Configuration Guides › Policy Configuration Guide › Responses and Response Groups › Configure Responses for WS‑Security Header Production › Configure a WS‑Security Response

Configure a WS‑Security Response

WS-Security responses are actions that tell SOA Agents to send WS-Security tokens to web service implementations. These responses are associated with and triggered when those rules fire.

Use variable types, if needed, to pass data back to the web service. Variables are resolved by the Policy Server at run time, when it generates the response.

Before you configure a WS‑Security response, do the following:

• If you are signing the WS‑Security tokens you generate, store your enterprise private key and certificate chain in the SMKeyDatabase.
• If you are using WS‑Security SAML tokens, configure an affiliate object (within an affiliate domain) that will create the SAML assertions to be inserted in the tokens.
• In an authentication service environment, create a policy to protect the authentication service and trigger response generation. This policy should include the following:
  • A realm that protects the authentication service URL.
  • A rule that fires when a user posts an XML document to the authentication service realm

Use response attributes specific to the WebAgent-WS-Security-Token attribute to build WS-Security headers and tokens.

Note: You can configure other response attributes with the WS‑Security attribute; however, they are ignored by SOA Security Manager for the purpose of generating the WS‑Security token and are handled as standard SiteMinder response attributes.