NonStop SOAP 4.1 User's Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

281

282

283

284

285

286

287

288

289

290

<scenario no> is the scenario number that you want to run.

For additional information on the sample scenarios, see “WS-Security Scenarios ” (page 281).

Based on the scenario number this script copies the policy.xml

from ./ secpolicy/scenario(X) folder to the client repository. Then, this script deploys

the sample server program and secures it on the NonStop SOAP 4 server. Further, this script

executes the client program.

The <client repository>/logs directory contains the client program's log files.

The <NonStop SOAP 4 Deployment Directory>/logs contains the server program's

log files.

NOTE: For each scenario, a separate service folder scenario(X) is created in <NonStop

SOAP 4 Deployment Directory>/services.

WS-Security Scenarios

You can configure the sample client and service by using different security policies. For each

scenario, the secpolicy directory contains services.xml and policy.xml files.

You can secure the service by using the services.xml and secure the client by using the

policy.xml. The assertions that are explained in the following scenarios are available in the

sample policy.xml and services.xml.

Scenario 1: Timestamp

This scenario demonstrates the steps that are required to add a timestamp to the request message.

This also describes the steps required for using AsymmetricBinding.

To add a timestamp to the SOAP message, you can specify the timestamp details in the policy by

adding the following assertion:

<sp:IncludeTimestamp/>

Next, you must specify the duration of the validity of the message. You can add the following

rampart specific assertion:

<rampc:TimeToLive>360</rampc:TimeToLive>

The time duration is specified in seconds. The time difference is set to 360 seconds and if the

message does not arrive within these limits, NonStop SOAP 4 server rejects the message. The

following is a sample timestamp tag that is added to the security header:

<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>

<wsu:Created>2012-06-18T05:10:01.448Z</wsu:Created>

<wsu:Expires>2012-06-18T05:16:01.448Z</wsu:Expires>

</wsu:Timestamp>

You can use the following assertion in the services.xml file for configuring the NonStop SOAP

4 server to use ClockSkewBuffer for validating the timestamp:

<rampc:ClockSkewBuffer>60</rampc:ClockSkewBuffer>

Scenario 2: UsernameToken

To add a UsernameToken to the SOAP message, you have to specify the following:

1. The user

<rampc:User>

2. The password type

<rampc:PasswordType>

3. The password callback module

<rampc:PasswordCallbackClass>

You can add the following assertions to the policy file:

Sample Programs 281