Securing Web Services Securing Web Services with SOAP Tools in InterSystems IRIS Relevant to SOAP Security A Brief Look at the WS-Security Header SOAP Security Standards Setup and Other Common Activities Performing Setup Tasks Retrieving Credential Sets Programmatically Specifying the SSL/TLS Configuration for the Client to Use Creating and Using Policies Overview Creating and Attaching Policies Editing the Generated Policy Security Policy Descriptions Policy Option Reference Adding a Certificate at Runtime Specifying a Policy at Runtime Suppressing Compilation Errors for Unsupported Policies WS-Policy Configuration Class Details Configuration Class Basics Adding InterSystems Extension Attributes Details for the Configuration XData Block Example Custom Configurations Adding Security Elements Manually Adding Security Header Elements Order of Header Elements Adding Timestamps and Username Tokens Overview Adding a Timestamp Adding a Username Token Timestamp and Username Token Example Encrypting the SOAP Body Overview of Encryption Encrypting the SOAP Body Message Encryption Examples Specifying the Block Encryption Algorithm Specifying the Key Transport Algorithm Encrypting Security Header Elements Encrypting Security Header Elements Basic Examples Adding Digital Signatures Overview of Digital Signatures Adding a Digital Signature Other Ways to Use the Certificate with the Signature Applying a Digital Signature to Specific Message Parts Specifying the Digest Method Specifying the Signature Method Specifying the Canonicalization Method for <KeyInfo> Adding Signature Confirmation Using Derived Key Tokens for Encryption and Signing Overview Creating and Adding a <DerivedKeyToken> Using a <DerivedKeyToken> for Encryption Using a <DerivedKeyToken> for Signing Combining Encryption and Signing Signing and Then Encrypting with Asymmetric Keys Encrypting and Then Signing with Asymmetric Keys Signing and Then Encrypting with Symmetric Keys Encrypting and Then Signing with Symmetric Keys Order of Security Header Elements Validating and Decrypting Inbound Messages Overview Validating WS-Security Headers Accessing a SAML Assertion in the WS-Security Header Instance Authentication and WS-Security Retrieving a Security Header Element Checking the Signature Confirmation Creating Secure Conversations Overview Starting a Secure Conversation Enabling an InterSystems IRIS Web Service to Support WS-SecureConversation Using the <SecurityContextToken> Ending a Secure Conversation Using WS-ReliableMessaging Sending a Sequence of Messages from the Web Client Signing the WS-ReliableMessaging Headers Modifying a Web Service to Support WS-ReliableMessaging Controlling How the Web Service Handles Reliable Messaging Creating and Adding SAML Tokens Overview Basic Steps Adding SAML Statements Adding a <Subject> Element Adding a <SubjectConfirmation> Element Adding a <Conditions> Element Adding <Advice> Elements Troubleshooting Security Problems Information Needed for Troubleshooting Possible Errors Items to Check in the Event of Security Errors Details of the Security Elements <BinarySecurityToken> <EncryptedKey> <EncryptedData> <Signature> <DerivedKeyToken> <ReferenceList>