILIATE |
affiliate2 |
Static |
|
TXM_WSSEC_SAML_ROLE |
samlrole |
Static |
|
TXM_WSSEC_SAML_SIG |
sv |
Static |
|
TXM_WSSEC_SAML_ENCRYPT_PUB_KEY_ROLE |
pubkeyrole |
Static |
|
TXM_WSSEC_SAML_ENCRYPT_ALG_KEY |
rsa-1_5 |
Static |
|
TXM_WSSEC_SAML_ENCRYPT_ALG_DATA |
tripledes-cbc |
Static |
|
TXM_WSSEC_SAML_ENCRYPT_ELEMENT |
Assertion |
Static |
|
TXM_WSSEC_SAML_ENCRYPT_ELEMENT |
Body |
Static |
|
TXM_WSSEC_SAML_ENCRYPT_OR_SIGN_FIRST |
sign |
Static |
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |