Skip to main content


Configuring WS Security Using X.509 Token in IBM Integration Bus

Introduction :

Web Service Security can be implemented in IBM Integration Bus (hereafter called IIB) application using any of the following token types:

  • Username
  • Username and Password
  • SAML assertion
  • Kerberos Ticket
  • LTPA Certificate
  • X.509 Certificate

This blog provides how to configure Policy Sets and Policy Set bindings for implementing WS-Security in IIB message flow using X.509 Certificate identity in IIB as a Consumer.

Overview on X.509 Certificate :

An X.509 certificate specifies a binding between a public key and a set of attributes that includes subject name, issuer name, serial number and validity interval.

An X.509 certificate may be used

  • to validate a public key that may be used to authenticate a SOAP message.
  • to identify the public key with SOAP message that has been encrypted.

Configuring Keystore/Truststore :

Broker’s keystore and truststore must be configured to hold the trusted certificate.
For configuring Keystore and Truststore refer Viewing and setting keystore and truststore runtime properties at broker level, or Viewing and setting keystore and truststore runtime properties at integration server level.

To Set up Policy Set:

The following steps to be carried out for creating a policy set :

Figure 1 : Open Policy Sets


Figure 2 : Add Policy Set


Figure 3 : Rename Policy Set


Figure 4 : Add X.509 Authentication Token


Figure 5 : Select Message Level Protection


Figure 6 : Add Token


Figure 7 : Set Algorithm


Figure 8 : Add Message Part Protection


Figure 9 : Aliases


Figure 10 : Qname


Figure 11 : Setting Xpath


Figure 12 : Add Policy Set Binding


Figure 13 : Associate Policy Set Binding with Policy Set


Figure 14 : Add Authentication Token


Figure 15 : Set Message Part Policy


Figure 16 : Set Key Information


Figure 17 : Save the Configuration



Figure 18 : Create the Message Flow


Figure 19 : Associate Policy Set and Policy Set Binding with Message flow

Thoughts on “Configuring WS Security Using X.509 Token in IBM Integration Bus”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Vijayakumar Perumal

More from this Author

Follow Us