Troubleshooting: Install HFix-3577 and HFix-4069 for WS-Trust support for SOAP messages
Summary
You discover that your business objectives require you to configure PRPC applications to invoke a Web service that uses the OASIS WS-Trust specification to provide message-level security. The outgoing SOAP message must contain a SAML2 token that must be acquired from a WS-Trust call to a Secure Token Service (STS).
WS-Trust is a published OASIS standard for securing Web services within an enterprise. It defines a model for using a third-party Security Token Service (STS) to verify the identity of the sender of a SOAP message to a Web service provider. PegaRULES Process Commander V6.1 SP2 does not support WS-Trust, although it does provide support for related OASIS standards for Web service security.
HFix-3577 and HFix-4069 give you the capability to make WS-Trust calls in SOAP Connectors. HFix-3577 upgrades the Apache Axis2 and Rampart JAR files to a version that supports the WS-Trust security model. HFix-4069 updates the InvokeAxis2 activity with a change needed to make a call to the WS-Trust STS.
Details
HFix-3577 provides the following:
- Sample rules in the class SampleSTSClass
- A sample WS-Trust Connector, pySampleWSTrustConnector, which you will change to point to the end Service (not the STS Service) that you are connecting to
- A sample activity, pySampleSTSClient, which makes a call to an STS Service, gets the LTPA token back, and calls the SOAP Connector
- Release Notes for HFix-3577
- Installation Instructions for HFix-3577
HFix-4069 adds a single line to the activity InvokeAxis2 that is required for HFix-3577, namely:requestorPage.putObject("pyAxis2ServiceClient", svcClient);
Suggested Approach
- Contact Pegasystems Global Customer Support (GCS) and ask for HFix-3577 and HFix-4069.
- For HFix-3577, be sure that GCS sends you the file HFix-3577-full.zip.
- Install HFix-3577, printing the enclosed documents and following this reading sequence:
- WS-Trust Release Notes
- Updated Installation Documentation
- After you have installed and verified HFix-3577, install HFix-4069.
You must contact GCS to obtain HFix-3577 and HFix-4069 because the nature of these patches prevents them from being installed with the Update Manager utility. Therefore, they are not available on the Hotfix Self-Service site.
Reference
OASIS Standard, WS-Trust 1.4 Specification