Securing Web Services Providers by a Security Token Service

This section explains how you secure a Web services provider by a Security Token Service (STS).

Securing a Web Services Providers by a Security Token Service is only possible in Single Mode.

Prerequisites

  • The Web service provider that is to be secured was generated using the INUBIT software. Its URL is known.

  • The following data is available:

    • A keystore with the private key of the Web service to be secured,

    • a truststore with the public key of the STS.

Proceed as follows

  1. Open the Web Services Connector for editing.

  2. In the Extended tab in the W3C Standards area, activate the WS-Security option and click the Settings button.

    The WS-Security configuration dialog opens.

  3. In the Service authentication area, enter the keystore password and import the keystore.

  4. In the Consumer authentication area, under Security mechanism, choose the Security Token Service issued Token with service certificate (STS) option.

  5. In the Consumer authentication area, in the STS address field, enter the URL of the STS that is supposed to secure your Web service.

  6. Specify how the communication of your Web service provider with the STS is supposed to be secured:

    Choose X.509 and import the truststore containing the public key of the STS.

  7. Click Finish.

  8. Publish and activate the module as well as the relevant workflow, if it exists.

As the result of this configuration, the WSDL security policies of the Web service provider describe how and on which STS consumers have to authenticate.

If this has not happened yet, you have to register your Web service provider with the STS. For notes on registering at an INUBIT-internal STS refer to Registering Web Services Providers at an STS Connector.