X hits on this document

374 views

0 shares

7 downloads

0 comments

6 / 19

WCF WS http bindings WCF Client

3. Set up SecureConv if needed (Kerberos->SCT)

DataPower Device

Web Service In DMZ

  • 4.

    Request secured by #2 or #3

  • 6.

    Response secured by #2 or #3

wsp-sp-1-2-ws2007HttpBinding WS-SecurityPolicy Enabled

WS-Proxy wsp-sp-1-1-wsHttpBinding

5.Req/Resp msg

1. Authentication

Cancel the SecureConv when all requests are done

2. Kerberos Token

decrypt

AAA WS-Security

signEnabled Actions verify

encrypt

Windows Server®

6

DataPower WCF integration

© 2010 IBM Corporation

In this diagram, the Windows server acts as the KDC and the server principal name of the DP box should be created in that KDC and the keytab should be copied on to DataPower, so that DataPower can decrypt/verify the Kerberos tokens sent by the client. The secure conversation mentioned in step 3 is optional and can be enabled/disabled at the WCF client’s configuration. (set EstablishSecurityContext = false in the client’s app.config to disable secure conversation)

380DataPowerWCFIntegration.ppt

Page 6 of 19

Document info
Document views374
Page views519
Page last viewedSat Jan 21 22:00:28 UTC 2017
Pages19
Paragraphs430
Words3061

Comments