Web services security actions
HCL DevOps Test Integrations and APIs (Test Integrations and APIs) supports the use of one or more security actions that can be layered on top of one another in an outgoing SOAP message.
The actions are as follows:
- User Tokens, which add simple user name and password authentication.
- Timestamp Tokens, which enable you to define a period during which the SOAP envelope is valid.
- Binary Tokens, which add authentication by using a keystore and certificate alias.
- Digital Signatures, which can be applied to the header and body elements of a SOAP message.
- Encryption, which can be applied to the header and body of a SOAP message.
- SAML Tokens, which enable authentication of SOAP messages by servers that use Security Assertion Markup Language.
- Decryption, which can be applied to SOAP messages that are encrypted with WS-Security.
- Signature validation, which can be applied to SOAP messages that are encrypted with WS-Security.
- LTPA Tokens, which enable authentication of SOAP messages by servers that use Lightweight Third-Party Authentication (LTPA).
Note: Decryption and Signature validation actions and the ability to encrypt headers of
SOAP messages are available only in Test Integrations and APIs 8.5.0 or later. The
ability to add an LTPA token is available only in 8.5.1 or later.
Note: If you are using 8.5.1 or later, you can import WSDL documents that contain
WS-SecurityPolicy assertions. This enables Test Integrations and APIs to automate the
definition of security settings in SOAP messages. However, Test Integrations and APIs does not currently
support the following WS-SecurityPolicy elements: SAML 2.0, signed and encrypted
elements (XPath), transport binding, layout assertion, and entire header signing and
encryption. For information about the WS-SecurityPolicy specification, see the OASIS
website.
Security actions
Security actions are created and modified under the WS-Security tab of the Field Properties window, which is opened when you are viewing the properties of a SOAP message (see WS-Security). One or more security actions can be created, and the inclusion of those actions can be enabled or disabled by selecting or clearing the Enabled check box on the WS-Security tab.
Security actions can be managed by using the toolbar under the
Enable check box:
Note: The order in which actions are
displayed in the list under the toolbar can be significant. This is because the
entries in the Encrypt and Signature
windows depend on the actions listed above those Encrypt
and Signature actions in the list; for example, time
stamps. Multiple actions of the same type in the list will result in that action
being carried out multiple times, for example, signatures generated for elements
that have already been signed.