Versions Compared

Old Version 7

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Web Services The web services that are part of the profile can be secured by using various different combinations of security configurations.

...

Security Tab

The following options are available:

  • Transport Level Security with the option of enabling a Timestamp

  • Transport Level Security with Web Service Security standard with the option of enabling a Timestamp

  • Transport Level Security with Username Token and/or Addressing with the option of enabling a Timestamp

  • Transport Level Security with Web Service Security standard combined with Username Token and/or Addressing with the option of enabling a Timestamp

  • Web Service Security standard with the option of enabling a Timestamp

  • Web Service Security standard with Username Token and/or Addressing with the option of enabling a Timestamp

  • Username Token and/or Addressing with the option of enabling a Timestamp

To apply Transport Level Security (TLS v1.2), select the Enable Transport Security check box checkbox. The Web Service agents provide Web Service security by supporting XML-signature and encryption. A TimeStamp Timestamp records the time of messages. Username Token uses authentication tokens and Addressing provides unique message IDs. 

...

The Web Service Profile - Security tab

Setting

Description

Enable Transport Security

Select this

check box if you want

checkbox to communicate with the web service using the transfer protocol HTTPS. If you want to use the the transfer protocol HTTP, leave the

check box

checkbox empty.

Security Profile

Click Browse to select a security profile with certificate and configuration to use, if you prefer to use a secure connection. Refer to Security Profile for more information.

Web Service Security Settings

Applicable whether you select Enable Transport Security or not.

Enable Web Service Security For This Profile

When selected, Web Service security is used

, and the other text boxes in the dialog are highlighted

. The Web Service Security Settings and Username Token and Addressing

check boxes

checkboxes are also enabled for you to configure

your

security settings. If you do not select any other

check boxes

checkboxes on this tab, no Web Service Security is enabled.

Enable Encryption

When selected,

messages

encryption will be

encrypted. If you select this option, you must complete the text boxes in the Web Service Security Settings dialog

enabled.

Enable Binary Security Token

When selected, messages

will be

are signed and the public certificate

will be

is sent in the Binary Security Token element in the message header

of the message

.

Use request signing certificate

When selected, the public certificate sent in the Binary Security Token element

will be

is used to encrypt the message that is sent back to the client. This option

will be

is ignored in case

of

you are using a Web Service client agent.

Enable Signing

When selected, messages will be signed

. If you select this option, you must complete the text boxes in the Web Service Security Settings dialog

.

Security Profile

Click Browse to select a Web services security profile

with certificate and configuration to use, if you prefer to use a secure connection. Refer to Security Profile for more information. Insert excerptDiameter Stack Agent ConfigurationDiameter Stack Agent ConfigurationnameSecurityProfileSettingnopaneltrue

. Refer to Security Profile for more information.

Enable TimeStamp

When selected, messages

will be

are recorded with the date and time.

Enable

Note!

When

Username Token and Addressing

Enable Username Token

When selected, Username Token authentication is used, and the other text boxes in the dialog are highlighted and must be completed.

Note

Note that when selected, this option is applicable to both the Web Service Provider agent and the Web Service Request agent.

WS Token Username

Enter the WS Token username.

WS Token Password

Enter the WS Token password.

Enable WS Addressing

When selected, messages

will be

are sent with a unique ID

.

Disable Underscore Binding Mode

Use this checkbox to determine whether you want to enable or disable underscore binding mode

.

Generate Keystore for Web Service Security

There are multiple ways to setup set up a server and client keystores, in . In general, both the client and the server needs need the public certificate to sign the messages. If the server host hosts multiple clients it is not needed to import all clients' certificates in into the server keystore but then a Certificate Authority (CA) is needed. So in a multiple client scenario, the server imports the CA certificate and get gets its own certificate signed by the CA. All clients get their certificates signed by CA and import the server public certificate in into the keystore. Normally this type of certificate is signed by a trusted CA.

To generate server and client keystores, you need to follow the steps in the mentioned sequence:

  1. Setup a CA as mentioned in Setting Up a Certificate Authority

  2. Generate the server keystore and certificate as mentioned in Creating Server Keystore and Certificate 

  3. Generate the client keystore and certificate as mentioned in Creating Client Keystore and Certificate.

The Web Service Profile for client and server You need to select the Binary Security Token option checkbox for the Web Service profile client and server. For the server, you also need to select the checkbox Use request signing certificate.

After following the examples of setting up the keystores, the profile settings for the client should look like this:

Image Removed 

Profile settings for the client

And the server settings should look like this:
Image Removed

Profile settings for the server