Configuring WS Security Using X.509 Token in IBM Integration Bus

Introduction :

Web Service Security can be implemented in IBM Integration Bus (hereafter called IIB) application using any of the following token types:

• Username
• Username and Password
• SAML assertion
• Kerberos Ticket
• LTPA Certificate
• X.509 Certificate

This blog provides how to configure Policy Sets and Policy Set bindings for implementing WS-Security in IIB message flow using X.509 Certificate identity in IIB as a Consumer.

Overview on X.509 Certificate :

An X.509 certificate specifies a binding between a public key and a set of attributes that includes subject name, issuer name, serial number and validity interval.

An X.509 certificate may be used

• to validate a public key that may be used to authenticate a SOAP message.
• to identify the public key with SOAP message that has been encrypted.

Configuring Keystore/Truststore :

Broker’s keystore and truststore must be configured to hold the trusted certificate.
For configuring Keystore and Truststore refer Viewing and setting keystore and truststore runtime properties at broker level, or Viewing and setting keystore and truststore runtime properties at integration server level.

To Set up Policy Set:

The following steps to be carried out for creating a policy set :

Figure 1 : Open Policy Sets

Figure 2 : Add Policy Set

Figure 3 : Rename Policy Set

Figure 4 : Add X.509 Authentication Token

Figure 5 : Select Message Level Protection

Figure 6 : Add Token

Figure 7 : Set Algorithm

Figure 8 : Add Message Part Protection

Figure 9 : Aliases

Figure 10 : Qname

Figure 11 : Setting Xpath

Figure 12 : Add Policy Set Binding

Figure 13 : Associate Policy Set Binding with Policy Set

Figure 14 : Add Authentication Token

Figure 15 : Set Message Part Policy

Figure 16 : Set Key Information

Figure 17 : Save the Configuration

Figure 18 : Create the Message Flow

Figure 19 : Associate Policy Set and Policy Set Binding with Message flow