ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportWS-Security authentication for SOAP using X.509 token

Post new topicReply to topic
WS-Security authentication for SOAP using X.509 token View previous topic :: View next topic
Author Message
varmr
PostPosted: Thu May 03, 2018 11:48 pm Post subject: WS-Security authentication for SOAP using X.509 token Reply with quote

Newbie

Joined: 03 May 2018
Posts: 1

I have successfully implemented transport-level HTTPS security using mutual X.509 certificate authentication. High-level steps as follows:
Created keystore with private key.
Created truststore. I have imported my self-signed certificate from the keystore created above into the truststore on my local. This will be replaced by CA-certificates on the client server.
Pointed specific EG to the newly created keystore/truststore.
Configured HTTPS with ClientAuth on the EG.
Tested the above configuration using SOAPUI, where I setup the project to point to the keystore as well as referenced the keystore in my request.

Since we do not intend to use username auth or any additional message-level security requirement like encryption or digital signatures at the moment, I believe the above mentioned setup should suffice. NO PolicySet or Binding is required. Please chime-in here.

However, in case we do decide to go with additional message-level security in the future, I have 2 open questions which I need expert advice on:
Do just the X.509 Authentication Tokens (without username or Message-level protection) under PolicySet/Bindings provide for any additional security?
If we need to use the X.509 tokens for encryption, I see only 2 possible Trust options in the policy binding editor:
TrustAny for use with security profiles and external authentication
TrustStore points to Broker default truststore
Is there a way we can point to the EG-specific truststore instead?
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportWS-Security authentication for SOAP using X.509 token
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.