| Author |
Message
|
| goffinf |
 Posted: Thu Oct 04, 2012 11:05 am Post subject: More than one WS-Sec header |
 |
|
Chevalier
Joined: 05 Nov 2005
Posts: 401
|
MB v8
Does anyone know whether it is possible for Broker to successfully receive a message containing TWO WS-Security (User Name Token) headers via a SOAP Input and send TWO WS-Security headers (also UNT) via a SOAP Request node ?
Both with be assigned a specific role and have a different wsu:id
Regards
Fraser. |
|
| Back to top |
|
 |
| lancelotlinc |
| Posted: Thu Oct 04, 2012 11:08 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
Yes, you can do this in the message tree, but the parser may serialize only one of them on output. You'll have to try it out to find out what may work and not.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Oct 04, 2012 11:08 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| It depends on what you mean by "possible". |
|
| Back to top |
|
|
| goffinf |
| Posted: Thu Oct 04, 2012 11:44 am Post subject: |
|
|
Chevalier
Joined: 05 Nov 2005
Posts: 401
|
| mqjeff wrote: |
| It depends on what you mean by "possible". |
I guess I mean, if a SOAP Input receives two WS-Sec headers, one which I want to use for authentication/authorisation and the other for some other purpose (like a simple (unverifiable) identity for the originating caller), can I create a policy that looks at the one marked for auth/auth only or do I need to tell the policy what to do with both ?
Are both headers available such that I could choose to propagate them further if I choose (at least the identity token one) ?
Fraser |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Oct 04, 2012 11:51 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| goffinf wrote: |
| mqjeff wrote: |
| It depends on what you mean by "possible". |
I guess I mean, if a SOAP Input receives two WS-Sec headers, one which I want to use for authentication/authorisation and the other for some other purpose (like a simple (unverifiable) identity for the originating caller), can I create a policy that looks at the one marked for auth/auth only or do I need to tell the policy what to do with both ?
Are both headers available such that I could choose to propagate them further if I choose (at least the identity token one) ?
Fraser |
Okay, so you want to adjust the policy to only use the 'correct' identity.
yes, you can tell the policy where to find the identity - http://publib.boulder.ibm.com/infocenter/wmbhelp/v8r0m0/topic/com.ibm.etools.mft.doc/ap04110_.htm
edit: if you do this, then the 'correct' entity will be mapped into the properties tree, and the second identity *should* still be left in the message tree. |
|
| Back to top |
|
|
| goffinf |
| Posted: Thu Oct 04, 2012 1:27 pm Post subject: |
|
|
Chevalier
Joined: 05 Nov 2005
Posts: 401
|
| Ah thx. Reading that would suggest that I can create a policy which would allow me to extract both tokens (i.e. the Username token AND the Username/pwd), do you think that's possible ? |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Oct 05, 2012 5:21 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| goffinf wrote: |
| Ah thx. Reading that would suggest that I can create a policy which would allow me to extract both tokens (i.e. the Username token AND the Username/pwd), do you think that's possible ? |
I don't know. If it suggests it's possible, then it's possible, but I've not tried it... So I'd suggest trying it and seeing. |
|
| Back to top |
|
|
|
|
