| Author |
Message
|
| immbtechie |
 Posted: Thu Apr 09, 2015 11:40 pm Post subject: ws-security implementation for multiple initiator's |
 |
|
Newbie
Joined: 09 Apr 2015
Posts: 6
|
hi All,
I have a requirement where i want to implement inbound and outbound ws-security on SOAP INPUT and REPLY node on my gateway flow which receives SOAP messages from multiple source channels. Is it possible to dynamically configure ws-security on the flow so that some channels which does not need ws-security can still use the same message flow and some which needs they should be authenticated. |
|
| Back to top |
|
 |
| immbtechie |
| Posted: Fri Apr 10, 2015 12:56 am Post subject: |
|
|
Newbie
Joined: 09 Apr 2015
Posts: 6
|
MB version: 7.0
MQ version: 7.0
Guys, please help |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Apr 10, 2015 4:45 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
WS-Security is handled through security profiles and policies.
I forget how well MB v7 supports these. Especially given that it's pretty much out of support... (it might even be actually out of support... I forget)
The answer to your question is another question - "Can you apply more than one security policy to the same input node". |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Apr 10, 2015 5:01 am Post subject: Re: ws-security implementation for multiple initiator's |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| immbtechie wrote: |
| Is it possible to dynamically configure ws-security on the flow so that some channels which does not need ws-security can still use the same message flow and some which needs they should be authenticated. |
What method do you mean by "dynamic"?
What do you mean by "channel"?
It's possible to move the authentication out of the SOAP Input node and into a PEP node, and route the messages by operation to go through the PEP node or not.
It's possible to move the authentication out of the SOAP Input node and into the "channel" so that those "channels" that need authentication perform it, and those that do not do not.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Apr 10, 2015 5:05 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| immbtechie wrote: |
MB version: 7.0
MQ version: 7.0 |
These are going to be out of support in a few months.
| immbtechie wrote: |
| Guys, please help |
We're not a help desk with an SLA.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| immbtechie |
| Posted: Sat Apr 11, 2015 10:15 am Post subject: |
|
|
Newbie
Joined: 09 Apr 2015
Posts: 6
|
Hi All,
Thanks for your reply, anyways , by channel i mean "Client".
As part of ws-security , i will be implementing message level authentication, message level security like (checking message Integrity, confidentiality ). For this i will be creating Policy Sets and PS bindings using X.509 tokens
My requirement is, since i have multiple clients using the same flow , hence policy set bindings would be different since each initiator/client would have its own public key x.509 certificates stored in Broker Truststore for Message Decryption etc.
How can i implement multiple policy set bindings in the same message flow with SOAPInput and SOAPReply node or can i have multiple initiator key information in a single policyset bindings. |
|
| Back to top |
|
|
|
|
