Enforcing WSS Consumer

Enforce the WSS Consumer policy to ensure that the confidentiality, integrity, and the time stamp of a request remains secure.

First, create and configure the policy. Next, associate the policy with a binding in your application.

Setting Up a Policy with Resources

Follow these steps to set up a new WSS Consumer policy with resources:

  1. In the Project Explorer, right-click the Policies folder and select New > Policy.

    The Policy Wizard opens.



  2. Specify the following values in the Create New Policy Window:
    • Policy Folder: Name of the folder where policies will be located.
    • Package: Name of the package in the module where the new policy is added. Accept the default package, or browse to select a different package name.
    • Policy Name: Name of the new policy. By default, the policy name is configured to match the security policy you choose.
  3. Under Select the type of Policy, select WSS Consumer.
  4. From the Policy Defaults drop-down menu, select one of the following options:
    Note: The Policy Defaults menu offers a list of commonly used policy configurations to choose from. After you select a Policy Default, a policy with preconfigured settings and related resources is created. If resources already exist in the module, the newly created policy automatically refers them. However, if no resources exist, new resources with default settings are created and referred to by the policy. Refer to the Default description at the bottom of the Policy Wizard to view policy configurations and new resources that might be created.
    • SAML Token with Sign SAML Assertion: Select this option to enforce SAML token-based credential mapping. A WSS Consumer policy configured for SAML token-based credential mapping and the following resources are produced in your workspace:
      • A keystore resource with the default file name server.jks
      • A Keystore Provider resource with the default file name WssConsumer_IdentityStore.keystoreProviderResource
      • A Subject Provider resource with the default file name WssConsumer_SAMLIdentityProvider.sipResource.
    • UserName Token with Fixed Credentials: Select this option to enforce fixed user name token-based credential mapping. A WSS Consumer policy configured for fixed credential mapping with a user name token and the following resources are produced in your workspace:
      • A Subject Provider resource, with the default file name WSSConsumer_FixedIdentityProvider.userIdResource
    • UserName Token with Authenticated and Anonymous Credentials: Select this option to enforce conditional user name token-based credential mapping. A WSS Consumer policy configured for conditional credential mapping with user name tokens and the following resources are produced in your workspace:
      • An Identity Provider resource for authenticated users, with the default file name WssConsumer_AuthIdentityProvider.userIdResource
      • An Identity Provider shared resource for anonymous users, with the default file name WssConsumer_AnonIdentityProvider.userIdResource
    • UserName Token with Roles and Authenticated Credentials: Select this option to enforce conditional user name token-based credential mapping. A WSS Consumer policy configured for conditional credential mapping with user name tokens and the following resources are produced in your workspace:
      • Two Identity Provider resources for authenticated users with roles, with the default file names WssConsumer_RoleIdentityProvider.userIdResource and WssConsumer_RoleIdentityProvider1.userIdResource
      • An Identity Provider resource for authenticated users with the default file name WssConsumer_AuthIdentityProvider.userIdResource
    • Empty Policy (No Default) : Select this option to create a new WSS Provider policy with no preselected options and no resources.
  5. Optional. Select Always create new shared resources to ensure new resources are generated for the policy and referred to by the policy.
  6. Optional. Select Create module properties for common fields to override default properties in newly created resources with module properties. Resources with module properties for common fields are generated after you select this option.
  7. Select Finish to create the policy.

Configuring Resources and the Policy

For resource configurations, refer to the following topics under the "Shared Resources" topic in the Bindings and Palettes Reference guide:
  • Identity Provider
  • Keystore Provider
  • Subject Provider

Refer to the topic "WSS Consumer" , under "Policy Resources" in the Bindings and Palettes Reference guide for policy configuration details.

Associating the Policy with a Binding

You can associate the WSS Consumer policy with the following bindings:
  • SOAP/HTTP Reference Binding

Refer to Associating Policies for instructions on how to enforce a policy on a binding in your application.