Security features supported for the web service consumer scenario
SOAP Gateway supports server authentication, client authentication, and basic authentication to secure callout requests to external web services. Web services security (WS-Security) is also supported for synchronous callout requests so the user ID is sent with the SAML token to the external web service.
SOAP Gateway can be configured for server authentication and client authentication through Java™ keystore (JKS).
For
message-level web services security (WS-Security), you can use the
following token types:
- SAML 1.1 sender-vouches unsigned tokens
- SAML 2.0 sender-vouches unsigned tokens
The following table lists the supported security features for the consumer scenario.
| Security feature | Description | Key type (JKS or SAF with AT-TLS) |
|---|---|---|
| Server authentication | The server hosting the web services provides server authentication information (certificate) to the client (SOAP Gateway) that binds the server identify to subsequent communications. |
Both |
| Client authentication | Also known as mutual authentication because in addition to server authentication, the client (SOAP Gateway) must send certification information to the server. |
Both |
| Basic authentication | The server hosting the web service requires the client (SOAP Gateway) to have proper basic authentication credentials in order to invoke a service. |
Both |
| WS-Security | SAML 1.1 and SAML 2.0 unsigned tokens are supported for synchronous callout requests. Client authentication is required to pass the security token. |
Both |
| Custom authentication module | You can plug in your own custom Java Authentication and Authorization Service (JAAS) authentication module when WS-Security is enabled for the deployed callout web service, and client authentication is configured. |
Both |