InsertWSSETokenAgent

The XDInsertWSSETokenAgent is used to generate a WSSE Binary Security Token containing an X509 certificate.

The following table lists and describes XDInsertWSSETokenAgent parameters.

Parameter Name

Description

KeyStore Provider

Provider for the keystore containing the key.

Key Alias

Alias for the key to insert into the security token.

XML Namespace Provider

Provider for the mapping between XML namespace prefix and namespace URI. If left blank, elements in the security token will use the default namespace.

Create Parent Element

Determines whether the parent element is created if it is missing. Select true or false (default) from the drop-down list.

Security Token Parent Element

Path to the element where the security token will be inserted. The default value is:

/soapenv:Envelope/soapenv:Header/wsse:Security

If the Create Parent Element parameter is set to true, the XPATH expression must be of the form /comp1/comp2/... where each path component has the following form:

ns:elem[@ns1:attrib="attribValue"]

The ns: and ns1: namespace prefixes are optional, but if they are present they must be declared in the XML Namespace Provider parameter. The selector in square brackets is optional. If no element with a matching attribute is found, then both the element and the attribute will be created.

WSSE Security Token Id

The value of the BinarySecurityToken ID attribute. If left blank, the default value is x509_signer. Subsequent agents can retrieve this value in the wsse_token_id special register.

Parameter Name	Description
KeyStore Provider	Provider for the keystore containing the key.
Key Alias	Alias for the key to insert into the security token.
XML Namespace Provider	Provider for the mapping between XML namespace prefix and namespace URI. If left blank, elements in the security token will use the default namespace.
Create Parent Element	Determines whether the parent element is created if it is missing. Select true or false (default) from the drop-down list.
Security Token Parent Element	Path to the element where the security token will be inserted. The default value is: /soapenv:Envelope/soapenv:Header/wsse:Security If the Create Parent Element parameter is set to true, the XPATH expression must be of the form /comp1/comp2/... where each path component has the following form: ns:elem[@ns1:attrib="attribValue"] The ns: and ns1: namespace prefixes are optional, but if they are present they must be declared in the XML Namespace Provider parameter. The selector in square brackets is optional. If no element with a matching attribute is found, then both the element and the attribute will be created.
WSSE Security Token Id	The value of the BinarySecurityToken ID attribute. If left blank, the default value is x509_signer. Subsequent agents can retrieve this value in the wsse_token_id special register.

The WSSE Binary Security Token can later be refered to by an XML Digital Signature KeyInfo element and signed like any other XML content. The Keystore Provider and Key Alias specify which certificate will appear in the Security Token. There is no password to enter because we are only retrieving the public certificate corresponding to this private key. The location where to insert the Binary Security Token is given by a (restricted) XPATH expression pointing to the parent element.

The XPATH expression can contain namespace prefixes if the optional XML Namespace Map Provider is specified. If the parent does not exist, it is created. The optional WSSE Security Token Id is used to generate a wsu:Id attribute on the wsse:BinarySecurityToken element. The Id is saved in the wsse_token_id special register. This can be used to refer to the security token in an XML Digital Signature Reference using the URL expression #SREG(wsse_token_id). It can also be used to generate a KeyInfo/SecurityTokenReference with the Token Id expression SREG(wsse_token_id).

The following example shows a Binary Security Token.

iWay Software