To enable providers for message security

To enable message security for web services endpoints deployed in the Application Server, you must specify a provider to be used by default on the server side. If you enable a default provider for message security, you also need to enable providers to be used by clients of the web services deployed in the Application Server. Information for enabling the providers used by clients is discussed in To enable message security for application clients.

To enable message security for web service invocations originating from deployed endpoints, you must specify a default client provider. If you enabled a default client provider for the Application Server, you must ensure that any services invoked from endpoints deployed in the Application Server are compatibly configured for message layer security.

1. In the Admin Console tree component, expand the Configurations node.

2. Select the instance to configure:

   • To configure a particular instance, select the instance’s config node. For example, the default instance, server, select the server-config node.

   • To configure the default settings for all instances, select the default-config node.

3. Expand the Security node.

4. Expand the Message Security node.

5. Select the SOAP node.

6. Select the Message Security tab.

7. On the Edit Message Security Configuration page, specify a provider to be used on the server side and a provider to be used on the client side for all applications for which a specific provider has not been bound.

   This is accomplished by modifying the following optional properties:

   • Default Provider – The identity of the server provider to be invoked for any application for which a specific server provider has not been bound.

     By default, no provider configuration is selected for the Application Server. To identify a server-side provider, select ServerProvider. Selecting the null option means that no message security provider will be invoked (by default) on the server side.

     You would generally select ServerProvider for this field.

   • Default Client Provider – The identity of the client provider to be invoked for any application for which a specific client provider has not been bound.

     By default, no provider configuration is selected for the Application Server. To identify a client-side provider, select ClientProvider. Selecting the null option means that no message security provider will be invoked (by default) on the client side.

     You would generally select null for this field. You would select ClientProvider if you wanted to enable a default provider and message protection policy to apply to the web services invocations originating from web services endpoints deployed on the Application Server.

8. Click Save.

9. If you enabled a client or server provider and you want to modify the message protection policies of the enabled providers, refer to To configure a message security provider for information on modifying the message security providers enabled in this step.

Equivalent asadmin commands

• To specify the default server provider:

  asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. default_provider=ServerProvider

• To specify the default client provider:

  asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. default_client_provider=ClientProvider