Calling an STS-Secured Web Service Provider
This section explains how you configure a Web service consumer so that it can call an STS-secured Web service provider.
Refer to Functional Principle
Prerequisites
-
You need a truststore with the public key of the STS or its certificate.
-
Both Web services and the STS are implemented in the INUBIT software.
To call a Web service that is secured using an STS of the INUBIT software with an external consumer, configure its security settings according to the provider instructions.
Proceed as follows
-
Open the Web Services Connector of your Web Service Consumer for editing.
-
In the Invoked service tab, enter the URL under which the WSDL of the STS-secured Web service is available:
-
Load the WSDL.
-
In the Extended tab, in the W3C Standards area, click the WS Security button. The WS-Security configuration dialog opens.
-
Import the truststore of the STS or its certificate.
The public key of the STS contained herein is required to read the token signed by the STS. With the signature, the STS ensures that the token was actually issued by the STS.
After the successful import, the validity of the key is displayed.
-
In the Consumer authentication area, specify how your consumer is supposed to authenticate with the STS to secure communication with the STS.
The consumer sends this username/password combination to the STS as part of its security token request.
In addition, you can specify an X.509 keystore for extra security. In this case you must specify the valid password and the alias of a key pair contained in the keystore.
-
Click Finish.
-
Publish and activate the workflow