WebService Security. A guide to set up highly secured client-server communications using WS-Security extensions to the SOAP protocol
|
|
- Warren Beasley
- 7 years ago
- Views:
Transcription
1 WebService Security A guide to set up highly secured client-server communications using WS-Security extensions to the SOAP protocol Jam Hamidi Senior Technical Analyst BCcampus, Victoria, British Columbia, Canada jhamidi@bccampus.ca Thursday, March 21, 2013 Abstract This documents describes the process of setting up a secure WebService communication channel using OASIS WS- Security extensions to the SOAP protocol. Detailed configuration examples and code snippets are provided in the JAVA programming environment for Apache tomcat servers. About this document This document is not intended as an introduction to the WebService architecture or even the WS- Security architecture of the WebService protocols, but rather as a practical solution to the configuration and deployment of a service, of the type provided by the BCcampus Connector System. However the concepts and examples should be applicable to any WebService application that requires a high level of security. If you re only interested in the example configurations, skip to section III. I. INTRODUCTION The BCcampus Connector system provides secure and reliable data exchange between British Columbia s postsecondary institutions enterprise systems to each other as well as to BCcampus. The information exchanged includes personal student as well as financial data, so it is paramount that the communications be carried out in a highly secure manner, in particular with respect to a man in the middle attack, whereby an attacker intercepts messages and then resubmits them, substituting his own data for the requested one. It is easy to see why this protection is needed in cases where student transcripts are exchanged. PLNet, the Provincial Learning Network, BCNET (Shared IT Services for Higher Education in British Columbia) both offer a reliable, robust and safe network infrastructure for BCcampus services, but even so, they also connect thousands of users on a daily basis and it is next to impossible to monitor all of their access points for security attacks. Fortunately the OASIS group provides an infrastructure for secure point-to-point WebService access in a (more or less) public network if you adhere to their Security specifications. These are the same specifications implemented by banks, governments and organizations throughout the world. The heart of the WebService WS-Security is the use of public/private key cryptography. In this model, a user has a pair of public and private keys. These are generated using a large prime number generator. The keys are related mathematically, but cannot be derived from each other. The user uses his private key to encrypt data, and at the other end the receiver can use the public key to decrypt the data. Another key point is the signing of the contents of a message. Signing means deriving a key from the content of the sent message and including this key with the message. The receiver then applies the key to the content and if the content was modified in any way the key will fail on it. This guarantees the authenticity of the message. II. HOW BCCAMPUS COMPLIES WITH WEBSERVICES SECURITY SPECIFICATIONS WebService messages are built on top of SOAP and OASIS specifies what needs to be included in the SOAP headers. The <wsse:security> header provides a mechanism for attaching security-related information in the form of a SOAP actor or role. The following attributes of <wsse:security> are used at BCcampus: mustunderstand EncryptedKey EncryptionMethod X509 Binary Security Token Signature Timestamp UsernameToken Password A Security Token conveys a set of claims. Sometimes these claims reside elsewhere and need to be accessed by the receiving application. The <wsse:securitytokenreference> element in the SOAP header provides an extensible mechanism for referencing security tokens. The following mechanisms are supported: Direct reference Key identifier Key name Embedded reference The signature algorithm used is RSA with SHA1. BCcampus allows the following SOAP elements to be signed:
2 The SOAP message body The identity token (used to assert identity) The encryption algorithm used is Key Transport (public key cryptography) RSA version 1.5. BCcampus allows the following SOAP element to be encrypted: The SOAP body The element provides a mechanism for expressing the creation and expiration times of the security semantics in a message. BCcampus tolerates the use of timestamps within the WebService security header on inbound and outbound messages. Finally, BCcampus generates SOAP security fault messages using the standard list of response codes listed in the specification. III. TOMCAT PACKAGING AND CONFIGURATION The target environment for running any of BCcampus WebService applications is tomcat. Applications are packaged as WAR packages and deployed to running tomcat containers. The BCcampus WAR package contains the following in its root directory: /WEB-INF/lib : Support libraries for applications, including WebServices, WS-Security and BCcampus support libraries. /WEB-INF/web.xml : Apache tomcat Servlet definition and mapping. /WEB-INF/cxf-servlet.xml : Apache CXF WebService configuration file where most of the server s WS-Security configuration is done. /WEB-INF/bccampusRequest.wsdl : The WSDL of the WebService application. This defines the WebService methods provided by the application and is outside the scope of this document. /WEB-INF/classes/*.class : The various java classes that form the application. /WEB-INF/classes/log4j.properties : The logging configuration of the application. /WEB-INF/classes/*.ks and *.ts : Keystores for the client and server : Explained below. /WEB-INF/classes/*.properties : Explained below. Four keystores are needed for a client/server application. These are storage facilities for cryptographic keys and certificates. webserviceclient.ks : Key store for the WebService client. webserviceclient.ts : Trust store for the WebService client (includes the public keys of the servers that the client trusts and accepts keys from). webserviceserver.ks : Key store for the WebService server. webserviceserver.ts : Trust store the for WebService server (includes the public keys of the clients that this server accepts connection from). There four property files dedicated to WS-Security and these are located in the /WEB-INF/classes location. clientencrypt.properties : defines configurable values for the encryption of outgoing messages from a client. clientsign.properties : defines configurable values for the signing of outgoing messages from a client. serversignverify.properties : defines configurable values for the verification of the client signature by the server. serverdecrypt.properties : defines configurable values for the decrypting of the message by the server. The WAR file, once assembled, is deployed to the tomcat s webapps directory in order to run the application. IV. ENCRYPTION KEY SETUP Before assembling the WAR, private/public key pairs have be generated and stored in their appropriate keystores. Most Windows and Linux operating systems provide the utility keytool to generate and manipulate cryptographic keys. It should be noted that BCcampus uses strong cryptography and as such additional security jars are typically added to the JAVA implementation. These are forbidden to export to some countries so please verify adherence criteria before installation. First a pair of keys are generated for the server (here the keys are self-signed and valid for 10 years): keytool -genkeypair -alias webserviceserver -keyalg RSA -validity keystore webserviceserver.ks -storepass webserverpassword Then for the client: keytool -genkeypair -alias webserviceclient -keyalg RSA -validity keystore webserviceclient.ks -storepass webclientpassword The public keys are extracted for the trust stores: keytool -alias webserviceserver export file server.cert -keystore webserviceserver.ks keytool -alias webserviceclient export file client.cert -keystore webserviceclient.ks And imported into the appropriate trust stores: keytool import trustcacerts -alias webserviceserver -keystore webserviceclient.ts -storepass webclientpassword keytool import trustcacerts -alias webserviceclient -keystore webserviceserver.ts -storepass webserverpassword At this point the four keystores are ready for inclusion in the WAR file.
3 V. THE WS-SECURITY PROPERTIES FILES Both client and server for the purpose of accessing their configuration during run time use the WS-Security properties files. They are used for signing, verification of signing, encryption and decryption. clientencrypt.properties webclientpassword webserviceserver webserviceclient.ts clientsign.properties webclientpassword webserviceclient webserviceclient.ks serverdecrypt.properties webserverpassword webserviceserver webserviceserver.ks serversignverify.properties webserverpassword webserviceclient webserviceserver.ts Please be aware that the contents of these files will be used by different components and sometimes the context of use will be perplexing to the user. For example, serversignverify.properties is used in the outgoing decryption module (instead of serverdecrypt as you d expect). Keep in mind that there are some inversion involved, ie. you decrypt what the client intended for you and not what you intended for the client. So it s important to follow to the letter these configurations. VI. SERVER CONFIGURATION Most of the WS-Security configurations of the server is accomplished in the cxf-servlet.xml file. The server itself is defined is the web.xml packages at the /WEB-INF level of the WAR file, which contains: <web-app> <servlet> <servlet-name>webserviceapplicationname</servlet-name> <display-name>generic Service Application</display-name> <servletclass>org.apache.cxf.transport.servlet.cxfservlet</servlet-class> <init-param> <param-name>config-location</param-name> <param-value>/web-inf/cxf-servlet.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>webserviceapplication</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> </web-app> The WS-Security configuration is in cxf-servlet.xml defines a number of in and out interceptors that implement the security functionality. The incoming interceptors are defined as: <jaxws:ininterceptors> <bean class="org.apache.cxf.interceptor.loggingininterceptor"/> <bean class="org.apache.cxf.binding.soap.saaj.saajininterceptor"/> <bean class="org.apache.cxf.ws.security.wss4j.wss4jininterceptor"> <constructor-arg> <map> <!-- username/password section --> <entry key="action" value="usernametoken Timestamp Signature Encrypt"/> <entry key="passwordtype" value="passwordtext"/> <entry key="passwordcallbackclass" value="some.class.to.verify.passwords"/> <!-- decrypt section --> <entry key="decryptionpropfile" value="serverdecrypt.properties"/> <entry key="encryptionkeyidentifier" value="issuerserial"/> <!-- signature section --> <entry key="signaturepropfile" value="serversignverify.properties"/> <entry key="signaturekeyidentifier" value="directreference"/> </map> </constructor-arg> </bean> <bean id="cryptochecker" class="org.apache.cxf.ws.security.wss4j.defaultcryptocoveragecheck er"/> </jaxws:ininterceptors> Notice that there are 3 sections: username and password verification, decrypt section and signature section. First the username and passwords, supplied and encrypted in the SOAP
4 header, are verified using a class (here indicated as some.class.to.verify.passwords). Please note that this class not only needs to verify user passwords, but also the aliases supplied in the construction of the keystores along with the keystore passwords. A snippet of password verification code in JAVA might simply be: if (username.equals("webservicemethoduser")) { password = "WebServiceMethodPassword"; else if (username.equals("webserviceclient")) { password = "webclientpassword"; else if (username.equals("webserviceserver")) { password = "webservicepassword"; The cryptochecker line makes sure that incoming signature is correct and adheres to the timestamp validation nature. The server outgoing interceptors are configured as: <jaxws:outinterceptors> <bean class="org.apache.cxf.interceptor.loggingoutinterceptor"/> <bean class="org.apache.cxf.binding.soap.saaj.saajoutinterceptor"/> <bean class="org.apache.cxf.ws.security.wss4j.wss4joutinterceptor"> <constructor-arg> <map> <!-- username/password section --> <entry key="action" value="usernametoken Timestamp Signature Encrypt"/> <entry key="passwordtype" value="passwordtext"/> <entry key="passwordcallbackclass" value="some.class.to.verify.passwords "/> <entry key="user" value="webservicemethoduser"/> <!-- encrypt section --> <entry key="encryptionuser" value="webserviceclient"/> <entry key="encryptionpropfile" value="serversignverify.properties"/> <entry key="encryptionkeyidentifier" value="issuerserial"/> <entry key="encryptionparts" value="{element{ open.org/wss/2004/01/oasis wss-wssecurity-utility- 1.0.xsdTimestamp;{Content{ pe/body"/> <!-- signature section --> <entry key="signatureuser" value="webserviceserver"/> <entry key="signaturepropfile" value="serverdecrypt.properties"/> <entry key="signaturekeyidentifier" value="directreference"/> <entry key="signatureparts" value="{element{ open.org/wss/2004/01/oasis wss-wssecurity-utility- 1.0.xsdTimestamp;{Element{ pe/body"/> </map> </constructor-arg> </bean> </jaxws:outinterceptors> Please note the inversion of the properties for the encrypt and signature sections. Even though it doesn t look right, this is the correct WS-Security configuration. VII. CLIENT CODE The client code doesn t originate from a tomcat container. In JAVA, clients are typically generated initially from the WSDL file of the server by the java2wsdl command. Once the client skeleton is obtained from whatever method, the WS- Security code needs to be added before the client makes a WebService call. As an example, below, a WebContent/WEB- INF/wssec.xml file is created on the fly using Spring, but there are numerous other ways to achieve the same thing. // ws-security client outgoing SpringBusFactory bf = new SpringBusFactory(); Bus bus = bf.createbus("webcontent/web-inf/wssec.xml"); BusFactory.setDefaultBus(bus); The outgoing interceptor is then added: // outgoing username/password Map<String, Object> outprops = new HashMap<String, Object>(); outprops.put("action", "UsernameToken Timestamp Signature Encrypt"); outprops.put("passwordtype", "PasswordText"); outprops.put("passwordcallbackclass", "ca.bccampus.wsrequest.serverpasswordcallback"); outprops.put("user", " WebServiceMethodUser "); // outgoing encryption outprops.put("encryptionuser", "webserviceserver"); outprops.put("encryptionpropfile", "clientencrypt.properties"); outprops.put("encryptionkeyidentifier", "IssuerSerial"); outprops.put("encryptionparts", "{Element{ + "{Content{ // outgoing signature outprops.put("signatureuser", "webserviceclient"); outprops.put("signaturepropfile", "clientsign.properties"); outprops.put("signaturekeyidentifier", "DirectReference"); outprops.put("signatureparts", "{Element{ + "{Element{ ww.w3.org/2005/08/addressingreplyto;"); // set all outgoing interceptors bus.getoutinterceptors().add(new WSS4JOutInterceptor(outProps)); VIII. COPYRIGHT FORMS BCcampus uses open software products and accepts various licenses to use, distribute software and documentation from the Apache Software Foundation and Oracle Corporation. ACKNOWLEDGMENT The author thanks all BCcampus staff who helped assemble this document. REFERENCES [1] "Web Services Glossary". W3C. February 11, Retrieved [2] Bob Atkinson, et. al.: Web Services Security (WS-Security) [3] OASIS Web Services Security TC
5 [4] Web Services Security: SOAP Message Security Working Draft 13 [5] schemas.xmlsoap.org [6] 2013.
How to Implement Two-Way SSL Authentication in a Web Service
How to Implement Two-Way SSL Authentication in a Web Service 2011 Informatica Abstract You can configure two-way SSL authentication between a web service client and a web service provider. This article
More information17 March 2013 NIEM Web Services API Version 1.0 URI: http://reference.niem.gov/niem/specification/web-services-api/1.0/
17 March 2013 NIEM Web Serv vices API Version 1.0 URI: http://reference.niem.gov/niem/specification/web-services-api/1.0/ i Change History No. Date Reference: All, Page, Table, Figure, Paragraph A = Add.
More informationInstalling Digital Certificates for Server Authentication SSL on. BEA WebLogic 8.1
Installing Digital Certificates for Server Authentication SSL on BEA WebLogic 8.1 Installing Digital Certificates for Server Authentication SSL You use utilities provided with the BEA WebLogic server software
More informationSSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. http://www.javasystemsolutions.com. Version 4.0
SSO Plugin Case study: Integrating with Ping Federate J System Solutions Version 4.0 JSS SSO Plugin v4.0 Release notes Introduction... 3 Ping Federate Service Provider configuration... 4 Assertion Consumer
More informationEntrust Certificate Services. Java Code Signing. User Guide. Date of Issue: December 2014. Document issue: 2.0
Entrust Certificate Services Java Code Signing User Guide Date of Issue: December 2014 Document issue: 2.0 Copyright 2009-2014 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationIUCLID 5 Guidance and Support
IUCLID 5 Guidance and Support Web Service Installation Guide July 2012 v 2.4 July 2012 1/11 Table of Contents 1. Introduction 3 1.1. Important notes 3 1.2. Prerequisites 3 1.3. Installation files 4 2.
More informationConfiguring Secure Socket Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Systems That Use Oracle WebLogic 10.
Configuring Secure Socket Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Systems That Use Oracle WebLogic 10.3 Table of Contents Overview... 1 Configuring One-Way Secure Socket
More informationSSL Certificate Generation
SSL Certificate Generation Last updated: 2/09/2014 Table of contents 1 INTRODUCTION...3 2 PROCEDURES...4 2.1 Creation and Installation...4 2.2 Conversion of an existing certificate chain available in a
More informationKMIP installation Guide. DataSecure and KeySecure Version 6.1.2. 2012 SafeNet, Inc. 007-012120-001
KMIP installation Guide DataSecure and KeySecure Version 6.1.2 2012 SafeNet, Inc. 007-012120-001 Introduction This guide provides you with the information necessary to configure the KMIP server on the
More informationSafeNet KMIP and Google Cloud Storage Integration Guide
SafeNet KMIP and Google Cloud Storage Integration Guide Documentation Version: 20130719 Table of Contents CHAPTER 1 GOOGLE CLOUD STORAGE................................. 2 Introduction...............................................................
More informationExchange Reporter Plus SSL Configuration Guide
Exchange Reporter Plus SSL Configuration Guide Table of contents Necessity of a SSL guide 3 Exchange Reporter Plus Overview 3 Why is SSL certification needed? 3 Steps for enabling SSL 4 Certificate Request
More informationVersion 9. Generating SSL Certificates for Progeny Web
Version 9 Generating SSL Certificates for Progeny Web Generating SSL Certificates for Progeny Web Copyright Limit of Liability Trademarks Customer Support 2015. Progeny Genetics, LLC, All rights reserved.
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?
More informationHow to Implement Transport Layer Security in PowerCenter Web Services
How to Implement Transport Layer Security in PowerCenter Web Services 2008 Informatica Corporation Table of Contents Introduction... 2 Security in PowerCenter Web Services... 3 Step 1. Create the Keystore
More informationPowerCenter Real-Time Development
PowerCenter Real-Time Development Brian Bunn, Project Manager Serco Jay Moles, Sr. Informatica Designer Serco Tom Bennett, Sr. Consultant Informatica 1 Agenda Overview of PowerCenter Web Services Error
More informationSSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014]
SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014] Table of Contents 1. CONFIGURING SSL ON ORACLE WEBLOGIC... 1-1 1.1 INTRODUCTION... 1-1 1.2 SETTING UP
More informationConfiguring HTTPS support. Overview. Certificates
Configuring HTTPS support Overview Destiny provides the option to configure secure access when password information is transmitted between the client browser and the server. Destiny can switch from HTTP
More informationHTTPS Configuration for SAP Connector
HTTPS Configuration for SAP Connector 1993-2015 Informatica LLC. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without
More informationVMware vrealize Operations for Horizon Security
VMware vrealize Operations for Horizon Security vrealize Operations for Horizon 6.2 This document supports the version of each product listed and supports all subsequent versions until the document is
More informationhttp://technet.oracle.com/products/jdev/htdocs/partners/addins/exchange/job/content.html
About Harvinder Saluja is the Chief Java Architect and Founder of MindTelligent, Inc. He has over 16 years of industry experience and specializes in Java technology, the Java 2 Platform, Enterprise Edition
More informationSecurity Guide vcenter Operations Manager for Horizon View 1.5 TECHNICAL WHITE PAPER
Security Guide vcenter Operations Manager for Horizon View 1.5 TECHNICAL WHITE PAPER Contents Introduction... 2 Surface Area... 3 SSL Configuration... 5 Authentication... 6 Adapter... 6 Broker Agent...
More informationPowerChute TM Network Shutdown Security Features & Deployment
PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network
More informationCisco Prime Central Managing Certificates
Cisco Prime Central Managing Certificates Version 1.0.5 September, 2015 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
More informationCORISECIO. Quick Installation Guide Open XML Gateway
Quick Installation Guide Open XML Gateway Content 1 FIRST STEPS... 3 2 INSTALLATION... 3 3 ADMINCONSOLE... 4 3.1 Initial Login... 4 3.1.1 Derby Configuration... 5 3.1.2 Password Change... 6 3.2 Logout...
More informationConfiguring TLS Security for Cloudera Manager
Configuring TLS Security for Cloudera Manager Cloudera, Inc. 220 Portage Avenue Palo Alto, CA 94306 info@cloudera.com US: 1-888-789-1488 Intl: 1-650-362-0488 www.cloudera.com Notice 2010-2012 Cloudera,
More informationNUST School of Electrical Engineering and Computer Science KTH Applied Information Security Lab. Installation Manual
NUST School of Electrical Engineering and Computer Science KTH Applied Information Security Lab Installation Manual Symmetric Cryptographic Key Management Faiza Fakhar School of Electrical Engineering
More informationCA Nimsoft Unified Management Portal
CA Nimsoft Unified Management Portal HTTPS Implementation Guide 7.6 Document Revision History Document Version Date Changes 1.0 June 2014 Initial version for UMP 7.6. CA Nimsoft Monitor Copyright Notice
More informationCHAPTER 7 SSL CONFIGURATION AND TESTING
CHAPTER 7 SSL CONFIGURATION AND TESTING 7.1 Configuration and Testing of SSL Nowadays, it s very big challenge to handle the enterprise applications as they are much complex and it is a very sensitive
More informationChapter 1: How to Configure Certificate-Based Authentication
Chapter 1: How to Configure Certificate-Based Authentication Introduction Product: CA ControlMinder Release: All OS: All This scenario describes how a system or a CA ControlMinder administrator configures
More informationVMware vrealize Operations for Horizon Security
VMware vrealize Operations for Horizon Security vrealize Operations for Horizon 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is
More informationDirector and Certificate Authority Issuance
VMware vcloud Director and Certificate Authority Issuance Leveraging QuoVadis Certificate Authority with VMware vcloud Director TECHNICAL WHITE PAPER OCTOBER 2012 Table of Contents Introduction.... 3 Process
More informationCreating and Managing Certificates for My webmethods Server. Version 8.2 and Later
Creating and Managing Certificates for My webmethods Server Version 8.2 and Later November 2011 Contents Introduction...4 Scope... 4 Assumptions... 4 Terminology... 4 File Formats... 5 Truststore Formats...
More informationTo install and configure SSL support on Tomcat 6, you need to follow these simple steps. For more information, read the rest of this HOW-TO.
pagina 1 van 6 Apache Tomcat 6.0 Apache Tomcat 6.0 SSL Configuration HOW-TO Table of Contents Quick Start Introduction to SSL SSL and Tomcat Certificates General Tips on Running SSL Configuration 1. Prepare
More informationCreating an authorized SSL certificate
Creating an authorized SSL certificate for On-premises Enterprise MeetingSphere Server The On-premises Enterprise MeetingSphere Server requires an authorized SSL certificate. This document provides a step-by-step
More informationPUBLIC Connecting a Customer System to SAP HCI
SAP HANA Cloud Integration for process integration 2015-05-10 PUBLIC Connecting a Customer System to SAP HCI Content 1 Introduction....4 2 Overview of Connection Setup, Tasks, and Roles.... 5 3 Operating
More informationTABLE OF CONTENTS I. INTRODUCTION... 1
THESIS PAPER ABSTRACT The purpose of the thesis study is to understand Single Sign On authentication system, investigate the infrastructure of a Single Sign On based system and to implement it on a local
More informationContents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in
at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure
More informationIowa Immunization Registry Information System (IRIS) Web Services Data Exchange Setup. Version 1.1 Last Updated: April 14, 2014
Iowa Immunization Registry Information System (IRIS) Web Services Data Exchange Setup Version 1.1 Last Updated: April 14, 2014 Table of Contents SSL Certificate Creation... 3 Option 1: Complete the Provider
More informationEnterprise Content Management System Monitor 5.1 Security Considerations Revision 1.1. 2014-06-23 CENIT AG Brandner, Marc
Enterprise Content Management System Monitor 5.1 Security Considerations Revision 1.1 2014-06-23 CENIT AG Brandner, Marc INTRODUCTION... 3 SSL SECURITY... 4 ACCESS CONTROL... 9 SERVICE USERS...11 Introduction
More informationEnable SSL in Go2Group SOAP Server
Enable SSL in Go2Group SOAP Server To enable SSL in Go2Group SOAP service, there are 7 major points you have to follow: I. Install JDK 1.5 or above. (Step 1) II. Use keytool utility to generate RSA key
More informationUnified Access for Enterprise Users
Unified Access for Enterprise Users Informational webinar Chinmay Meghani Liferay Portal Specialist Fulcrum Worldwide, Inc. Mehria Askaryar Business Development Manager Fulcrum Worldwide, Inc. Agenda Introduction
More informationUser Management Interfaces for Earth Observation Services Abstract Test Suite
User Management Interfaces for Earth Observation Services Abstract Test Suite Primary Author Andrew Woolf, STFC Rutherford Appleton Laboratory Revision history Version Contributors Date Changes 0.1 Andrew
More informationPresented By: Muhammad Afzal 08May, 2009
Secure Web ServiceTransportation for HL7 V3.0 Messages Authors: Somia Razzaq, Maqbool Hussain, Muhammad Afzal, Hafiz Farooq Ahmad Presented By: Muhammad Afzal 08May, 2009 NUST School of Electrical Engineering
More informationSecure Communication Requirements
Secure Communication Requirements 1993-2016 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise)
More informationConfigure Managed File Transfer Endpoints
Configure Managed File Transfer Endpoints 1993-2016 Informatica LLC. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise)
More informationUsing the Adobe Access Server for Protected Streaming
Adobe Access April 2014 Version 4.0 Using the Adobe Access Server for Protected Streaming Copyright 2012-2014 Adobe Systems Incorporated. All rights reserved. This guide is protected under copyright law,
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationSSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service
Paper SAS1541-2015 SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service Heesun Park and Jerome Hughes, SAS Institute Inc., Cary, NC ABSTRACT
More informationJava Security Web Services Security (Overview) Lecture 9
Java Security Web Services Security (Overview) Lecture 9 Java 2 Cryptography Java provides API + SPI for crypto functions Java Cryptography Architecture Security related core classes Access control and
More informationOracle Enterprise Manager
Oracle Enterprise Manager Connectors Integration Guide Release 12.1.0.4 E25163-05 February 2015 Oracle Enterprise Manager Connectors Integration Guide, Release 12.1.0.4 E25163-05 Copyright 2015, Oracle
More informationCICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282
Web Service Security Anthony Papageorgiou IBM Development March 13, 2012 Session: 10282 Agenda Web Service Support Overview Security Basics and Terminology Pipeline Security Overview Identity Encryption
More informationSSL CONFIGURATION GUIDE
HYPERION RELEASE 9.3.1 SSL CONFIGURATION GUIDE CONTENTS IN BRIEF About This Document... 2 Assumptions... 2 Information Sources... 2 Identifying SSL Points for Hyperion Products... 4 Common Activities...
More informationBIRT Application and BIRT Report Deployment Functional Specification
Functional Specification Version 1: October 6, 2005 Abstract This document describes how the user will deploy a BIRT Application and BIRT reports to the Application Server. Document Revisions Version Date
More informationStep- by- Step guide to extend Credential Sync between IBM WebSphere Portal 8.5 credential vault and Active Directory 2012 using Security Directory
Step- by- Step guide to extend Credential Sync between IBM WebSphere Portal 8.5 credential vault and Active Directory 2012 using Security Directory Integrator (ex TDI) on Red- Hat (part 3) Summary STEP-
More informationEMC Clinical Archiving
EMC Clinical Archiving Version 1.7 Installation Guide EMC Corporation Corporate Headquarters Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Legal Notice Copyright 2014-2015 EMC Corporation. All Rights
More informationSecuring Web Services From Encryption to a Web Service Security Infrastructure
Securing Web Services From Encryption to a Web Service Security Infrastructure Kerberos WS-Security X.509 TLS Gateway OWSM WS-Policy Peter Lorenzen WS-Addressing Agent SAML Policy Manager Technology Manager
More informationSafeNet KMIP and Amazon S3 Integration Guide
SafeNet KMIP and Amazon S3 Integration Guide Documentation Version: 20130524 2013 SafeNet, Inc. All rights reserved Preface All intellectual property is protected by copyright. All trademarks and product
More informationSECUR IN MIRTH CONNECT. Best Practices and Vulnerabilities of Mirth Connect. Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions
SECUR Y IN MIRTH CONNECT Best Practices and Vulnerabilities of Mirth Connect Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions Date: May 15, 2015 galenhealthcare.com 2015. All rights
More informatione-filing Secure Web Service User Manual
e-filing Secure Web Service User Manual Page1 CONTENTS 1 BULK ITR... 6 2 BULK PAN VERIFICATION... 9 3 GET ITR-V BY TOKEN NUMBER... 13 4 GET ITR-V BY ACKNOWLEDGMENT NUMBER... 16 5 GET RETURN STATUS... 19
More informationDevelopers Integration Lab (DIL) Certificate Installation Instructions. Version 1.4
Developers Integration Lab (DIL) Certificate Installation Instructions Version 1.4 July 22, 2013 REVISION HISTORY REVISION DATE DESCRIPTION 0.1 17 September 2011 First Draft Release DIL Certificate Installation
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationSSO Plugin. HP Service Request Catalog. J System Solutions. http://www.javasystemsolutions.com Version 3.6
SSO Plugin HP Service Request Catalog J System Solutions Version 3.6 Page 2 of 7 Introduction... 3 Adobe Flash and NTLM... 3 Enabling the identity federation service... 4 Federation key... 4 Token lifetime...
More informationApplication Enablement Services. Web Services Programmer Guide Release 4.1 An Avaya MultiVantage Communications Application
Application Enablement Services Web Services Programmer Guide Release 4.1 An Avaya MultiVantage Communications Application 02-300362 Issue 4.0 December 2007 2007 Avaya Inc. All Rights Reserved Notice While
More informationSecuring Web Services Using Microsoft Web Services Enhancements 1.0. Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.
Securing Web Services Using Microsoft Web Services Enhancements 1.0 Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.com Agenda What is WSE and Its Relationship to GXA Standards
More informationUniversal Content Management Version 10gR3. Security Providers Component Administration Guide
Universal Content Management Version 10gR3 Security Providers Component Administration Guide Copyright 2008 Oracle. All rights reserved. The Programs (which include both the software and documentation)
More informationAngel Dichev RIG, SAP Labs
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine SSL
More informationJBoss SOAP Web Services User Guide. Version: 3.3.0.M5
JBoss SOAP Web Services User Guide Version: 3.3.0.M5 1. JBoss SOAP Web Services Runtime and Tools support Overview... 1 1.1. Key Features of JBossWS... 1 2. Creating a Simple Web Service... 3 2.1. Generation...
More informationProgramming on the Web(CSC309F) Tutorial: Servlets && Tomcat TA:Wael Aboelsaadat
Programming on the Web(CSC309F) Tutorial: Servlets && Tomcat TA:Wael Aboelsaadat Acknowledgments : This tutorial is based on a series of articles written by James Goodwill about Tomcat && Servlets. 1 Tomcat
More informationEnabling SSO between Cognos 8 and WebSphere Portal
Guideline Enabling SSO between Cognos 8 and WebSphere Portal Product(s): Cognos 8 Area of Interest: Security Enabling SSO between Cognos 8 and WebSphere Portal 2 Copyright Your use of this document is
More informationSSL Configuration on WebSphere Oracle FLEXCUBE Universal Banking Release 12.0.2.0.0 [September] [2013] Part No. E49740-01
SSL Configuration on WebSphere Oracle FLEXCUBE Universal Banking Release 12.0.2.0.0 [September] [2013] Part No. E49740-01 Table of Contents 1. CONFIGURING SSL ON WEBSPHERE... 1-1 1.1 INTRODUCTION... 1-1
More informationNEMSIS v3 Web Services Guide
NEMSIS TAC Whitepaper NEMSIS v3 Web Services Guide Date November 2, 2011 November 14, 2011 (FINAL) April 24, 2012 (Updated) May 09, 2012 (Updated) August 27, 2012 (updated) September 13, 2012 (updated)
More informationRHEV 2.2: REST API INSTALLATION
RHEV 2.2: REST API INSTALLATION BY JAMES RANKIN REVISED 02/14/11 RHEV 2.2: REST API INSTALLATION 1 TABLE OF CONTENTS OVERVIEW PAGE 3 JAVA AND ENVIRONMENT VARIABLES PAGE 3 JBOSS INSTALLATION PAGE 5 REST
More informationOracle ebs Adapter Installation and Configuration Guide
IBM Security Identity Manager Version 6.0 Oracle ebs Adapter Installation and Configuration Guide SC27-4403-03 IBM Security Identity Manager Version 6.0 Oracle ebs Adapter Installation and Configuration
More informationDISTRIBUTED CONTENT SSL CONFIGURATION AND TROUBLESHOOTING GUIDE
White Paper Abstract This white paper explains the configuration of Distributed Content (ACS, BOCS and DMS) in SSL mode and monitors the logs for content transfer operations. This guide describes the end-to-end
More information<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008
Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT
More informationSoftware Design Document Securing Web Service with Proxy
Software Design Document Securing Web Service with Proxy Federated Access Manager 8.0 Version 0.3 Please send comments to: dev@opensso.dev.java.net This document is subject to the following license: COMMON
More informationCiphermail Gateway Separate Front-end and Back-end Configuration Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Separate Front-end and Back-end Configuration Guide June 19, 2014, Rev: 8975 Copyright 2010-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction
More informationInstalling BIRT Analytics 4.4
Pre-requisites... 3 Configuring Microsoft Internet Information Services... 3 Installation... 5 Technical information... 13 PORTS (http / https)... 13 USERS... 13 Windows Services... 13 Linux Process...
More informationConfiguring IBM WebSphere Application Server 7 for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web
Configuring IBM WebSphere Application Server 7 for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web Applications Configuring IBM WebSphere 7 for SSL and Client-Certificate
More informationSecurity in Android apps
Security in Android apps Falco Peijnenburg (3749002) August 16, 2013 Abstract Apps can be released on the Google Play store through the Google Developer Console. The Google Play store only allows apps
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationEnabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal
Guideline Enabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal Product(s): IBM Cognos 8 BI Area of Interest: Security Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationREST and SOAP Services with Apache CXF
REST and SOAP Services with Apache CXF Andrei Shakirin, Talend ashakirin@talend.com ashakirin.blogspot.com/ Agenda Introduction in Apache CXF New CXF features Project using Apache CXF How CXF community
More informationCreating a Secure Web Service In Informatica Data Services
Creating a Secure Web Service In Informatica Data Services 2013 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationImproved Credential and SSL Configuration for EE 7
Improved Credential and SSL Configuration for EE 7 1. Introduction: SSL, trust stores, keystores and credential repositories are generally difficult areas to configure for Java EE environments. The configuration
More informationSecure Authentication and Session. State Management for Web Services
Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively
More informationDOCUMENTUM CONTENT SERVER CERTIFICATE BASED SSL CONFIGURATION WITH CLIENTS
DOCUMENTUM CONTENT SERVER CERTIFICATE BASED SSL CONFIGURATION WITH CLIENTS ABSTRACT This white paper is step-by-step guide for Content Server 7.2 and above versions installation with certificate based
More informationIn this chapter, we lay the foundation for all our further discussions. We start
01 Struts.qxd 7/30/02 10:23 PM Page 1 CHAPTER 1 Introducing the Jakarta Struts Project and Its Supporting Components In this chapter, we lay the foundation for all our further discussions. We start by
More informationPHP Integration Kit. Version 2.5.1. User Guide
PHP Integration Kit Version 2.5.1 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate PHP Integration Kit User Guide Version 2.5.1 December, 2012 Ping Identity Corporation 1001
More informationOverview of Web Services API
1 CHAPTER The Cisco IP Interoperability and Collaboration System (IPICS) 4.5(x) application programming interface (API) provides a web services-based API that enables the management and control of various
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationSecure Web Access Solution
Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...
More informationSAML v1.1 for.net Developer Guide
SAML v1.1 for.net Developer Guide Copyright ComponentSpace Pty Ltd 2004-2016. All rights reserved. www.componentspace.com Contents 1 Introduction... 1 1.1 Features... 1 1.2 Benefits... 1 1.3 Prerequisites...
More informationOracle Identity Manager
Oracle Identity Manager Password Synchronization Module for Microsoft Active Directory Installation and Configuration Guide Release 9.0.4 E10179-01 May 2007 Oracle Identity Manager Password Synchronization
More informationCS255 Programming Project 2
CS255 Programming Project 2 Programming Project 2 Due: Wednesday March 14 th (11:59pm) Can use extension days Can work in pairs One solution per pair Test and submit on Leland machines Overview Implement
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationT-Check in Technologies for Interoperability: Web Services and Security Single Sign-On
T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On Lutz Wrage Soumya Simanta Grace A. Lewis Saul Jaspan December 2007 TECHNICAL NOTE CMU/SEI-2008-TN-026 Integration
More informationPublic Key Infrastructure for a Higher Education Environment
Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware
More informationTIBCO iprocess Web Services Server Plug-in Installation. Software Release 11.3.0 October 2011
TIBCO iprocess Web Services Server Plug-in Installation Software Release 11.3.0 October 2011 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED
More information