If Authenticate Source is sender
, then the message contains a wsse:Security
header with a wsse:UsernameToken
(with password). If Authenticate Source is content, then the content of the SOAP message body is signed, and the message contains a wsse:Security
header with the message body signature represented as a ds
:Signature
.
If Authenticate Recipient is either before-content
or after-content
, the content of the SOAP message body is encrypted and replaced with the resulting xend:EncryptedData
. The message contains a wsse:Security
header that contains an xenc:EncryptedKey
. The xenc:EncryptedKey
contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient.
If the Authenticate Source and Authenticate Recipient settings are left blank, then no security policy is specified, and the modules perform no security operations.
The following table shows message protection policy configurations and the resulting message security operations performed by the WS-Security SOAP message security providers for that configuration.
Message Protection Policy Based on WS-Security Soap Message Security Operation
Authenticate Recipient before-content |
Authenticate Recipient after-content |
|
---|---|---|
Authenticate Source |
The content of the SOAP message body is encrypted and replaced with the resulting |
|
Authenticate Source |
The content of the SOAP message body is encrypted and replaced with the resulting |
The content of the SOAP message body is signed, then encrypted, and then replaced with the resulting |