Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Defining inbound SOAP messages for WS-Security profile data instances

Updated on June 30, 2021

Create a WS-Security profile to securely exchange messages between your application and a web service. Use the In Flow tab to configure WS-Security on inbound SOAP messages.

Note: The order of the configuration type is important. For example, if your outbound message is first signed and then encrypted, the inbound message must first decrypt the message and then check the signature.
  1. On the In Flow tab, click the Add new configuration icon.
  2. In the Configuration type list, select one of the following inbound SOAP message types.
    • Decryption – Enables the decryption configuration on the inbound SOAP message.
      1. In the Encryption key identifier list, select the encryption key to use in the SOAP message.
      2. Click Change decryption password and then enter the new password to change the private key password.
      3. To use symmetric key encryption, where the user and the service have a shared binary key, in the Embedded key field, enter the Base64 value of a binary shared key.
      4. In the Embedded key name field, enter the name of the shared embedded key.
      5. In the Encryption sym algorithm list, select the algorithm to encrypt the symmetric key.
      6. In the Key transport algorithm list, select the algorithm used for encrypting and decrypting the encryption key.
    • Signature – Enables the signature configuration type on an inbound SOAP message.
      1. In the Signature algorithm list, select the digital signature algorithm to use for encryption.
      2. In the Digest algorithm list, select a hash code that verifies that the signature came from the claimed source.
      3. In the Signature key identifier list, select the key identifier type to use to identify the signature token.
    • Timestamp – Enables the time stamp configuration type on an inbound SOAP message.
    • Username – Enables the user name configuration type on an inbound SOAP message.
      1. In the User name field, enter a user name for authentication.
      2. Click Change password to change or add a password associated with the specified user name.
      3. In the Password type list, select the type of the password to use with the connection.
        • Text – The password is sent as plain text in the SOAP message.
        • Digest – The password is sent as a Base64-encoded SHA1 hash of the original value.
      4. To change the SOAP message to a randomly generated Based64 string, select the Add nonce value check box.
      5. To indicate the creation time of the message by including a time stamp in the SOAP message, select the Add created timestamp check box.
    • SAML – Enables the SAML configuration type on an inbound SOAP message.
      1. In the SAML version list, select the SAML version to use in the SOAP message.
      2. In the Clock skew field, enter the time difference (in seconds) between two different servers that are out of sync.
  3. Repeat steps 1 and 2 to add more configurations.
  4. Click Save.
  • Previous topic Defining keystores for WS-Security profile data instances
  • Next topic Defining outbound SOAP messages for WS-Security profile data instances

Related articles

Web Service Security profileCreating a WS-Security profile data instance

Tags

Pega Platform 8.6 Security

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us