With the Web Service Description Language (WSDL) security
editor you can create and edit security configurations for a WSDL
file.
Key Stores
In this page, you can edit the key
stores that are used for the WSDL file. The key store contains the
public and private keys that are required for the specified security
protocol.
- Defined Key Stores
- Click Add or Remove to add or remove key store files from the
workbench.
- Key Store Details
- This specifies the location and file name of the selected key
store. Click Browse to select a different file.
- Name
- This specifies the name of the key store. This name is used throughout
the test instead of the file name.
- File
- Click Browse to specify a KS (keystore),
JKS (Java™ keystore), or JCEKS
(Java Cryptography Extension
keystore) file containing a valid server certificate.
- Password
- If the keystore file is encrypted, type the required password.
Security Stacks
In this page you can edit the
security algorithm stacks that the security protocol uses. Security
stacks are a set of algorithms that are executed in a given order.
- Security Stacks
- Click Add, Remove,
or Rename to add, remove, or rename the security
stacks that are associated with the WSDL file.
- Security Algorithm Details
- Click Add, Insert,
or Remove to add or remove security algorithms
in the stack. Click Up and Down to
change the order of a selected algorithm in the security stack. The
following security algorithms can be added to the security stack:
- Time Stamp
- The time stamp security algorithm adds time stamp information
to the XML document in the response. For details on security algorithms,
refer to the Web service security specification.
- Actor / role name
- Specify the name of the actor, if required.
- Must understand
- Select whether the security algorithm needs to be understood.
- Time stamp
- Specify the delay before adding the time stamp.
- User name token
- The user name token security algorithm adds a user name token
to the XML document in the response. For details on security algorithms,
refer to the Web service security specification.
- Actor / role name
- Specify the name of the actor, if required.
- Must understand
- Select whether the security algorithm must be understood.
- Name
- Type the name of the user.
- Password
- Type the password of the user.
- Password type
- Specify the password type for the security algorithm.
- XML Encryption
- The XML encryption security algorithm specifies how the XML document
is encrypted. For details on security algorithms, refer to the Web
service security specification.
- Actor / role name
- Specify the name of the actor, if required.
- Must understand
- Select whether the security algorithm must be understood.
- Identifier type
- Select the type of key identifier to be used for the encryption:
- ISSUER_SERIAL
- BST_DIRECT_REFERENCE
- X509_KEY_IDENTIFIER
- SKI_KEY_IDENTIFIER
- EMBEDDED_KEYNAME
- THUMBPRINT_IDENTIFIER
- User XPath part selection
- This enables you to specify an XPath query that describes parts
of the XML document that can be subjects of the algorithm. By default,
the body is the subject.
- Key
- Select the key used for the encryption. The details of each key
vary.
- x509 key: This specifies the name and password
of the x509 key and the keystore where it is located.
- Raw key: This specifies the name and the
byte value of your key in hexadecimal.
- User name token key: This specifies a user
name and password for the token.
- Encrypted key: This specifies an encrypted
key that was previously defined in the security stack. Click Insert
a new encrypted key to create a new encrypted key definition
block.
- Key Encoding Algorithm
- Specify the standard algorithm for encoding the transport key.
- XML Signature
- The XML signature security algorithm specifies how the XML document
is signed. For details on security algorithms, refer to the Web service
security specification.
- Actor / role name
- Specify the name of the actor, if required.
- Must understand
- Specify whether the security algorithm needs to be understood.
- Identifier type
- Select the type of key identifier to be used for the encryption:
- ISSUER_SERIAL
- BST_DIRECT_REFERENCE
- X509_KEY_IDENTIFIER
- SKI_KEY_IDENTIFIER
- EMBEDDED_KEYNAME
- KEY_VALUE
- USER_NAME_TOKEN
- CUSTOM_SYMM_SIGNATURE
- User XPath part selection
- Specify an XPart query that describes parts of the XML document
that can be subjects of the algorithm. By default, the body is the
subject.
- Key
- Select the key used for the encryption. The details of each key
vary.
- x509 key: This specifies the name and password
of the x509 key and the keystore where it is located.
- Raw key: This specifies the name and the
byte value of your key in hexadecimal.
- User name token key: This specifies a user
name and password for the token.
- Encrypted key: This specifies an encrypted
key that was previously defined in the security stack. Click Insert
a new encrypted key to create a new encrypted key definition
block.
- Signature algorithm name
- Specify the standard algorithm to be used for the signature.
- Canonicalization
- Specify the algorithm to be used for canonicalization.
- Custom Security Algorithm
- If you want to use a Java class
as a custom security algorithm, then use this stack element to apply
the custom algorithm to the service.
- Java Project
- If you have not implemented a custom Java class,
select Java Project, type a name for the new
project, and click Generate to create a new Java class with the default structure
for custom security implementations.
- Implementation class
- Specify the name of the class that implements the custom security
algorithm. Click Browse Class to select an
existing Java class from the
workspace.
- Properties
- Use this table to send any specific properties and associated
values to the custom security algorithm.