TIBCO BusinessWorks 5.

3:
Understanding Web Services Security
This document will cover the creation of a very simple Web Service using the
Web Services Wizard and utilizing the Service Palette; immediately following the
creation of the Service, we will configure the Service to support Web Services
Security for Identification, Integrity, and Confidentiality, using two of the Web
Services Security Profiles: the UserName Profile and the X.509 Profile.
It is assumed that the reader has some familiarity with the BusinessWorks
product and has access to both BusinessWorks 5.3(+) and the TIBCO Enterprise
Message Service product.

DRAFT
http://www.tibco.com
Global Headquarters
3303 Hillview Avenue
Palo Alto, CA 94304
Tel: +1 650-846-1000
Toll Free: 1 800-420-8450
Fax: +1 650-846-1005
2009, TIBCO Software Inc. All rights
reserved. TIBCO, the TIBCO logo, The
Power of Now, and TIBCO Software are
trademarks or registered trademarks of
TIBCO Software Inc. in the United States
and/or other countries. All other product and
company names and marks mentioned in
this document are the property of their
respective owners and are mentioned for
identification purposes only.

Version 0.9
August 2006
Carlo Milono
Director of Engineering Program Management

Document

Table of Contents
1 Overview of Web Services Security .................................................................... 4
1.1
1.2
1.3

Identification/Authentication ........................................................................... 4
Integrity/Digital Signatures ............................................................................. 4
Confidentiality/Cryptography .......................................................................... 4

2 Getting Started.......................................................................................................... 4
2.1
2.2
2.3
2.4
2.5

X.509 Certificat es from TIB CO Enterprise Message S ervice ............................ 4

Java Keystore Tool - Recommended .............................................................. 4
TIBCO Runtime Agent ................................................................................... 4
TIBCO Administrat or ..................................................................................... 4
Optional: Tools to view the WSS SOAP Payload ............................................. 4

3 Building a Simple Web Service in BusinessWorks 5.3 .................................. 4

3.1
3.2
3.3
3.4
3.5
3.6
3.7

Setup Folders ............................................................................................... 5

Building a Schema ........................................................................................ 5
Building a Process for a Service ..................................................................... 6
Adding Communications ................................................................................ 8
Using the Wizard........................................................................................... 9
Building the Companion Web Services Client ................................................ 12
Testing the Web Service .............................................................................. 15

4 Assemble Security Tokens.................................................................................. 15

4.1
4.2

Identity Objects ........................................................................................... 16

Trusted Certificate Folders ........................................................................... 17

5 Using the Policy Palette UserName Token .................................................. 18

5.1
5.1.1
5.1.2
5.2
5.2.1
5.2.2

Utilizing the UserName Token to create an Identification Policy ...................... 18

Configure the Inbound Security Policy .......................................................... 18
Configure the Outbound Sec urity Policy........................................................ 18
Policy Association with Services ................................................................... 19
Configure the Inbound Security Policy Association ........................................ 19
Configure the Outbound Sec urity Policy Association...................................... 19

6 First Test UserName Identification ................................................................ 20

6.1
6.1.1
6.1.2
6.1.3
6.1.4

Test............................................................................................................ 21
Request Contents UserName Token.......................................................... 22
Troubleshooting Bad ID or Password ......................................................... 23
Troubleshooting Administrator is unavailable.............................................. 24
Troubleshooting Mismatched Configurations .............................................. 24

7 Change Project from UserName to X.509 for Identification ....................... 25

8 Second Test X.509 Identification .................................................................... 26
8.1
8.2
8.3
8.4

Request Contents BinarySecurity Token ..................................................... 26

Troubleshooting Bad X.509 Private Key Password ..................................... 27
Troubleshooting Missing Trusted CA Cert in Trusted Certificat es Folder ...... 27
Troubleshooting Mismatched Token Types ................................................ 28

9 Adding Integrity and Confidentiality ................................................................. 28

TIBCO BusinessWorks: Understanding Web Services Security