Enabling WS-Security for synchronous callout

To enable WS-Security to propagate user ID information with a request to an external web service, you must specify the keystore and truststore to the callout connection bundle. Then deploy the callout web service with the token type specified.

Prerequisite: Client authentication must be configured. For more information, see Example: Configuring the client authentication and basic authentication security scheme.
  1. Create a connection bundle and provide callout keystore and truststore information.
    The following example creates a callout connection bundle:
    iogmgmt -conn -c -n myCalloutConnBundleName 
-l /usr/lpp/some/where/myclient_keystore.ks -y keystore_password 
-v /usr/lpp/some/where/myclient_truststore.ks -q truststore_password
  2. Deploy the callout web service that would process and send the IMS callout request to an external web service.
    The following sample deploys a callout web service that sends a SAML 2.0 unsigned token to the external web service: 
    iogmgmt -deploy -w myCalloutService.wsdl -r myCalloutService.xml -t SAML20Token