Using Binary Security Token with WS-Security Policy
Learn how to authenticate a web service request with CA SiteMinder Binary Security Token with a WS-Security Policy.Using Admin Console CA SiteMinder Use Cases Integrate CA SiteMinder with Policy Manager (Main Topic)
The WS-Security Binary Token Use Case client authentication is performed with a Binary Token which appears at the SOAP layer as a signed supporting token that is always sent from the client to the service. The user is authenticated using a Binary Token password in the WS-Security header.
This use case is composed of the Authentication Policy, WS-Security Transport Binding Policy, and WS-Security Supporting Tokens Policy.
Step 1: Create Policies
In the Policies folder, use Add Policy to create the following policy configurations.
- Create an Authenication Policy with Subject Category = End-User, and Domain (Realms = CA SiteMinder).
- Create a WS-Security Transport Binding Policy with HTTPS Token > Certificate Subject Category = End-User.
- Create a WS-Security Supporting Tokens Policy and configure as follows:
Screen Name Configuration Steps Specify Supporting Token Options
- Click Add Token Choice
- Select the Token Choice
- Click Add Token
Add Supporting Token
- Token Type = Binary Security
- Token Inclusion = Always to Recipient
- Subject Category = End-User
Specify Binary Security Token Options
- Binary Security Token Type = urn:soa.com:security.tokens:siteminder-ssotoken
Step 2: Attach Policies
- Attach the policies to a virtual service.
Step 3: Send Request
Send a request from the SiteMinder Client or SOAP UI as illustrated below:
Option 1: Send Request with SiteMinder Client
- Launch the SiteMinder client and send request with the Binary Security Token.
Option 2: Send Request from SOAP UI
- Launch SOAPUI and send a request with the Binary Security Token.
Step 4: Test Configuration
- Send requests to the virtual service and view the usage data in the Services > Monitoring section.