Documente Academic
Documente Profesional
Documente Cultură
and 849?
This document is a setup steps for IB outbound WSS message on 848 and 849 ONLY.
Notes: Digital signatures apply to the SOAP message header and SOAP message body.
Encryption only applies to the SOAP header .
Username token can be used in conjunction with Digitally Signed and/or Encryption [X.509
Token].
Username Token:
We support clear text password in the Username Token only.
If there is a concern on the password, one can use https or WebService Security’s encryption as
defined below.
Prerequisite:
The Integration Broker Gateway must be setup.
WSS's uses interop.jks by default. However, you can also use the java keystore pskey.
Whichever one you choose to use, the wss.properties file must point to the utilized keystore. The
password defined in the wss.properties file must be the same one used in the keystore and must
be encrypted using the pscipher utility. If you are using interop.jks, the default password is:
interop; if using pskey, the default password is: password.
keytool -genkey -alias QE_LOCAL -keyalg RSA -keysize 1024 -dname "CN=QE_LOCAL,
OU=PeopleTools, O=Oracle, L=Pleasanton, ST=California, C=US" -keypass interop -keystore
interop.jks -storepass interop
c. Generate CSR for this public key and then signed by the CA.
d. Downloaded the signed public key cert and root ca.
e. Import the Root CA and then import the public key cert.
This process will ensure the SOAP message will be signed. It is signing the entire SOAP
message – the header and the body.
keytool -import -alias QE_IBTGT -file qe_ibtgt.cer -keypass interop -keystore interop.jks -
storepass interop
[note : cert file name does not need to match with the alias name].
The following example shows a WS-Security SOAP header that contains a UsernameToken in
cipher text and that is digitally signed. This is the most secure configuration for WS-Security in
PeopleSoft Integration Broker.
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.
oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0
.xsd">
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/
xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=PeopleTools TEST root CA,
DC=peoplesoft,DC=com,OU=PeopleTools Development,
O=PeopleSoft Inc,L=Pleasanton,ST=CA,C=US</ds:
X509IssuerName>
<ds:X509SerialNumber>174697022083003580418117</ds:
X509SerialNumber>
Troubleshooting:
1. Username Token is not in the header of the SOAP message.
a. Make sure the remote node that is associated with the Service Operation has WS-
Security enabled.
b. The remote node must be using the HTTPTARGET Connector as WSS is only
implemented with this target connector.