Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Understanding WS-Trust in Pega Platform

Updated on April 6, 2022

Pega Platform provides WS-Trust support. WS-Trust extends the WS-Security specification to allow issuing, renewing, and validating security tokens. WS-Trust utilizes a Secure Token Service (STS) to acquire secure tokens used to communicate with external systems that provide data to your application via web services.

External systems that provide data to your application are called resource providers.

Pega Platform supports WS-Trust versions 1.0 and 1.3, and WS-Policy version 1.2.

The following section provides some background on how your Pega Platform application uses web service technologies to implement trusted web service data messaging.

STS model

The implementation begins with a trusted relationship between your application and an STS for the procurement of tokens. This connection is handled by the STS SOAP connector that you create after you define your web service (WS) policies in Pega Platform.

A Pega Platform activity runs two Connect-SOAP connectors when the application needs data from the Resource Provider:

  • The STS Connector sends a Request Security Token message.
  • The application caches the token and invokes the Resource Provider Connector for secure messaging.
Secure Token Service model
Pega Platform uses SOAP connectors to request data from the resource provider
  • Secure Token Service (STS) Model: The STS issues and validates security tokens. Your application sends the token to the resource provider, which might request validation from the STS.
  • Token Caching: Pega Platform caches the token it receives from the STS connector call. Pega Platform makes a subsequent call to the STS only if the token has expired. Typically, the token persists for the duration of the application user's login, but you can set token expiration parameters.

WS policies

The Pega Platform WS-Trust implementation relies on two SOAP-based standard web service policy files:

  • STS web service policy: XML file, which defines interaction with the STS
  • Resource provider web service policy: XML file, which defines interaction with the resource provider's web service

Define these files in Pega Platform before you create your connectors.


Before you configure WS-Trust in your application, make sure that you have the following items:

  • The WSDL file(s) for your web services
  • The web service policy XML files (typically embedded in the WSDL
  • The URL of the address of the EndpointReference
  • Desired namespaces as specified in your WSDL

To set up your application to acquire and use a security token for secure SOAP messaging, create two Connect-SOAP connectors and reference them in an activity called by an Integrator in your flow.

  • Previous topic Defining inbound SOAP messages for WS-Security profile data instances
  • Next topic Configuring WS-Trust in Pega Platform

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us