MQSeries.net :: View topic

chetu777 · Posted: Wed May 26, 2010 3:55 am Post subject: Issue regarding security tokens

Hi All,

I am using Message broker 7. For my requirement I need to develop a web service and in which I need to authenticate username and passwords that coming from wsse headers and also decrypt the message header ( the consumer will be sending me a encrypted header part).

Coming to the implementation part. To do a POC on this I have taken address book extended sample in sample galary as my message flow

case 1) Setting only username token policy:-
In policy sets I have set the username token policy and applied to the bar file to be deployed. When I give SOAP message with wsse header along with username and password it works fine and If I dont provide header information it throws me an error which is as expected. Here encryption in consumer and decryption in provider is not taking place as I have still not set the X509 certificate.

Case 2) Setting only X509 certificate policy:-
So to do this, in the example they have mentioned how to use only X509 tokens for encryption and decryption of SOAP message and it works fine when I tried this.

But when I try to use both x509 and username tokens together, the webservice is considering only X509 token and not username token applied in policy set of broker.

Anyone having idea how to use both these scurity tokens together, So that I can encrypt and decrypt the message as well as see to that wsse header information is compulsary by defining username tokens in policy sets. Or is there any way where I can achieve my goal apart from the route I am following