Editing the service security configuration

 

Before you can select the security settings that are applied for an individual Web service, configure the gateway security bindings.

For each Web service, you can select the security settings that are applied between the service requester (the client) and the gateway. These settings are specified for each stage of the transmission:

  • From the service requester to the gateway (the client request).

  • From the gateway back to the service requester (the gateway response).

You receive this security settings information from the service requester and from the target service provider in the following form:

  • An ibm-webservicesclient-bnd.xmi for the client, and ibm-webservices-bnd.xmi for the Web service, from which you process the security bindings information as described in Configure the gateway security bindings.

  • An ibm-webservicesclient-ext.xmi for the client, and ibm-webservices-ext.xmi for the Web service, which contain the information on the levels of security (integrity, confidentiality and identification) that are required when this Web service exchanges messages with a service requester. These are therefore also the settings that the gateway needs to apply when it makes the equivalent gateway service available to a service requester.

To set the security settings that are applied between the service requester (the client) and the gateway, complete the following steps:

 

  1. List the gateway-deployed Web services

  2. Click the name of a Web service in the list. A form is displayed through which you can view and modify the current deployment details for this Web service, and add or remove multiple target services.

  3. In the Service Security section, select the Edit service security configuration option.

    The service security configuration form is displayed. This form is divided into the following sections:

    • Gateway Security Properties (the Actor URI)

    • Client Request Security Properties (integrity, confidentiality and identification settings)

    • Gateway Response Security Properties (the response Actor URI, and integrity and confidentiality settings)

    • Security bindings (request bindings and response bindings).

    The following comments apply to every section:

    • Help is provided in comments on the form, and in hover-help alongside each field.

    • There are no required fields.

    • Many fields are populated by making a selection from a drop-down list.

  4. In the Gateway Security Properties section, set the Actor URI.

    Note: If you specify an Actor URI, then only SOAP security headers with this Actor URI will be processed.

  5. In the Client Request Security Properties section, set the following security levels:

    1. Set the Integrity level. Set the parts of the incoming SOAP message that must be signed (the Body , the Timestamp and the Security Token ).

    2. Set the Confidentiality level. Set the parts of the incoming SOAP message that must be encrypted (the Body and the Username Token ).

    3. Set the Identification level. Set the identification methods that will be accepted ( Basic Authentication , Digital Signature and ID Assertion ).

  6. In the Gateway Response Security Properties section, set the following security levels:

    1. Set the Response Actor URI.

      Note: If you specify a Response Actor URI, then the SOAP security header in the response message will have this Actor URI.

    2. Set the Integrity level. Set the parts of the response SOAP message that must be signed (the Body and the Timestamp ).

    3. Set the Confidentiality level. Set whether or not the Body of the response SOAP message must be encrypted.

  7. In the Security bindings section, set the Request bindings and the Response bindings that are to be used.

    Note: You choose these bindings ( Signing Information , Encryption Information , Trusted ID Evaluator and Login Mappings ) from pull-down lists. The available items in these lists are those that you have previously entered as described in Configure the gateway security bindings.

  8. When you have finished editing the service security configuration, click Apply changes.

The Web services gateway and WS-Security
Enabling Web Services Security (WS-Security) for the gateway
Configure the gateway security bindings
Editing the target service security configuration
Web services gateway troubleshooting tips

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.