Web Service Security can be implemented in IBM Integration Bus (hereafter called IIB) application using any of the following token types:
- Username and Password
- SAML assertion
- Kerberos Ticket
- LTPA Certificate
- X.509 Certificate
This blog provides how to configure Policy Sets and Policy Set bindings for implementing WS-Security in IIB message flow using X.509 Certificate identity in IIB as a Consumer.
Overview on X.509 Certificate :
An X.509 certificate specifies a binding between a public key and a set of attributes that includes subject name, issuer name, serial number and validity interval.
An X.509 certificate may be used
- to validate a public key that may be used to authenticate a SOAP message.
- to identify the public key with SOAP message that has been encrypted.
Configuring Keystore/Truststore :
Broker’s keystore and truststore must be configured to hold the trusted certificate.
For configuring Keystore and Truststore refer Viewing and setting keystore and truststore runtime properties at broker level, or Viewing and setting keystore and truststore runtime properties at integration server level.
To Set up Policy Set:
The following steps to be carried out for creating a policy set :