Web services security token propagation

Web services security has the ability to send security tokens in the security header of a SOAP message. These security tokens can be used to sign, verify, encrypt or decrypt message parts. Security tokens can also be sent as stand-alone security tokens and set as the caller on the request consumer. Web services security token propagation is used to send these stand-alone security tokens in a wsse:BinarySecurityToken element within the security header of the SOAP message.

Web services security has the following built-in token types:

You can configure Web services security to use custom security tokens. Web services security uses the same propagation token format as the Security attribute propagation feature. Web services security can propagate all of the built-in security token types and can propagate custom token types as long as they are serializable by the security attribute propagation feature.

When you configure a propagation token in a token generator or token consumer, use the following values for the token type Uniform Resource Identifier (URI) and local name:

When a propagation token is generated, Web services security gathers all of the serializable security tokens in the RunAs subject for the current thread and serialize the security tokens within a wsse:BinarySecurityToken token. To have a RunAs subject and the credentials that are necessary on the current thread, a JAAS login must occur on the current thread before a propagation token can be created.

Under ordinary circumstances, for a service provider, the Java Authentication and Authorization Service (JAAS) login is achieved by including a defined caller part for the inbound token in the WS-Security configuration. For a Web services client, the JAAS login is achieved by configuring HTTP basic authentication.

There are two common uses for a propagation token:
Important: For the receiver of the LTPA propagation token to make proper use of the credentials that were sent to it in the propagation token, you must configure a define a caller part for the token in the WS-Security configuration on the receiver side.



Related concepts
Security attribute propagation
Web services security provides message integrity, confidentiality, and authentication
Related tasks
Configuring token generators using JAX-RPC to protect message authenticity at the server or cell level
Configuring token consumers using JAX-RPC to protect message authenticity at the server or cell level
Configuring token generators using JAX-RPC to protect message authenticity at the application level
Configuring token consumers using JAX-RPC to protect message authenticity at the application level
Related reference
Token generator configuration settings
Token consumer configuration settings
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 2:56:59 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=cwbs_securitytokenpropagationwbs.dita
File name: cwbs_securitytokenpropagationwbs.html