Skip to main content


Defining inbound SOAP messages for WS-Security profile data instances

Suggest edit Updated on August 16, 2021

Create a WS-Security profile to securely exchange messages between your application and a web service. Use the In Flow tab to configure WS-Security on inbound SOAP messages.

Note: The order of the configuration type is important. For example, if your outbound message is first signed and then encrypted, the inbound message must first decrypt the message and then check the signature.
  1. On the In Flow tab, click the Add new configuration icon.
  2. In the Configuration type list, select one of the following inbound SOAP message types.
    • Decryption – Enables the decryption configuration on the inbound SOAP message.
      1. In the Encryption key identifier list, select the encryption key to use in the SOAP message.
      2. Click Change decryption password and then enter the new password to change the private key password.
      3. To use symmetric key encryption, where the user and the service have a shared binary key, in the Embedded key field, enter the Base64 value of a binary shared key.
      4. In the Embedded key name field, enter the name of the shared embedded key.
      5. In the Encryption sym algorithm list, select the algorithm to encrypt the symmetric key.
      6. In the Key transport algorithm list, select the algorithm used for encrypting and decrypting the encryption key.
    • Signature – Enables the signature configuration type on an inbound SOAP message.
      1. In the Signature algorithm list, select the digital signature algorithm to use for encryption.
      2. In the Digest algorithm list, select a hash code that verifies that the signature came from the claimed source.
      3. In the Signature key identifier list, select the key identifier type to use to identify the signature token.
    • Timestamp – Enables the time stamp configuration type on an inbound SOAP message.
    • Username – Enables the user name configuration type on an inbound SOAP message.
      1. In the User name field, enter a user name for authentication.
      2. Click Change password to change or add a password associated with the specified user name.
      3. In the Password type list, select the type of the password to use with the connection.
        • Text – The password is sent as plain text in the SOAP message.
        • Digest – The password is sent as a Base64-encoded SHA1 hash of the original value.
      4. To change the SOAP message to a randomly generated Based64 string, select the Add nonce value check box.
      5. To indicate the creation time of the message by including a time stamp in the SOAP message, select the Add created timestamp check box.
    • SAML – Enables the SAML configuration type on an inbound SOAP message.
      1. In the SAML version list, select the SAML version to use in the SOAP message.
      2. In the Clock skew field, enter the time difference (in seconds) between two different servers that are out of sync.
  3. Repeat steps 1 and 2 to add more configurations.
  4. Click Save.
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us