ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » SOAP nodes WS-Security issue

Post new topic  Reply to topic
 SOAP nodes WS-Security issue « View previous topic :: View next topic » 
Author Message
paerjohan
PostPosted: Thu Dec 02, 2010 8:10 am    Post subject: SOAP nodes WS-Security issue Reply with quote

Newbie

Joined: 19 Jan 2010
Posts: 8
We have a situation where we are receiving a SOAP-message signed with SAML holder-of-key to a SOAPInput node. There is no support for this (yet) in WMB
so the verification of the signature is done by using an external library in a JavaCompute node after the SOAP input node.
The response should be signed with an X509 certificate (no SAML stuff here), so here we can use the built-in WS-Security support
in WMB when sending the response by using the SOAPReply node.
There is a problem though...
As I understand, you apply the PolicySet and Binding to the SOAPInput/SOAPReply pair, so it is not possible to apply it only to
the SOAPReply node. Our solution was to create a PolicySet with only a RecipientToken with a signing policy and no
InitiatorToken, so there is nothing in the PolicySet that applies to a SOAPInput node.
The problem is that when we apply the PolicySet to the SOAPInput/SOAPReply-pair the Security-header in the SOAP-header is ALWAYS
consumed by the SOAPInput node, even if there are no InitiatorToken or encryption configured. And since the Security-header gets consumed,
there is not possible the verify the signature in our JavaCompute node following the SOAPInput node (because the signature is gone by now)
So basicly the question is: Is it possible to sign a response message in the SOAPReply node WITHOUT consuming the Security-header of
the request message in the corresponding SOAPInput node?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » SOAP nodes WS-Security issue
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.