How WS‑Security Headers Are Produced

Configuration Guides › Policy Server Configuration Guide › Authentication Schemes › WS‑Security Authentication › How WS‑Security Headers Are Produced

How WS‑Security Headers Are Produced

WS‑Security headers are generated by a SOA Agent (or a third-party security application) after initial authorization of the request, making the WS‑Security authentication scheme the ideal basis for multiple web services at federated enterprises.

For SOA Security Manager to produce WS‑Security headers, a web service consumer request must first be authorized by the Policy Server using an appropriate authentication scheme (not every authentication scheme obtains everything that is required from the incoming request to create any type of token). The authorizing policy must have a response configured with it that issues WS‑Security response data. This data is used by the SOA Agent to generate WS‑Security headers. These headers are inserted into the SOAP message header and delivered to the protected web service application. The web service may then pass these headers to the following locations:

Back to web service consumer applications that can then use them in further requests to gain access to other web services protected by the WS‑Security authentication scheme.
Downstream to further web services protected by the WS‑Security authentication scheme.

More information:

Supported Authentication Schemes for Producing Each WS-Security Header Type

Email CA Technologies about this topic