If the backend web service, which is of SOAP type via Apinizer, needs to receive Tokens from the Security Token Service, this policy should be used before WS-Security settings.

The picture below shows the WS-Security STS Token settings:


Definition Section

The picture below shows the Definition settings:


The fields used for the Definition settings configuration are shown in the table below.

Field

Description

Description


A description can be written to facilitate the use and management of the policy.


Token Service Provider Section

The picture below shows the Token Service Provider settings:


The fields used for the Token Service Provider settings configuration are shown in the table below.

Field

Description

Token Service Name

The token provider is the service name of the service.

Token Service Port Name

The port name of the token provider service

IWSTrust 13 Url

The address of the endpoint of the service.

Applies To Url

It is the "Applies To Url" information that will be included in the message body.

Connection Timeout (seconds)

It is the information of how long (in seconds) the request will time out.

Token Cache Period (seconds)

It is the information for how long (in seconds) the Token information received from the returned request will be cached. If the value is "0(zero)", the Token will not be cached, a separate Token request is made for each request that will go to the backend.

Must Understand

This field is used to set the mustUnderstand attribute value of the added WS-Security XML elements to true, false or none.


Usernames and Passwords Section

The picture below shows the Usernames and Passwords settings:


The fields used for the Usernames and Passwords settings configuration are shown in the table below.

Field

Description

Password Type

Password type can be Text or Digest.

When Text is selected, the password field is clearly sent to the Token web service, when digest is selected, it is encrypted.

Digest password generation algorithm:

Base64 ( SHA1 ( nonce + created + clear text password ) )

Add Nonce to Username Token

If this field is checked, nonce information is generated and added to the WS-Security UsernameToken element. (If the password type is Digest, it is mandatory.)

Add Created to Username Token

If this field is checked, the created information is added to the WS-Security UsernameToken element. (If the password type is Digest, it is mandatory.)

Condition

If the token service is desired to be accessed by different users, more than one user name and password and the condition expressing the relevant situation in which case this pair is desired to work are entered in this field.

If there is more than one user name and password pair at runtime, their conditions are executed and the user name and password information that matches the condition is used. If there is more than one username and password that meets the condition, the first one to match is preferred.


WSA Settings Section

The picture below shows the WSA settings:


The fields used for the WSA settings configuration are shown in the table below.

Field

Description

Must Understand

This field is used to set the mustUnderstand attribute value of the added WSA elements to true, false or none.

Version

It is the information of which WSA version to use.

Add Default Action

When activated, it allows adding the "action" information defined in the settings.

Action

When the "Add Predefined Action" option is disabled, it allows adding the desired "action" information regardless of the definition.

Add Default To

When activated, it allows adding the "to" information defined in the settings.

To/Reply To

When the "Add Default To" option is disabled, it allows adding the desired "to" information regardless of the definition.

Generate Message ID

It allows the automatically generated UUID information to be added to the message when activated.

Message ID

When the "Generate Message ID" option is deactivated, the desired constant "UUID" information is added.

From

It allows the desired "From" information to be added to the message.

Fault To

It allows the desired "Fault to" information to be added to the message.

Relates To

It allows the desired "Relates To" information to be added to the message.

It allows the desired "RelationShip Type" information to be added to the message.


Timestamp Settings Section

The picture below shows the Timestamp settings:


The fields used for the Timestamp settings configuration are shown in the table below.

Field

Description

Created Date Format

Specifies the format in which the time fields will be created. By default, the time format used in SOAP Messages is used. Java notation should be used.

Expires Date Format

Specifies the format in which the time fields will be created. By default, the time format used in SOAP Messages is used. Java notation should be used.

Expiration Period (min)

It is used to set the information for how long (in minutes) the Token will be valid.