Proxy Service Message Level Security Configuration page

Use the AquaLogic Proxy Service Message Level Security Configuration page to configure message-level security for the proxy service. This page appears both in the New AquaLogic Proxy Service wizard and in the AquaLogic Proxy Service editor:

Message-level custom tokens and message-level user name and password are supported on proxy services of the following binding types:

The configuration for both custom user name/password and custom token is similar. In both cases, you specify XPath expressions that enable ALSB to locate the necessary information. The root of these XPath expressions is as follows:

All XPath expressions must be in a valid XPath 2.0 format. The XPath expressions must use the XPath "declare namespace" syntax to declare any namespaces used, as follows:

  declare namespace
  ns='http://webservices.mycompany.com/MyExampleService';)

Option
Description
Service Key Provider
The name of a service key provider to be used by the service.
You can enter the path (project/folder) and name of a service key provider, or click Browse to select one.
A service key provider is only required in certain cases:
  • Outbound two-way TLS/SSL, where the proxy service routes messages to HTTPS services that require client-certificate authentication.
  • In some Web Service security scenarios, for example, if the proxy service requires messages to be encrypted.
To add a Web service security-enabled proxy service, you must create the proxy service from a WSDL (port or binding) with WS-policy attachments.
Custom Authentication Settings
Select one of the following:
  • None - if the service will not use custom authentication.
  • Custom User Name and Password - if the service will use a custom name and password, specified as XPath expressions
  • Custom Token - if the service will use a custom token
Custom User Name and Password - User Name XPath
The user name, specified as an XPath expression.
The XPath expression is evaluated against the message headers or payload, as appropriate, which allows ALSB to obtain the user name and for custom authentication.
Custom User Name and Password - User Password XPath
The password, specified as an XPath expression.
The XPath expression is evaluated against the message headers or payload, as appropriate, which allows ALSB to obtain the password values for custom authentication.
Custom Token - Token Type
Enter the type for the custom token type. Only the active token types configured for a WebLogic Server Identity Assertion provider can be used.
Custom Token - Token XPath
An XPath expression that specifies a path to the custom token. ALSB evaluates the Token XPath expression against the message headers or payload, as appropriate, to obtain the token for custom authentication.
To create or edit an expression, click <XPath> (or the expression_fragment, if one is already defined) to display the XPath Expression Editor.
Custom User Name and Password - Context Properties
or
Custom Token - Context Properties
Optionally, specify one or more context properties to pass additional context information to the Authentication (Custom User Name and Password) or Identity Assertion (Custom Token) security provider.
Context Properties provide a way (the ContextHandler interface) to pass additional information to the WebLogic Security Framework so that a security provider can obtain contextual information. See Additional Context Properties for Message Level Authentication for more information.
Enter the Property Name as a literal string, and the Value Selector as a valid XPath expression. (XPath expressions can also be literal strings.)
The XPath expressions are evaluated against the same message-part that is used for the custom token or custom user name/password. That is, the Value Selector XPath expressions for SOAP-based proxy services evaluate against the header and against the payload for non-SOAP-based proxy services.
The XPath expression is evaluated at runtime to produce the property's value. A ContextHandler is essentially a name/value list and, as such, it requires that a security provider know what names to look for. Therefore, the XPath expressions are evaluated only if a security provider asks for the value of one of these user-defined properties.
Click Add Property to add this context property. You can add multiple context properties.