Skip to main content
Feedback

SOAP WS-Security Policy

Description

important

This policy is not supported in Boomi Cloud API Management - Local Edition.

Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to web services. It is a member of the Web service specifications and was published by OASIS.

The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as Security Assertion Markup Language (SAML), Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security.

This policy enforces WS-Security policies that can be configured with options for Encryption, Signature and Timestamp.

If Encryption is configured, the incoming request is encrypted before proxying the call to the backend API and the backend response is decrypted before sending it to the client.

If Signature is configured, the incoming request creates the appropriate SOAP header with the signature components, and the signature is verified on the outgoing response.

If Timestamp is configured, the incoming request creates the appropriate SOAP header with the timestamp component.

On this Page