Policy Sets and Policy Set Bindings editor: Authentication and Protection Tokens panel

Use this panel, which is in the Policy Set Bindings section of the editor, to further configure any X.509 authentication tokens and username tokens that are defined in the associated policy set.

Fields

The table is prefilled, based on the following criteria

Whether any X.509 authentication tokens exist in the associated policy set.
Whether the SOAP message type of the authentication token is request or response.
Whether this policy set binding is defined as being a consumer or provider.

Each authentication token identified as requiring further information is added to the table. An authentication token can require one of two types of additional information:

Key information in the form of a key name and key alias, for lookup in the integration node keystore.
Verification information, which can be either TrustAny or TrustStore.

This table shows the different combinations of configuration for authentication tokens and whether key information or verification information is required:

Authentication X.509 tokens
Policy set configuration	Policy set bindings configuration	SOAP message	Key information	Key password	Verification information
request	provider	inbound	N/A	N/A	required
response	provider	outbound	required	required	N/A
request	consumer	outbound	required	required	N/A
response	consumer	inbound	N/A	N/A	required

Where N/A is displayed in a field, no information is required. Where an authentication token is displayed, enter information in all fields that do not display N/A, so that the policy set binding can be generated correctly in accordance with the associated policy set.

Configure the integration node to refer to a keystore and truststore. You might also need to configure passwords for these stores, and specific key passwords. See Viewing and setting keystore and truststore runtime properties at integration node level for further information.

Field name	Description and valid options
Authentication Token Name	Displays the names of all authentication X.509 tokens that require further configuration. The token name is displayed after either request: or response:, depending on the configuration of the token in the associated policy set.
Key Name	The distinguished name (DN) that uniquely identifies the key in the keystore defined by the integration node. For example "CN=CommonName, O=Organisation, C=Country"
Key Alias	The key alias of the key in the keystore defined by the integration node. The integration node also uses the key alias to look up the keystore password associated with this key. You define this in the integration node using the mqsisetdbparms command.
Trust	Either: TrustAny With no security profile set, all certificates are trusted. With a security profile set, the certificate is passed to the security provider defined by the security profile for it to establish trust. See Setting up message flow security. TrustStore Certificates are checked against the public key certificates in the truststore defined by the integration node.

This table shows the different configuration options that are available for the username token that is defined in the associated policy set.

Authentication username tokens
Field name	Description and valid options
Authentication Token Name	Displays the names of all authentication username tokens that require further configuration. The token name is displayed after either request: or response:, depending on the configuration of the token in the associated policy set.
Add Timestamp	Specifies whether a timestamp is added to the outbound username token field. This option is applicable only to consumer bindings.
Add Nonce	Specifies whether a nonce is added to the outbound username token field. This option is applicable only to consumer bindings.
Password Digest	Specifies whether a digest form of the password, instead of the plain text form of the password, is created. This option is applicable only to consumer bindings.