How to Implement Two-Way SSL Authentication in a Web Service



Similar documents
How to Implement Transport Layer Security in PowerCenter Web Services

SSL Certificate Generation

Chapter 1: How to Configure Certificate-Based Authentication

Installing Digital Certificates for Server Authentication SSL on. BEA WebLogic 8.1

Configure Managed File Transfer Endpoints

KMIP installation Guide. DataSecure and KeySecure Version SafeNet, Inc

Exchange Reporter Plus SSL Configuration Guide

WebService Security. A guide to set up highly secured client-server communications using WS-Security extensions to the SOAP protocol

Configuring SSL in OBIEE 11g

Using LDAP Authentication in a PowerCenter Domain

Creating and Managing Certificates for My webmethods Server. Version 8.2 and Later

Director and Certificate Authority Issuance

RHEV 2.2: REST API INSTALLATION

HTTPS Configuration for SAP Connector

SafeNet KMIP and Google Cloud Storage Integration Guide

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

Service Manager 9.32: Generating SSL Profiles for an F5 HWLB

Secure Communication Requirements

SSL/TLS Configuration for Tomcat Oracle FLEXCUBE Universal Banking Release [September] [2013] Part No. E

Version 9. Generating SSL Certificates for Progeny Web

Enterprise Content Management System Monitor 5.1 Security Considerations Revision CENIT AG Brandner, Marc

Configuring TLS Security for Cloudera Manager

SSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. Version 4.0

Configuring the JBoss Application Server for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web

Security Guide vcenter Operations Manager for Horizon View 1.5 TECHNICAL WHITE PAPER

Customizing SSL in CA WCC r11.3 This document contains guidelines for customizing SSL access to CA Workload Control Center (CA WCC) r11.3.


17 March 2013 NIEM Web Services API Version 1.0 URI:

Configuring Secure Socket Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Systems That Use Oracle WebLogic 10.

Configuring Secure Socket Layer (SSL) for use with BPM 7.5.x

VMware vrealize Operations for Horizon Security

Entrust Certificate Services. Java Code Signing. User Guide. Date of Issue: December Document issue: 2.0

CHAPTER 7 SSL CONFIGURATION AND TESTING

Oracle Fusion Applications Splitting Topology from Single to Multiple Host Servers

Oracle ebs Adapter Installation and Configuration Guide

Kerberos authentication between multiple domains may fail on LiveCycle Rights Management ES 8.2.1

This document uses the following conventions for items that may need to be modified:

VMware vrealize Operations for Horizon Security

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

Wildcard Certificates

Universal Content Management Version 10gR3. Security Providers Component Administration Guide

Usage of Evaluate Client Certificate with SSL support in Mediator and CentraSite

Microsoft Administering the Web Server (IIS) Role of Windows Server

Cisco Prime Central Managing Certificates

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Creating a Secure Web Service In Informatica Data Services

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Step- by- Step guide to extend Credential Sync between IBM WebSphere Portal 8.5 credential vault and Active Directory 2012 using Security Directory

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Installation Procedure SSL Certificates in IIS 7

CA Nimsoft Unified Management Portal

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

Enable SSL in Go2Group SOAP Server

SAML v1.1 for.net Developer Guide

Installing Apache as an HTTP Proxy to the local port of the Secure Agent s Process Server

H3C SSL VPN RADIUS Authentication Configuration Example

Iowa Immunization Registry Information System (IRIS) Web Services Data Exchange Setup. Version 1.1 Last Updated: April 14, 2014

DOCUMENTUM CONTENT SERVER CERTIFICATE BASED SSL CONFIGURATION WITH CLIENTS

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Oracle Identity Manager

Smart Policy - Web Collector. Version 1.1

Steps to import MCS SSL certificates on a Sametime Server. Securing LDAP connections to and from Sametime server using SSL

Microsoft Exchange 2010 and 2007

How do I load balance FTP on NetScaler?

Using etoken for Securing s Using Outlook and Outlook Express

Installation valid SSL certificate

Windows Live Mail Setup Guide

C-Series How to configure SSL

Configuring an Oracle Business Intelligence Enterprise Edition Resource in Metadata Manager

SafeNet KMIP and Amazon S3 Integration Guide

Accessing PostgreSQL through JDBC via a Java SSL tunnel

Configuring HTTPS support. Overview. Certificates

Setting Up SSL on IIS6 for MEGA Advisor

IBM Unica emessage Version 8 Release 6 February 13, Startup and Administrator's Guide

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Oracle Enterprise Manager Installation and Configuration Guide for IBM Tivoli Enterprise Console Connector Release

Clearswift Information Governance

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Enabling SSO between Cognos 8 and WebSphere Portal

Oracle Web Service Manager 11g Field level Encryption (in SOA, WLS) March, 2012

Two Factor Authentication in SonicOS

Configuring IBM WebSphere Application Server 7 for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web

Blending FreeIPA in a Certificate Infrastructure

Working with Portecle to update / create a Java Keystore.

Secret Server Installation Windows Server 2012

IUCLID 5 Guidance and Support

MultiSite Manager. Setup Guide

Copyright 2013 EMC Corporation. All Rights Reserved.

Introduction to Mobile Access Gateway Installation

USING SSL/TLS WITH TERMINAL EMULATION

Developers Integration Lab (DIL) Certificate Installation Instructions. Version 1.4

Application Note AN1502

Install an SSL Certificate onto SilverStream. Sender Recipient Attached FIles Pages Date. Development Internal/External None 5 6/16/08

NetApp SANtricity Web Service for E-Series Proxy 1.0

Administering the Web Server (IIS) Role of Windows Server

Enabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal

HP Device Manager 4.7

Transcription:

How to Implement Two-Way SSL Authentication in a Web Service 2011 Informatica

Abstract You can configure two-way SSL authentication between a web service client and a web service provider. This article explains how to configure the SSL authentication with an Informatica Data Services web service and a soapui web service client. Supported Versions Informatica Data Services 9.1.0 Table of Contents Overview.... 2 HTTPS Public Key Infastructure Components.... 3 Security in Informatica Data Services Web Services.... 3 Configuration Tasks.... 3 Step 1. Create Web Service Provider Keystore File.... 4 Step 2. Create a Keystore File for the Client Certificate.... 4 Step 3. Import the Certificates in the Trust Store.... 4 Step 4. Configure the Data Integration Service for Two-Way Authentication.... 5 Step 5. Create a Web Service Client with SoapUI.... 5 Overview When a web service provider or web service client sends data over the network, the data is subject to security risks. To reduce the risks, the web service provider or client must resolve the following security issues: Authentication. Verify the identity of the user transmitting data and the origin of the data. Confidentiality. Prevent third parties from deciphering intercepted data. Data Integrity. Ensure that data is not lost, modified, or destroyed during transmission. To ensure confidentiality and data integrity, you can configure security at the message transport level. Configure a secure connection for the SOAP messages transmitted between the web service provider and the web service client. Use HTTPS to ensure the integrity and confidentiality of SOAP messages and provide point-to-point security. This article describes the following processes: Create a keystore with the keytool utility. Generate a self-signed certificate for a secure Data Integration Service. Generate a web service client certificate using the keytool utility. Import client and server certificates to a trust store. Configure the Data Integration Service for two-way SSL authentication. Use the soapui tool to consume a web service. 2

HTTPS Public Key Infastructure Components An HTTPS connection uses a public key infrastructure (PKI) to ensure security for message transfer between the web service provider and the web service client. Typically, PKI includes the following components: Authentication certificate. A digital certificate that a certificate authority (CA) provides to verify and authenticate parties in internet communications. A certificate authority is a trusted, independent third party that issues digital certificates. A keystore contains digital certificates from a CA. A digital certificate can also be a signed certificate that the web service provider generates. Trust store. A file that contains authentication certificates that a client uses to authenticate messages from the web service provider. Client store. A file that contains authentication certificates that a web service provider uses to authenticate messages from the web service client. Security in Informatica Data Services Web Services To ensure transport layer security for web services in Informatica Data Services, the web service client authenticates the web service provider and vise versa. In two-way SSL authentication, the SSL client application verifies the identity of the SSL server application, and the SSL server application verifies the identity of the SSL client application. Two-way SSL authentication is also referred to as client authentication because the SSL client application presents a certificate to the SSL server after the SSL server authenticates itself to the SSL client. The following figure shows the certificate configuration for two-way SSL authentication between applications: Configuration Tasks Before you can create the example described in this article, you must install Informatica Data Services and deploy a web service to a Data Integration Service. To complete the examples in this article, perform the following steps: 1. Create a keystore file for the web service provider certificate using the keytool utility. 2. Create a keystore file for web service client certificate using keytool utility. 3. Import the certificates in the trust store using the keytool utility. 4. Configure the Data Integration Service for two-way authentication. 5. Use soapui to create a web service client. 6. Run the web service client over a secure connection. 3

Step 1. Create Web Service Provider Keystore File Use the keytool utility to generate a keystore containing a signed digital certificate to use with a secure web service. Keytool is a key and certificate management utility that you can use to generate and administer private and public key pairs and associated certificates for use with the SSL security protocol. By default, keytool stores the keys and certificates in a file called a keystore. The file is secured with a password. For information about using the keytool utility to generate a keystore, see the following website: http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html 1. Open a command prompt and navigate to the following directory: %JAVA_HOME%/jre/bin 2. Run the following command to generate the key: keytool -genkey -alias <KeystoreAliasforserver> -dname "CN=<CommonName>, OU=<OrganizationUnit>, O=<OrganizationName>, L=<Locality>, S=<State>, C=<Country>" -keyalg RSA -keypass <KeystorePassword> - storepass <StorePassword> -keystore server.keystore 3. To export the key to the server.cert security certificate file, run the following command: keytool -export -alias <KeystoreAliasforserver> -storepass <StorePassword> -file server.cert -keystore server.keystore If the command is successful, the command prompt displays the following message: Certificate stored in file server.cert. Step 2. Create a Keystore File for the Client Certificate Use the keytool utility to generate a keystore containing a signed digital certificate for a web service client. 1. From the command prompt, run the following command to generate the key: keytool -genkey -alias <KeystoreAliasforclient> -dname "CN=<CommonName>, OU=<OrganizationUnit>, O=<OrganizationName>, L=<Locality>, S=<State>, C=<Country>" -keyalg RSA -keypass <KeystorePassword> - storepass <StorePassword> -keystore client.keystore You can use the client host name as the keystore alias and the DN common name. Use the values appropriate for your organization for the other DN elements. 2. Run the following command to generate client certificate in PKCS12 format: keytool -genkey -alias <KeystoreAliasforclient> -dname "CN=<CommonName>, OU=<OrganizationUnit>, O=<OrganizationName>, L=<Locality>, S=<State>, C=<Country>" -keyalg RSA -storetype PKCS12 -keypass <KeystorePassword> -storepass <StorePassword> -keystore client.p12 3. Run the following command to export the key to a security certificate file named client.cert: keytool -export -alias <KeystoreAliasforclient> -storepass <StorePassword> -file client.cert -keystore client.p12 -storetype PKCS12 If the command is successful, the command prompt displays the following message: Certificate stored in file client.p12 Step 3. Import the Certificates in the Trust Store Import the client and server certificates in the trust store with the keytool utility. 1. Run the following command to import the contents of the server.cert file to the client trust store file: keytool -import -alias <KeystoreAliasforserver> -keystore client.keystore -file server.cert The keystore utility prompts you to enter a keystore password. The keystore password is the value of the keypass parameter from Step 1. 4

2. Run the following command to import the contents of the client.cert file to server trust store file: keytool -import -alias <KeystoreAliasforclient> -keystore server.keystore -file client.cert The keystore utility prompts you to enter a keystore password. The keystore password is the value of the keypass parameter from Step 2. Step 4. Configure the Data Integration Service for Two-Way Authentication Configure two-way authentication in the Administrator tool. Edit the security options for the Data Integration Service. 1. Open the Administrator tool. 2. Select the Data Integration Service in the Domain Navigator. 3. Click the Processes tab. 4. In the Service Process Properties, edit the Data Integration Security Options. 5. Enter a HTTPS Port number and click OK. 6. Click HTTP Configuration Options and enter the following fields: Field Keystore file Keystore password Trust store file Trust store password Description Path to the server.keystore file. Keypass for the server.keystore file. Path to the server.keystore file. Keypass for the server.keystore file. 7. Click OK. Step 5. Create a Web Service Client with SoapUI Create a web service client using the soapui tool. SoapUI is an open source web service testing tool that you can use as the web service client. Before you can import a WSDL to a soapui project, you must configure the SSL settings. 1. Open the soapui client and click File > SSL Setting. 2. Browse for the location of the client keystore file. 5

3. Enter the keystore password. After you configure the SSL settings, you can import the WSDL to the project and run the web service. Author Sumeet K. Agrawal Senior QA Engineer 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information