The following examples show how you can use WS‑Security responses.
This example shows how to create a response that generates a Username and Password Digest token and uses the enterprise private key to digitally sign the message’s SOAP envelope.
The following table shows the response attributes you must add to the response (all attributes are of type WebAgent-WS‑Security-Token):
Variable Name |
Variable Value |
Attribute Type |
---|---|---|
TXM_WSSEC_TOKEN_TYPE |
password |
Static |
TXM_WSSEC_USER_PASSWORD |
userpassword |
User Attribute |
TXM_WSSEC_SIGNATURE |
all |
Static |
This example shows how to create a response that generates an X509v3 token and uses the enterprise private key to digitally sign the message’s SOAP envelope.
The following table shows the response attributes you must add to the response (all attributes are of type WebAgent-WS‑Security-Token):
Variable Name |
Variable Value |
Attribute Type |
---|---|---|
TXM_WSSEC_TOKEN_TYPE |
X509 |
Static |
This example shows how to create a response that generates a SAML assertion token using the holder-of-key subject confirmation method, retrieving the subject’s public key from an associated user store.
The following table shows the response attributes you must add to the response (all attributes are of type WebAgent-WS‑Security-Token):
Variable Name |
Variable Value |
Attribute Type |
---|---|---|
TXM_WSSEC_TOKEN_TYPE |
SAML |
Static |
TXM_WSSEC_SAML_AFFILIATE |
affiliate1 |
Static |
TXM_WSSEC_SAML_SIG |
hk |
Static |
TXM_WSSEC_SAML_USER_CERT_SRC |
User_Store |
Static |
TXM_WSSEC_SAML_USER_CERT |
usercertificate |
User attribute |
This example shows how to create a response that encrypts an incoming document and deliver the encrypted document to the web service.
The response generates a SAML assertion token using the sender vouches subject confirmation method and encrypts the SAML assertion and message body. The token and other related information are placed in a WS‑Security header identified by the SOAP actor/role samlrole.
The SAML assertion and the message body are encrypted using the public key certificate found in the WS‑Security header with the role pubkeyrole. The rsa-1_5 algorithm should be used to encrypt the symmetric encryption key; the tripledes-cbc algorithm should be used to encrypt the assertion and body data.
The document should be signed before encryption; the document and assertion should also be signed with a sender-vouches signature.
The following table shows the response attributes you must add to the response (all attributes are of type WebAgent-WS‑Security-Token):
Variable Name |
Variable Value |
Attribute Type |
---|---|---|
TXM_WSSEC_TOKEN_TYPE |
SAML |
Static |
TXM_WSSEC_SAML_AFFILIATE |
affiliate2 |
Static |
TXM_WSSEC_SAML_ROLE |
samlrole |
Static |
TXM_WSSEC_SAML_SIG |
sv |
Static |
TXM_WSSEC_SAML_ENCRYPT_PUB_KEY_ROLE |
pubkeyrole |
Static |
TXM_WSSEC_SAML_ENCRYPT_ALG_KEY |
rsa-1_5 |
Static |
TXM_WSSEC_SAML_ENCRYPT_ALG_DATA |
tripledes-cbc |
Static |
TXM_WSSEC_SAML_ENCRYPT_ELEMENT |
Assertion |
Static |
TXM_WSSEC_SAML_ENCRYPT_ELEMENT |
Body |
Static |
TXM_WSSEC_SAML_ENCRYPT_OR_SIGN_FIRST |
sign |
Static |
This example shows how to create a response that decrypts an incoming encrypted message and passes it to the associated web service in a message with a SAML assertion token.
Variable Name |
Variable Value |
Attribute Type |
---|---|---|
TXM_WSSEC_TOKEN_TYPE |
SAML |
Static |
TXM_WSSEC_SAML_AFFILIATE |
affiliate2 |
Static |
TXM_WSSEC_SAML_ENCRYPT |
yes |
Static |
Copyright © 2014 CA.
All rights reserved.
|
|