The <dfhwsse_configuration> element

Specifies configuration information for handler DFHWSSE1, which provides support for WS-Security.

Used in:

Contained by:

Attributes:

Name Description
version An integer denoting the version of the configuration information. The only valid value is 1.

Contains:

  1. An optional <authentication> element.
    • In a service requester pipeline, the <authentication> element specifies that CICS should add an X.509 certificate to the security header in outbound SOAP messages.
    • In a service provider pipeline, the element specifies whether CICS should use the security tokens in an inbound SOAP message to determine the user ID under which work will be processed.
  2. An optional, empty <expect_signed_body/> element.

    The <expect_signed_body/> element indicates that the <body> of the inbound message must be signed. If the body of an inbound message is not correctly signed, CICS rejects the message with a security fault.

  3. An optional, empty <expect_encrypted_body/> element.

    The <expect_encrypted_body/> element indicates that the <body> of the inbound message must be encrypted. If the body of an inbound message is not correctly encrypted, CICS rejects the message with a security fault.

  4. An optional <sign_body> element.

    If this element is present, CICS will sign the <body> of the outbound message, using the algorithm specified in the <algorithm> element contained in the <sign_body> element.

  5. An optional <encrypt_body> element.

    If this element is present, CICS will encrypt the <body> of the outbound message, using the algorithm specified in the <algorithm> element contained in the <encrypt_body> element.

Example

<dfhwsse_configuration version="1">
  <authentication mode="basic">
    <certificate_label>AUTHCERT03</certificate_label>
    <suppress/>
    <algorithm>http://www.w3.org/2000/09/xmldsig#dsa-sha1</algorithm>
  </authentication>
  <expect_signed_body/>
  <expect_encrypted_body/>
  <sign_body>
    <algorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</algorithm>
    <certificate_label>SIGCERT01</certificate_label> 	
  </sign_body> 
  <encrypt_body> 
    <algorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</algorithm>
    <certificate_label>ENCCERT02</certificate_label>
  </encrypt_body>		
</dfhwsse_configuration>