Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Defining outbound SOAP messages for WS-Security profile data instances

Updated on April 6, 2022

Create a WS-Security profile to securely exchange messages between your application and a web service. Use the Out Flow tab to configure WS-Security on outbound SOAP messages.

Note: You can add as many configuration types for the outbound SOAP message as you need.
  1. On the Out Flow tab, click the Add new configuration icon.
  2. In the Configuration type list, select one of the following outbound SOAP message types.
    • Encryption – Enables the encryption configuration on the outbound SOAP message.
      1. In the Encryption parts field, enter a semicolon separated list of element names to encrypt. Element names must be in the format: {Element}{Namespace URI}ElementName. For example, to encrypt and/or digitally sign the WS-Security UsernameToken element, the value would look like this: {Element}{http://schemas.xmlsoap.org/ws/2002/07/secext}UsernameToken
        Note: Multi-part encryption is available for SOAP connectors only. This field is ignored for SOAP services.
      2. In the Encryption key identifier list, select the encryption key to use in the SOAP message.
      3. In the Encryption user field, enter a certificate alias that is specified in the Keystore field on the Keystore tab in this rule form.
      4. To use symmetric key encryption, where the user and the service have a shared binary key, in the Embedded key field, enter the Base64 value of a binary shared key.
      5. In the Embedded key name field, enter the name of the shared embedded key.
      6. In the Encryption sym algorithm list, select an algorithm to encrypt the symmetric key.
      7. In the Key transport algorithm list, select an algorithm to encrypt and decrypt the encryption key.
    • Signature – Enables the signature configuration type on an outbound SOAP message.
      1. In the Signature algorithm list, select the digital signature algorithm to use for encryption.
      2. In the Signature key identifier list, select the key identifier type to use to identify the signature token. As a best practice, select Issuer Name and Serial. When you select this option, only the user name and serial number of the certificate are sent in the message; the certificate is not sent in the security header.
      3. Click Change signature password to change or add a password that is associated with the signature.
      4. In the Signature user field, enter the name of the alias listed in the Keystore field on the Keystore tab in this rule form.
      5. In the Signature parts field, enter a semicolon-separated list of element names to sign. Element names must be in the format: {Element}{Namespace URI}ElementName. For example, to encrypt and/or digitally sign the WS-Security UsernameToken element, the value would look like this: {Element}{http://schemas.xmlsoap.org/ws/2002/07/secext}UsernameToken
        Note: In release 8.7, prior to patch 8.7.6, multi-part signing is available for SOAP connectors only, and this field is ignored for SOAP services. In patch 8.7.6, a hotfix is available on request that adds multi-part signing for SOAP services.
    • Timestamp – Enables the time stamp configuration type on an outbound SOAP message.
      • In the Time to live field, enter the amount of time in seconds, for which the SOAP message is valid.
    • Username – Enables the user name configuration type on an outbound SOAP message.
      1. In the User name field, enter a user name for authentication.
      2. Click Change password to change or add a password that is associated with the specified user name.
      3. In the Password type list, select the type of password to use for the SOAP message.
        • Text – Sends the password as a plain text in the SOAP message.
        • Digest – Sends the password as a Base64-encoded SHA1 has of value of the original value.
      4. To change the SOAP message to a randomly generated Based64 string, select the Add nonce value check box.
      5. To indicate the creation time of the message by including a timestamp in the SOAP message, select the Add created timestamp check box.
  3. Repeat steps 1 and 2 to add more configurations.
  4. Click Save.
  • Previous topic Configuring the keystore for a WS-Security profile
  • Next topic Defining inbound SOAP messages for WS-Security profile data instances

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us