Configuration Guides › Policy Server Configuration Guide › Responses and Response Groups › Configure Responses for WS‑Security Header Production › How the WS‑Security Response is Used

How the WS‑Security Response is Used

WS‑Security responses are typically used to instruct the SOA Agent protecting an authentication web service to create WS‑Security headers and, optionally, to perform XML encryption on those headers and the message content.

The following illustration shows the response process in such an environment.

1. A web service consumer sends a request (in the form of an XML message) to the authentication web service.
2. The SOA Agent obtains credentials and passes them to the Policy Server. Authentication is handled by any supported authentication scheme.

   Note: Although any authentication scheme can be configured to obtain credentials from a request, not every authentication scheme is suitable for creating every type of WS-Security token.

3. After the web service consumer is authenticated, the client is authorized. The policy that authorizes the consumer has a WS‑Security response configured with it, which instructs the SOA Agent to generate WS‑Security headers.
4. The SOA Agent generates the WS‑Security headers and delivers them, together with the request message, to the authentication web service.

However, for a web service that receives requests with XML-encrypted elements, but that does not have the logic to decrypt those requests internally, WS‑Security responses can be used to instruct the SOA Agent to pass the web service decrypted versions of those requests (see TXM_WSSEC_ENCRYPT_PUB_KEY_ROLE).

More information:

Supported Authentication Schemes for Producing Each WS-Security Header Type