Insert WSSE Token Service

Syntax:

com.ibi.agents.XDInsertWSSETokenAgent

Description:

This service is used to generate a WSSE Binary Security Token containing an X509 certificate.

Parameters:

The following table lists and describes the parameters for the Insert WSSE Token service.

Parameter Name

Description

KeyStore Provider

Provider for the keystore containing the key.

Key Alias

Alias for the key to insert into the security token.

XML Namespace Provider

Provider for the mapping between XML namespace prefix and namespace URI. If left blank, elements in the security token will use the default namespace.

XPath Version

Determines which implementation of XPath should be used. You can select the iWay implementation of XPath, an external XPath implementation, or the default. The default option selects the XPath implementation that is specified in the General Settings area of the iSM Administration Console.

Create Parent Element

Determines whether the parent element is created if it is missing. Select true or false (default) from the drop-down list.

Security Token Parent Element

Path to the element where the security token will be inserted. The default value is:

/soapenv:Envelope/soapenv:Header/wsse:Security

If the Create Parent Element parameter is set to true, then the expression must adhere to Restricted XPath syntax, otherwise the expression may adhere to the full syntax of the XPath engine selected by the XPath Version parameter.

Restricted XPath has the form /step1/step2/... where a step has the form ns:elem[predicate] or a pair of consecutive steps that has the form *[1]/self::ns:elem[predicate] to indicate the element must be the first child of its parent. The namespace prefixes are optional, but if present they must be declared in the XML Namespace provider. The predicate is optional, but when present it has the form [@ns1:attr1='val1' and @ns2:attr2='val2' and ...]. If no element matches the Restricted XPath expression and the Create Parent Element parameter is set to true, then the necessary elements and attributes will be created such that the expression would match successfully.

WSSE Security Token Id

The value of the BinarySecurityToken ID attribute. If left blank, the default value is x509_signer. Subsequent services can retrieve this value in the wsse_token_id special register.

Edges:

The following table lists and describes the edges that are returned by the Insert WSSE Token service.

Edge

Description

success

The BinarySecurityToken was successfully inserted.

fail_parse

An iFL or XPath expression could not be evaluated.

fail_operation

The BinarySecurityToken could not be inserted.

The WSSE Binary Security Token can later be referred to by an XML Digital Signature KeyInfo element and signed like any other XML content. The Keystore Provider and Key Alias specify which certificate will appear in the Security Token. There is no password to enter because you are only retrieving the public certificate corresponding to this private key. The location where to insert the Binary Security Token is given by an XPath expression specified in the Security Token Parent Element parameter. The XPath expression can contain namespace prefixes if the optional XML Namespace Map Provider is specified. When the Create Parent Element parameter is set to true, the parent element will be created if needed, but the XPath expression must adhere to the Restricted XPath syntax. When the Create Parent Element parameter is set to false, the parent element must exist but the expression may adhere to the full syntax of the XPath engine selected by the XPath Version parameter.

The optional WSSE Security Token Id parameter is used to generate a wsu:Id attribute on the wsse:BinarySecurityToken element. The Id is saved in the wsse_token_id special register. This can be used to refer to the security token in an XML Digital Signature Reference using the URL expression #_sreg(wsse_token_id). It can also be used to generate a KeyInfo/SecurityTokenReference with the Token Id expression _sreg(wsse_token_id).

The following example shows the creation of Binary Security Token. The following table lists the parameter values that were used.

Parameter Name

Value

KeyStore Provider

ksprov

Key Alias

alias1

XML Namespace Provider

 

XPath Version

default

Create Parent Element

true

Security Token Parent Element

 

WSSE Security Token Id

tokenid

This assumes there is a private key entry with alias alias1 in the keystore specified by the KeyStore provider ksprov.

A sample input document is shown as follows (indented for display purposes only):

The resulting output document shows the addition of the Binary Security Token in the SOAP header block (indented for display purposes only):


iWay Software