Posted: Thu May 03, 2018 11:48 pm Post subject: WS-Security authentication for SOAP using X.509 token
Newbie
Joined: 03 May 2018 Posts: 1
I have successfully implemented transport-level HTTPS security using mutual X.509 certificate authentication. High-level steps as follows:
• Created keystore with private key.
• Created truststore. I have imported my self-signed certificate from the keystore created above into the truststore on my local. This will be replaced by CA-certificates on the client server.
• Pointed specific EG to the newly created keystore/truststore.
• Configured HTTPS with ClientAuth on the EG.
• Tested the above configuration using SOAPUI, where I setup the project to point to the keystore as well as referenced the keystore in my request.
Since we do not intend to use username auth or any additional message-level security requirement like encryption or digital signatures at the moment, I believe the above mentioned setup should suffice. NO PolicySet or Binding is required. Please chime-in here.
However, in case we do decide to go with additional message-level security in the future, I have 2 open questions which I need expert advice on:
• Do just the “X.509 Authentication Tokens” (without username or Message-level protection) under PolicySet/Bindings provide for any additional security?
• If we need to use the X.509 tokens for encryption, I see only 2 possible “Trust” options in the policy binding editor:
TrustAny – for use with security profiles and external authentication
TrustStore – points to Broker default truststore
Is there a way we can point to the EG-specific truststore instead?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum