To configure a message security provider

Typically, a provider would be reconfigured to modify its message protection policies, although the provider type, implementation class, and provider-specific configuration properties may also be modified.

1. In the Admin Console tree component, expand the Configuration node.

2. Expand the Security node.

3. Expand the Message Security node.

4. Select the SOAP node.

5. Select the Providers tab.

6. Select the message security provider to edit.

   ClientProvider and ServerProvider ship with the Application Server.

7. In the Provider Config section of the Edit Provider Config page, the following properties are available for modification:

   • Provider Type – Select client, server, or client-server to establish whether the provider is to be used as a client authentication provider, a server authentication provider, or both (a client-server provider).

   • Class Name - Enter the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise.security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type.

8. In the Request Policy section of the Create a Provider Configuration page, enter the following optional values, if needed.

   These properties are optional, but if not specified, no authentication is applied to request messages.

   The request policy defines the authentication policy requirements associated with request processing performed by the authentication provider. Policies are expressed in message sender order such that a requirement that encryption occur after content would mean that the message receiver would expect to decrypt the message before validating the signature.

   • Authentication Source– Select sender, content, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password), content authentication (for example, digital signature), or no authentication be applied to request messages. When null is specified, source authentication of the request is not required.

   • Authentication Recipient– Select beforeContent or afterContent to define a requirement for message-layer authentication of the receiver of the request message to its sender (by XML encryption). When the value is not specified it defaults to afterContent.

   For a description of the actions performed by the SOAP message security providers as a result of the following message protection policies see Actions of Request and Response Policy Configurations.

9. In the Response Policy section of the Create a Provider Configuration page, enter the following optional properties, if needed.

   These properties are optional, but if not specified, no authentication is applied to response messages.

   The response policy defines the authentication policy requirements associated with response processing performed by the authentication provider. Policies are expressed in message sender order such that a requirement that encryption occur after content would mean that the message receiver would expect to decrypt the message before validating the signature.

   • Authentication Source – Select sender, content, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password) or content authentication (for example, digital signature) to be applied to response messages. When null is specified, source authentication of the response is not required.

   • Authentication Recipient – Select beforeContent or afterContent to define a requirement for message-layer authentication of the receiver of the response message to its sender (by XML encryption). When the value is not specified it defaults to afterContent.

   For a description of the actions performed by the SOAP message security providers as a result of the following message protection policies see Actions of Request and Response Policy Configurations.

10. Add additional properties by clicking the Add Property button.

    The provider that is shipped with the Application Server supports the property listed below. If other providers are used, refer to their documentation for more information on properties and valid values.

    • server.config – The directory and file name of an XML file that contains the server configuration information. For example, domain-dir/config/wss-server-config.xml.

11. Click Save.

Equivalent asadmin commands

To set the response policy, replace the word request in the following commands with response.

• Add a request policy to the client and set the authentication source:

  asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. provider-config.ClientProvider.request-policy.auth_source= sender | content

• Add a request policy to the server and set the authentication source:

  asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. provider-config.ServerProvider.request-policy.auth_source= sender | content

• Add a request policy to the client and set the authentication recipient:

  asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. provider-config.ClientProvider.request-policy.auth_recipient= before-content | after-content

• Add a request policy to the server and set the authentication recipient:

  asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. provider-config.ServerProvider.request-policy.auth_recipient= before-content | after-content