SOA Security. CORISECIO GmbH - Uhlandstr Darmstadt - Germany - - Copyright All Rights Reserved
|
|
- Dulcie Walton
- 6 years ago
- Views:
Transcription
1 SOA Security CORISECIO GmbH - Uhlandstr Darmstadt - Germany Copyright All Rights Reserved
2 SOA Security
3
4 1. Adapter requirements securityruntime (secrt) & managementruntime securityruntime (secrt) Functional overview Data types crs:multilinestring crs:xpath crs:certificate crs:privatekey crs:role Functions SAMLAddUserAuth (SAML 1.X) SAMLAddUserAuth (SAML 2.0) SAMLCheckUserAuth (SAML 1.1) SAMLCheckUserAuth (SAML 2.0) decryptxpath encryptxpath encryptxpathforcertificate RemoveSignatureHeader SignSOAPEnvelope SignSOAPEnvelopeWithXPath VerifySOAPEnvelope Add VerifySOAPEnvelopeWithXKMS WSSecurityAddTimestamp WSSecurityAddSAMLTen (SAML 1.1) WSSecurityCheckSAMLTen (SAML 1.1) WSSecurityCheckTimestamp WSSecurityDecrypt WSSecurityEncryptXPathWithXKMS WSSecurityEncryptForCertificate WSSecurityRemoveHeader WSSecuritySignXPath WSSecurityVerify Index... 11
5 Chapter 1. Adapter requirements 1. securityruntime (secrt) & managementruntime 1.1. securityruntime (secrt) The SOA Security adapter requires secrt-ssf 1.1 1
6 Chapter 2. Functional overview 1. Data types 1.1. crs:multilinestring A crs:multilinestring represents a multi-line string crs:xpath A crs:xpath represents an XPath expression. Supported is XPath Version 1.0 (based on Xalan 2.7.0). Please te, that XPath is namespace-aware and use //*[local-name()='cityname' and namespace-uri()=' expression to operate on des wtih namespace specified crs:certificate A crs:certificate represents an Base-64 encoded X.509 (.CER) certificate crs:privatekey A crs:privatekey represents an private key container (supported are.p12 and.jks) with RSA (max. key length 1024) key crs:role A crs:role represents a created role, which may be assigned to ne, one or many users. 2. Functions 2.1. SAMLAddUserAuth (SAML 1.X) The function SAMLAddUserAuth (SAML 1.X) adds a SAML 1.1 Assertion to the SOAP message header. The Assertion may contain a signature. The function SAMLAddUserAuth (SAML 1.X) contains the following configuration parameter: User name The subject's user name. If this parameter is t given, the content of the execution variable username is used. Authentication method The authentication method used to authenticate the subject. If this parameter is t given, the content of the execution variable saml.authncontextclassref is used. Issuer The issuer's name. Private key crs:privatekey The private key for signing the assertion. Certificate crs:certificate The certificate for signing the assertion. For the function contains the following signature: Result Typ message The Assertion was successfully added to the SOAP Header. An Error occurred during the process SAMLAddUserAuth (SAML 2.0) The function SAMLAddUserAuth (SAML 2.0) adds a SAML 2.0 Assertion to the SOAP Header. The Assertion may contain a signature. The function SAMLAddUserAuth (SAML 2.0) contains the following configuration parameter: User name The subject's username. If this parameter is t given, the content of execution variable username is used. 2
7 Authentication method The authentication method used to authenticate the subject. If this parameter is t given, the content of the execution variable saml.authncontextclassref is used. Issuer The issuer's name. Private key crs:privatekey The private key for signing the assertion. Certificate crs:certificate The certificate for signing the assertion. The function contains the following signature Result Name Result message The Assertion was successfully added to the SOAP Header. An Error occurred during the process SAMLCheckUserAuth (SAML 1.1) The function SAMLCheckUserAuth (SAML 1.1)verifies a SAML 1.1 Assertion in the Header of a SOAP Message. An Assertion is valid, if the specified validity period has t expired and if the subject is a kwn entity. If the assertion contains a signature, it must be signed by a kwn entity. The function sets the Subject in the execution variable username and the authentication method of the SAML Assertion in the execution variable saml.authncontextclassref. The fuction SAMLCheckUserAuth (SAML 1.1) contains configuration parameter. The function contains for the following signature: Result verified The assertion was successfully verified. invalid The specified validity period expired or the subject is unkwn. Assertion The SOAP Header does t contain a SAML Assertion. An occurred during the process SAMLCheckUserAuth (SAML 2.0) The function SAMLCheckUserAuth (SAML 2.0) verifies a SAML 2.0 Assertion in the Header of a SOAP Message. An Assertion is valid, if the specified validity period has t expired and if the subject is a kwn entity. If the assertion contains a signature, it must be signed by a kwn entity. The function sets the Subject in the execution variable username and the authentication method of the SAML Assertion in the execution variable saml.authncontextclassref. The function SAMLCheckUserAuth (SAML 2.0) contains configuration parameter. The function contains for the following signature: Result verified The assertion was successfully verified. invalid The specified validity period expired or the subject is unkwn. Assertion The SOAP Header does t contain a SAML Assertion. An occurred during the process. 3
8 2.5. decryptxpath The function decryptxpath decrypts an encrypted XML-Element on the specified X-Path location. It uses the private key of the securityruntime. The function decryptxpath contains the following parameter: XPath crs:xpath The specified X-Path location. The functions contains for the following signature: decrypted The decryption was successful. An occurred during the process encryptxpath The function encryptxpath encrypts a on a specified X-Path location with the public key defined in the execution variable username. The value of the execution variable may be set using e.g. SetExecVariable The function encryptxpath contains the following configuration parameter: xpath crs:xpath The specified X-Path location. The function contains for the following signature: encrypted The encrytion was successful. An occurred during the process encryptxpathforcertificate The function encryptxpathforcertificate encrypts a on a specified X-Path location using the specified certificate (which must be a Base-64 encoded X.509 (.CER)). The function encryptxpathforcertificate contains the following configuration parameter: xpath crs:xpath The specified X-Path location. The certificate which will be used for the encryption. Encryption crs:certificate certificate The function contains for the following signature: encrypted The encryption was successful. An occurred during the process RemoveSignatureHeader The function RemoveSignatureHeader removes a signature header that was created with SignSOAPEnvelope or SignSOAPEnvelopeWithXPath. The function RemoveSignatureHeader contains the following configuration parameter. SOAP 1.2 role or SOAP 1.1 actor 4
9 The function contains for the following signature: Result The header was removed. An occurred during the process SignSOAPEnvelope The function SignSOAPEnvelope signs the body of a SOAP Message with the key of the server entity. The XML-Signature is created in the header of the SOAP Message. The function SignSOAPEnvelope contains the following configuration parameter. SOAP 1.2 role or SOAP 1.1 actor Note Please te that the function igres SOAP Attachments. The function contains for the following signature: Result signed The message was signed. An occurred during the process SignSOAPEnvelopeWithXPath The function SignSOAPEnvelopeWithXPath signs of a SOAP Message with the key of the server entity. The XML-Signature is created in the header of the SOAP Message. The function SignSOAPEnvelopeWithXPath contains the following configuration parameters. SOAP 1.2 role or SOAP 1.1 actor XPath crs:xpath this parameter references the elements which should be signed; to work properly the given XPath should reference one ore more elements of the SOAP Message body BaseRefURI URI for referencing the signed parts. This is only used if the elements do t contain an id attribute Note Please te that the function igres SOAP Attachments. The functions contains for the following signature: Result signed The message was signed. An occurred during the process VerifySOAPEnvelope The function VerifySOAPEnvelope verifies the signature of a SOAP Message. The signature must be in XML Signature format in the header of the SOAP Message. For the verification of the Signature a certificate is retrieved from the certificate store which is named after the value of the execution variable username. If the username variable ist t set, the KeyInfo element of the signature is used to verify the message. The found key information must belong to a kwn entity. The function VerifySOAPEnvelope contains the following parrameter. 5
10 SOAP 1.2 role or SOAP 1.1 actor The function contains for the following signature: Result valid The verification of the signature was successful. The Message was t modified and it was signed with a private key which associated with an available certificate in the store. invalid The verification of the signature failed. Possible causes are a missing signature element, a missing certificate or the message was modified. An occurred during the process Add The function Add creates a (SOAP 1.1 or 1.2) from given string. The content of the SOAP Message must be configured without Body-Element. The function Add contains the following configuration parameter: Message Page tent XML string (SOAP 1.1 or SOAP 1.2) XML string, payload of con-crs:multilinestring The function contains for the following signature: Result message created from provided XML string VerifySOAPEnvelopeWithXKMS The function VerifySOAPEnvelopeWithXKMS verifies a for a given certificate using the specified XKMS service. The function VerifySOAPEnvelopeWithXKMS contains the following configuration parameters: SOAP 1.2 role or SOAP 1.1 actor xkms URL of XKMS service. The function contains for the following signature: Result valid Signature was found valid. invalid Signature was found invalid. invalidcertificate XKMS service could t validate the certificate provided in. An occurred during the process WSSecurityAddTimestamp The function WSSecurityAddTimestamp adds an timestamp element to the WS Security header. The timestamp is t signed. 6
11 The function WSSecurityAddTimestamp contains the following configuration parameter: Time to live in seconds Defines the actor for the security header. xsd:int The time the ten is valid. The function contains for the following signature: Result The timestamp ten was created successfully. An occurred during the process WSSecurityAddSAMLTen (SAML 1.1) The function WSSecurityAddSAMLTen (SAML 1.1) adds a signed SAML 1.1 Assertion to the WS Security header. The subject confirmation method is holder-of-key. The assertion must be signed. The function WSSecurityAddSAMLTen (SAML 1.1) contains the following configuration parameter: Defines the actor for the security header. User name The subject's user name. If this parameter is t given, the content of the execution variable username is used. Authentication method The authentication method used to authenticate the subject. If this parameter is t given, the content of the execution variable saml.authncontextclassref is used. Issuer The issuer's name. crs:privatekey The private key for signing the assertion. The corresponding certificate is added to the message. Key For the function contains the following signature: Result Typ The Assertion was successfully added to the SOAP Header. An Error occurred during the process WSSecurityCheckSAMLTen (SAML 1.1) The function WSSecurityCheckSAMLTen (SAML 1.1)verifies a SAML 1.1 Assertion in the WS Security Header of a SOAP Message. The function sets the Subject in the execution variable username and the authentication method of the SAML Assertion in the execution variable saml.authncontextclassref. The function WSSecurityCheckSAMLTen (SAML 1.1) contains the following configuration parameter: Defines the recipient actor for the security header. The function contains for the following signature: Result verified The assertion was verified successfully. invalid The assertion can t be verified. 7
12 Result Assertion No assertion was found for the given actor. An occurred during the process WSSecurityCheckTimestamp The function WSSecurityCheckTimestamp checks if the timestamp of the WS Security header is valid. The function WSSecurityCheckTimestamp contains the following configuration parameter: Defines the recipient actor for the security header. The function contains for the following signature: Result valid The timestamp is valid. invalid The timestamp is invalid. An occurred during the process. For example a timestamp was missing for the given actor WSSecurityDecrypt The function WSSecurityDecrypt decrypts XML-Element(s) on the location(s), which are referenced via a ReferenceList-Element (namespace " The function WSSecurityDecrypt contains the following parameter: Defines the actor for the security header. The function contains for the following signature: Result decrypted The message was decrypted successfully. An occurred during the process WSSecurityEncryptXPathWithXKMS The function WSSecurityEncryptXPathWithXKMS encrypts a for a given certificate on a specified X-Path location. The certificate is retrieved by the configured XKMS Service. Note If the X-Path location references multiple element, only the first found element is encrypted. The function WSSecurityEncryptXPathForHostname contains the following configuration parameter: Defines the actor for the security header. User The User whose certificate should be used to encrypt the message XKMS URL URL of XKMS service. XPath crs:xpath The specified XPath location (default value references the SOAP body). request Validate/Locate to trigger the validation of certificate. Request type The function contains for the following signature: 8
13 Result encrypted The encryption was successful. Certificate Requested certificate was t provided by XKMS service. xkmserror An occurred while contacting the XKMS service. An occurred during the process WSSecurityEncryptForCertificate The function WSSecurityEncryptForCertificate encrypts a on a specified X-Path location with the public key defined in the given certificate. Note If the X-Path location references multiple element, only the first found element is encrypted. The function WSSecurityEncryptForCertificate contains the following configuration parameter: Defines the actor for the security header. Encryption certificate crs:certificate The certificate with the public key for the receiver. crs:xpath The specified X-Path location (default value references the SOAP body). xpath The function contains for the following signature: Result encrypted The encryption was successful. An occurred during the process WSSecurityRemoveHeader The function WSSecurityRemoveHeader (SAML 1.1) removes the WS Security header with the configured actor from the message. The function WSSecurityRemoveHeader (SAML 1.1) contains the following configuration parameter: Defines the actor for the security header. For the function contains the following signature: Result Typ message The Header was successfully removed. An Error occurred during the process WSSecuritySignXPath The function WSSecuritySignXPath signs asoap Message with the key of the server entity. The XML-Signature is created in the header of the SOAP Message. Note If the X-Path location references multiple element, only the first found element is signed. The function WSSecuritySignXPath contains the following configuration parameter: Defines the actor for the security header. 9
14 xpath crs:xpath The specified X-Path location (default value references the SOAP body). The function contains for the following signature: Result signed The signature was successfully applied. An occurred during the process WSSecurityVerify The function WSSecurityVerify verifies the signature of a SOAP Message. The signature must be WS Security compatible in the header of the SOAP Message. For the verification of the Signature a certificate is retrieved from the certificate store which is named after the value of the execution variable username. If the username variable ist t set, the KeyInfo element of the signature is used to verify the message. The found key information must belong to a kwn entity. The function WSSecurityVerify contains the following configuration parameter: Defines the recipient actor for the security header. The function contains for the following signature: Result valid The verification of the signature was successful. The Message was t modified and it was signed with a private key which associated with an available certificate in the store. invalid The verification of the signature failed. Possible causes are a missing signature element, a missing certificate or the message was modified. An occurred during the process. 10
15 Index saml.authncontextclassref, 3 A Add, 6 Assertion, 2, 2, 3, 3, 7, 7 C crs:certificate, 2 crs:multilinestring, 2 crs:privatekey, 2 crs:role, 2 crs:xpath, 2 D decryptxpath, 4 E encryptxpath, 4 encryptxpathforcertificate, 4 execution variable saml.authncontextclassref, 3, 7 username, 3, 3, 5, 7, 10 R RemoveSignatureHeader, 4 S SAML, 2, 2, 3, 3, 7, 7 SAMLAddUserAuth (SAML 1.X), 2 SAMLAddUserAuth (SAML 2.0), 2 SAMLCheckUserAuth (SAML 1.1), 3 SAMLCheckUserAuth (SAML 2.0), 3 signature, 2, 2 Signature, 5, 10 SignSOAPEnvelope, 5 SignSOAPEnvelopeWithXPath, 5 V VerifySOAPEnvelope, 5 VerifySOAPEnvelopeWithXKMS, 6 W WSSecurityAddSAMLTen (SAML 1.1), 7 WSSecurityAddTimestamp, 6 WSSecurityCheckSAMLTen (SAML 1.1), 7 WSSecurityCheckTimestamp, 8 WSSecurityDecrypt, 8 WSSecurityEncryptForCertificate, 9 WSSecurityEncryptXPathWithXKMS, 8 WSSecurityRemoveHeader, 9 WSSecuritySignXPath, 9 WSSecurityVerify, 10 X XML-Signature, 5, 5, 5, 9
Lesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationSecurity Provider Integration SAML Single Sign-On
Security Provider Integration SAML Single Sign-On 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the
More informationSecurity Provider Integration: SAML Single Sign-On
Security Provider Integration: SAML Single Sign-On 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationIntegration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)
Integration Guide PingFederate SAML Integration Guide (SP-Initiated Workflow) Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances,
More informationDatapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record
1 2 3 Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record 5 White boxes show the access points for different kinds of security. That s what we will
More informationEnabling Single Sign-On Using Okta in Axon Data Governance 5.4
Enabling Single Sign-On Using Okta in Axon Data Governance 5.4 Copyright Informatica LLC 2018. Informatica and the Informatica logo are trademarks or registered trademarks of Informatica LLC in the United
More informationA Signing Proxy for Web Services Security
A Signing Proxy for Web Services Security Dr. Ingo Melzer Prof. Mario Jeckle What is a Web Service? Web Service Directory Description UDDI/WSIL WSDL Transport Content Infrastructure SOAP XML Web Service
More informationTestpassport.
Testpassport http://www.testpassport.cn Exam : 000-609 Title : IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Version : Demo 1 / 15 1. Which of the following is an advantage of using WS-Security
More informationWeb Services, ebxml and XML Security
Web Services, ebxml and XML Security Dr David Cheung Director Center for E-Commerce E Infrastructure Development Electronic Commerce Models Business to Customer (B2C) Convenient access to services Business
More informationITdumpsFree. Get free valid exam dumps and pass your exam test with confidence
ITdumpsFree http://www.itdumpsfree.com Get free valid exam dumps and pass your exam test with confidence Exam : 000-609 Title : IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Vendors : IBM
More informationSOA-Tag Koblenz 28. September Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany
SOA-Tag Koblenz 28. September 2007 Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany WS-FooBar Buchstabensuppe WS-BusinessActivity MTOM XPath InfoSet XML WS-Management
More informationRSA SecurID Access SAML Configuration for Datadog
RSA SecurID Access SAML Configuration for Datadog Last Modified: Feb 17, 2017 Datadog is a monitoring service for cloud-scale applications, bringing together data from servers, databases, tools, and services
More informationCA SiteMinder Web Services Security
CA SiteMinder Web Services Security Policy Configuration Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationComponentSpace SAML v2.0 Configuration Guide
ComponentSpace SAML v2.0 Configuration Guide Copyright ComponentSpace Pty Ltd 2017-2018. All rights reserved. www.componentspace.com Contents Introduction... 1 SAML Configuration JSON... 1 Identity Provider
More informationSecurity Provider Integration SAML Single Sign-On
Security Provider Integration SAML Single Sign-On 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the
More informationRSA SecurID Access SAML Configuration for Kanban Tool
RSA SecurID Access SAML Configuration for Kanban Tool Last Modified: October 4, 2016 Kanban Tool is a visual product management application based on the Kanban methodology (development) which was initially
More informationAuthorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin
Master s Thesis Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin Tomas Nilsson Department of Electrical and Information Technology, Faculty of Engineering, LTH, Lund University,
More informationExam Name: IBM WebSphere Datapower SOA. Appliances Firmware V3.8.1, Solution Implementation
Vendor: IBM Exam Code: 000-609 Exam Name: IBM WebSphere Datapower SOA Appliances Firmware V3.8.1, Solution Implementation Version: DEMO 1. Which of the following is an advantage of using WS-Security instead
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationComponentSpace SAML v2.0 Configuration Guide
ComponentSpace SAML v2.0 Configuration Guide Copyright ComponentSpace Pty Ltd 2004-2019. All rights reserved. www.componentspace.com Contents Introduction... 1 SAML Configuration Options... 1 SAML Configuration
More informationRSA SecurID Access SAML Configuration for StatusPage
RSA SecurID Access SAML Configuration for StatusPage Last Modified: Feb 22, 2017 StatusPage specializes in helping companies deal with the inevitable crisis of their website going down. Whether it s scheduled
More informationOpen XML Gateway User Guide. CORISECIO GmbH - Uhlandstr Darmstadt - Germany -
Open XML Gateway User Guide Conventions Typographic representation: Screen text and KEYPAD Texts appearing on the screen, key pads like e.g. system messages, menu titles, - texts, or buttons are displayed
More informationIBM WebSphere DataPower SOA Appliances Firmware V5.0 Solution Implementation Exam.
IBM 000-274 IBM WebSphere DataPower SOA Appliances Firmware V5.0 Solution Implementation Exam TYPE: DEMO http://www.examskey.com/000-274.html Examskey IBM 000-274 exam demo product is here for you to test
More informationAdvanced Configuration for SAML Authentication
The advanced configuration for SAML authentication includes: Configuring Multiple Identity Providers Multiple Identity Providers can be configured to a SAML authentication service on the Barracuda Web
More informationCookbook Generic Insurability Version 1.1
Cookbook Generic Insurability Version 1.1 This document is provided to you free of charge by The ehealth platform Willebroekkaai 38 Quai de Willebroeck 38 1000 BRUSSELS All are free to circulate this document
More informationWeb Services Introduction WS-Security XKMS
Web Service Security Wolfgang Werner HP Decus Bonn 2003 2003 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Agenda Web Services Introduction
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : 000-378 Title : IBM WebSphere DataPower SOA Appliances, Firmware V3.7.3 Vendors : IBM Version : DEMO
More informationNational Identity Exchange Federation. Web Services System- to- System Profile. Version 1.1
National Identity Exchange Federation Web Services System- to- System Profile Version 1.1 July 24, 2015 Table of Contents TABLE OF CONTENTS I 1. TARGET AUDIENCE AND PURPOSE 1 2. NIEF IDENTITY TRUST FRAMEWORK
More informationCertificate service General description Implementation project of a national Incomes Register
Version 1.0 Certificate service General description Implementation project of a national Incomes Register Version history Version Date Description 1.0 30.10.2017 Document published. CONTENTS 1 Foreword...
More informationeidas-node Error Codes
eidas-node Error Codes Version 2.0 Copyright European Commission DIGIT Unit B1 Document history Version Date Modification reason Modified by Origination 08/06/2017 Extracted from the eidas-node Installation,
More informationRSA SecurID Access SAML Configuration for Samanage
RSA SecurID Access SAML Configuration for Samanage Last Modified: July 19, 2016 Samanage, an enterprise service-desk and IT asset-management provider, has its headquarters in Cary, North Carolina. The
More informationDigitaliseringsstyrelsen
Signing Service Interface Version: 1.7 ID: 32309 2013-06-24 Table of Contents 1 PURPOSE... 3 2 OVERVIEW... 4 3 SIGNING REQUEST MESSAGE... 5 4 SIGNING RESPONSE MESSAGE... 7 5 BACK CHANNEL WEB SERVICE...
More informationWeb Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Web Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios Working Draft 04, 21 Oct 2004 Document identifier:
More informationBare Timestamp Signatures with WS-Security
Bare Timestamp Signatures with WS-Security Paul Glezen, IBM Abstract This document is a member of the Bare Series of WAS topics distributed in both stand-alone and in collection form. The latest renderings
More informationWeb Services Security. Dr. Ingo Melzer, Prof. Mario Jeckle
Web Services Security Dr. Ingo Melzer, Prof. Mario Jeckle What is a Web Service? Infrastructure Web Service I. Melzer -- Web Services Security 2 What is a Web Service? Directory Description UDDI/WSIL WSDL
More informationOracle Fusion Middleware
Oracle Fusion Middleware Interoperability Guide for Oracle Web Services Manager 11g Release 1 (11.1.1) E16098-01 October 2009 This document describes how to implement the most common Oracle WSM interoperability
More informationIBM Exam IBM WebSphere DataPower SOA Appliances Firmware V5.0 Solution Implementation Version: 6.0 [ Total Questions: 75 ]
s@lm@n IBM Exam 000-274 IBM WebSphere DataPower SOA Appliances Firmware V5.0 Solution Implementation Version: 6.0 [ Total Questions: 75 ] Question No : 1 A solution implementer needs to set the Log Priority
More informationDNS Security DNSSEC. *http://compsec101.antibo zo.net/papers/dnssec/dnss ec.html. IT352 Network Security Najwa AlGhamdi
DNS Security DNSSEC *http://compsec101.antibo zo.net/papers/dnssec/dnss ec.html 1 IT352 Network Security Najwa AlGhamdi Introduction DNSSEC is a security extensions to the DNS protocol in response to the
More informationDCCKI Interface Design Specification. and. DCCKI Repository Interface Design Specification
DCCKI Interface Design Specification and DCCKI Repository Interface Design Specification 1 INTRODUCTION Document Purpose 1.1 Pursuant to Section L13.13 of the Code (DCCKI Interface Design Specification),
More informationSecuring Connections with Digital Certificates in Router OS. By Ezugu Magnus PDS Nigeria
Securing Connections with Digital Certificates in Router OS By Ezugu Magnus PDS Nigeria About the Presenter MikroTik Certifications My Contact details: Mikrotik Certified Engineer (MTCNA,MTCRE,MTCWE,MTCTCE,MTCUME,MTCINE)
More informationConfigure Unsanctioned Device Access Control
Configure Unsanctioned Device Access Control paloaltonetworks.com/documentation Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support
More informationDRAFT For Discussion Purposes Only
DRAFT For Discussion Purposes Only Statements or comments made by the ministry or information provided in the draft technical specifications are not binding on the ministry. In particular, the ministry
More information.NET SAML Consumer Value-Added (VAM) Deployment Guide
.NET SAML Consumer Value-Added (VAM) Deployment Guide Copyright Information SecureAuth is a copyright of SecureAuth Corporation. SecureAuth s IdP software, appliances, and other products and solutions,
More informationWeb Services Security: SAML Interop 1 Scenarios
1 2 3 4 Web Services Security: SAML Interop 1 Scenarios Working Draft 04, Jan 29, 2004 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Document identifier: Location: http://www.oasis-open.org/committees/wss/
More informationFax to Encryption Instructions
Fax to Email Encryption Instructions Important Notes These instructions are provided within the following limitations: Limit of Instructions The instructions below are provided as a general guide to setting
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationSecurity Assertions Markup Language
. Send comments to: Phillip Hallam-Baker, Senior Author 401 Edgewater Place, Suite 280 Wakefield MA 01880 Tel 781 245 6996 x227 Email: pbaker@verisign.com Security Assertions Markup Language Straw-man
More informationRECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO
July 2017 Contents Introduction...3 The Integrated Solution...3 Prerequisites...4 Configuration...4 Set up BIG-IP APM to be a SAML IdP...4 Create a self-signed certificate for signing SAML assertions...4
More informationConfiguring Certificate Authorities and Digital Certificates
CHAPTER 43 Configuring Certificate Authorities and Digital Certificates Public Key Infrastructure (PKI) support provides the means for the Cisco MDS 9000 Family switches to obtain and use digital certificates
More informationMyWorkDrive SAML v2.0 Okta Integration Guide
MyWorkDrive SAML v2.0 Okta Integration Guide i Introduction In this integration, Okta is acting as the identity provider (IdP) and the MyWorkDrive Server is acting as the service provider (SP). It is
More informationSend documentation comments to
CHAPTER 6 Configuring Certificate Authorities and Digital Certificates This chapter includes the following topics: Information About Certificate Authorities and Digital Certificates, page 6-1 Default Settings,
More informationMitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2
Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE Release 9.2 NOTICE The information contained in this document is believed to be accurate in all respects but is not warranted by Mitel
More informationREST architecture for perfsonar Authentication model
REST architecture for perfsonar Authentication model Nina Jeliazkova (BREN) Candido Montes (RedIris) RESTful perfsonar Investigation of REST architecture for web services and its applicability to perfsonar
More informationSafeGuard LAN Crypt: Loading Profile Troubleshooting Guide
1 Troubleshooting Guide SafeGuard LAN Crypt: Loading Profile Troubleshooting Guide Document date: 26/11/2014 Contents 1 Introduction... 4 2 SafeGuard LAN Crypt User application... 4 3 Loading the user
More informationIBM Security Access Manager Version January Federation Administration topics IBM
IBM Security Access Manager Version 9.0.2.1 January 2017 Federation Administration topics IBM IBM Security Access Manager Version 9.0.2.1 January 2017 Federation Administration topics IBM ii IBM Security
More informationSecuring APIs and Microservices with OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform
More informationNimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]
Nimsoft Service Desk Single Sign-On Configuration Guide [assign the version number for your book] Legal Notices Copyright 2012, CA. All rights reserved. Warranty The material contained in this document
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationCA CloudMinder. SSO Partnership Federation Guide 1.51
CA CloudMinder SSO Partnership Federation Guide 1.51 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationInteroperability Solutions Guide for Oracle Web Services Manager 12c (12.2.1)
[1]Oracle Fusion Middleware Interoperability Solutions Guide for Oracle Web Services Manager 12c (12.2.1) E57783-01 October 2015 Documentation for software developers that describes how to implement the
More informationCA SiteMinder Federation
CA SiteMinder Federation Partnership Federation Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationCookbook ehealth platform Id Support web service Version 1.2
Cookbook ehealth platform Id Support web service Version 1.2 This document is provided to you free of charge by the ehealth platform Willebroekkaai 38, 38, Quai de Willebroeck 1000 BRUSSELS All are free
More informationSingle Sign-On User Guide. Cvent, Inc 1765 Greensboro Station Place McLean, VA
Single Sign-On User Guide 2018 Cvent, Inc 1765 Greensboro Station Place McLean, VA 22102 www.cvent.com Contents Single Sign-On User Guide... 3 Key Terms... 3 Features Using SSO to Login... 4 Meeting Planners
More informationINTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD
INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD Jeffy Mwakalinga, Prof Louise Yngström Department of Computer and System Sciences Royal Institute of Technology / Stockholm University
More informationProgramming Web Services in Java
Programming Web Services in Java Description Audience This course teaches students how to program Web Services in Java, including using SOAP, WSDL and UDDI. Developers and other people interested in learning
More informationThis section includes troubleshooting topics about single sign-on (SSO) issues.
This section includes troubleshooting topics about single sign-on (SSO) issues. SSO Fails After Completing Disaster Recovery Operation, page 1 SSO Protocol Error, page 1 SSO Redirection Has Failed, page
More informationThis documentation will go over how to install Sharepoint for configuring with Panopto.
Sharepoint Installation Overview This documentation will go over how to install Sharepoint for configuring with Panopto. Note: The documentation is only applicable for O365 Cloud-Hosted SharePoint sites.
More informationJuniper Networks SSL VPN Integration Guide
Juniper Networks SSL VPN Integration Guide Introduction Overview Terms Setting Up an Authentication Server Creating a User Role Creating a User Realm Setting Up Your Sign In URL top Introduction This document
More informationCA CloudMinder. SSO Partnership Federation Guide 1.53
CA CloudMinder SSO Partnership Federation Guide 1.53 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation ), is
More informationSecurity Protocols and Infrastructures
Security Protocols and Infrastructures Dr. Michael Schneider michael.schneider@h-da.de Chapter 5: Standards for Security Infrastructures November 13, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Introduction
More informationOracle Fusion Middleware
Oracle Fusion Middleware Interoperability Guide for Oracle Web Services Manager 11g Release 1 (11.1.1) E16098-04 January 2011 This document describes how to implement the most common Oracle WSM interoperability
More informationIUID Registry Application Programming Interface (API) Version 5.6. Software User s Manual (SUM)
IUID Registry Application Programming Interface (API) Version 5.6 Software User s Manual (SUM) Document Version 1.0 May 28, 2014 Prepared by: CACI 50 N Laura Street Jacksonville FL 32202 Prepared for:
More informationGSI-based Security for Web Services
GSI-based Security for Web Services Sriram Krishnan, Ph.D. sriram@sdsc.edu Topics Covered High-level Overview Message and Transport Level Security Authentication and Authorization Implementation details
More informationExam : Title : IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version : Demo
Exam : 000-609 Title : IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Version : Demo 1. Which of the following is an advantage of using WS-Security instead of SSL? A. Provides assured message
More informationIntegration Architecture Of SDMS
Integration Architecture Of SDMS 20 May 2017 Version 1.0 (Rakesh Ranjan, Consultant-IT) Table of Content 1 ABOUT SDMS...2 2 OBJECTIVE & STRUCTURE OF THIS DOCUMENT...2 3 TRANSACTIONAL SERVICES...3 3.1 HIGH
More informationXML Key Information System for Secure e-trading
XML Key Information System for Secure e-trading Nam-Je Park, Ki-Young Moon, Sung-Won Sohn Informatoion Security Research Division Electronics Telecommunications Research Institute(ETRI) 161 Gajeong-dong,
More informationMajor SAML 2.0 Changes. Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication
More informationIdentity-Enabled Web Services
Identity-Enabled s Standards-based identity for 2.0 today Overview s are emerging as the preeminent method for program-toprogram communication across corporate networks as well as the Internet. Securing
More informationSend and Receive Exchange Use Case Test Methods
Send and Receive Exchange Use Case Test Methods Release 1 Version 1.0 October 1, 2017 Send and Receive Exchange Test Methods Release 1 Version 1.0 Technology Sponsor [Name] [Email] [Telephone] Signature
More information4.2. Authenticating to REST Services. Q u i c k R e f e r e n c e G u i d e. 1. IdentityX 4.2 Updates
4.2 Authenticating to REST Services Q u i c k R e f e r e n c e G u i d e In IdentityX 4.1, REST services have an authentication and signing requirement that is handled by the IdentityX REST SDKs. In order
More informationBare SOAP-UI for WS-Security
Draft Draft Bare SOAP-UI for WS-Security Paul Glezen, IBM Abstract This document is a member of the Bare Series of WAS topics distributed in both stand-alone and in collection form. The latest renderings
More informationCS144: Sessions. Cookie : CS144: Web Applications
CS144: Sessions HTTP is a stateless protocol. The server s response is purely based on the single request, not anything else Q: How does a web site like Amazon can remember a user and customize its results?
More informationCountering Wrapping Attack on XML Signature in SOAP Message for Cloud Computing
Countering Wrapping Attack on XML Signature in SOAP Message for Cloud Computing Hadi Razzaghi Kouchaksaraei, Alexander G. Chefranov Department of Computer Engineering, Eastern Mediterranean University
More informationTECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.
TECHNICAL GUIDE SSO SAML At 360Learning, we don t make promises about technical solutions, we make commitments. This technical guide is part of our Technical Documentation. 2 360Learning is a Leading European
More informationTable of Contents 1 IKE 1-1
Table of Contents 1 IKE 1-1 IKE Overview 1-1 Security Mechanism of IKE 1-1 Operation of IKE 1-1 Functions of IKE in IPsec 1-2 Relationship Between IKE and IPsec 1-3 Protocols 1-3 Configuring IKE 1-3 Configuration
More informationMorningstar ByAllAccounts SAML Connectivity Guide
Morningstar ByAllAccounts SAML Connectivity Guide 2018 Morningstar. All Rights Reserved. AccountView Version: 1.55 Document Version: 1 Document Issue Date: May 25, 2018 Technical Support: (866) 856-4951
More informationConfiguring Alfresco Cloud with ADFS 3.0
Configuring Alfresco Cloud with ADFS 3.0 Prerequisites: You have a working domain on your Windows Server 2012 and successfully installed ADFS. For these instructions, I created: alfresco.me as a domain
More informationSOA S90-20A. SOA Security Lab. Download Full Version :
SOA S90-20A SOA Security Lab Download Full Version : https://killexams.com/pass4sure/exam-detail/s90-20a protocol. Before invoking Service A, Service Consumer A must request a ticket granting ticket and
More informationDirect Message Exhange (Web Service)
Direct Message Exhange (Web Service) Datatransmission Message exchange between the customer and Customs happens to an ever-increasing extent in XML-format. In addition to data transfer via EDI operators,
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationQualys SAML & Microsoft Active Directory Federation Services Integration
Qualys SAML & Microsoft Active Directory Federation Services Integration Microsoft Active Directory Federation Services (ADFS) is currently supported for authentication. The Qualys ADFS integration must
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationAPI Security Management SENTINET
API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...
More informationCA SiteMinder Federation
CA SiteMinder Federation Legacy Federation Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More informationPretty Good Privacy (PGP
PGP - S/MIME - Internet Firewalls for Trusted System: Roles of Firewalls Firewall related terminology- Types of Firewalls - Firewall designs - SET for E-Commerce Transactions. Pretty Good Privacy (PGP
More informationzentrale Sicherheitsplattform für WS Web Services Manager in Action: Leitender Systemberater Kersten Mebus
Web Services Manager in Action: zentrale Sicherheitsplattform für WS Kersten Mebus Leitender Systemberater Agenda Web Services Security Oracle Web Service Manager Samples OWSM vs
More informationWeb Based Single Sign-On and Access Control
0-- Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationIntegration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate
SafeNet Authentication Manager Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More information