Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Identity Resolution 10.5 HotFix 2
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction
  3. Servers
  4. Console Client
  5. Search Clients
  6. Table Loader
  7. Update Synchronizer
  8. Globalization
  9. Siebel Connector
  10. Web Services
  11. ASM Workbench
  12. System Backup and Restore
  13. Batch Utilities

Operations Guide

Operations Guide

Back Next

Web Services Security

Web Services Security

Identity Resolution Web Services supports the Web Services Security: SOAP Message Security 1.1 (WS-Security 2004) OASIS Standard Specification dated 1 February 2006.

Web Server Authentication

You can use a private key or a user name token to authenticate a connection between a client and a web server.

Private Key

To deploy this method, start the servers by running the following script:
  • On UNIX.
    $SSABIN/idsup
  • On Windows.
    %SSABIN%\idsup.bat
You can use the following options with the script:
-qa1.0
Specifies to use WS-Addressing 1.0.
-qs1.1
Specifies to use WS-Security 1.1.
-qsrFile3
Specifies a PEM file that contains an X509 root certificate.

User Name Token

To deploy this method, start the servers by running the following script:
  • On Unix.
    $SSABIN/idsup
  • On Windows.
    %SSABIN%\idsup.bat
You can use the following options with the script:
-qa1.0
Specifies to use WS-Addressing 1.0.
-qs1.1
Specifies to use WS-Security 1.1.
-qsu<username>
Specifies that the server requires a user name token. Enter the user name and password in the Identity Resolution dictionary.
Use the
iirdict
 utility to add a user name to the dictionary.
For example, the following sample command adds the user name Jack to the dictionary: 
iirdict testx528.dir\testx528.dic
iirdict>   May 17 2022 15:52:38 10.3.0.000
Operating on 'testx528.dir\testx528.dic'
Enter password:
Command (a=Add d=Delete l=List t=Test q=Quit)? a
Enter alias: Jack
Enter connection details:
  Type (odb): user
  User password:  Secret
iirdict> alias 'Jack' added successfully
Command (a=Add d=Delete l=List t=Test q=Quit)? l
# 2022-05-25 11:44:53.005000 mtaylor Created
# 2022-05-25 11:50:39.837696 mtaylor Added alias 'Jack'
Command (a=Add d=Delete l=List t=Test q=Quit)?
You can also use the HTTP authentication method. For more information on HTTP authentication, see Conventions.

Transport Layer Security

Identity Resolution web services can employ HTTPS to implement Transport Layer Security. This will provide point to point security. To deploy this facility on, start the servers by running the shell script
$SSABIN/idsup
 on Unix or the batch script
%SSABIN%\idsup.bat
 on Windows with the following options:
-qcFile1
Specifies the PEM file containing an X509 certificate.
-qkFile2
Specifies the PEM file containing an RSA private key.
-qrFile3
Specifies the PEM file containing an X509 root certificate.
The web service will now use HTTPS instead of HTTP. HTTPS sends HTTP messages using SSL, a well established and widely available security protocol. If HTTPS is specified, any messages sent to the web service using HTTP will be discarded.
You must specify all the three options. The server will report an error on startup if one is omitted.
The minimum SSL protocol is set to
TLS_2
. You can use the
SSA_SSL_MIN_PROTOCOL
 environment variable to change the minimum SSL protocol.

Environment Variables

You can use the following environment variables for the SSL security protocol:
SSA_SSL_MIN_PROTOCOL
Enables you to change the minimum SSL protocol which is set by default to
TLS_2
. You can use one of the following values to change
TLS_2
 :
  • S
    . Sets minimum SSL protocol to
    SSL v3
    .
  • T1
    . Sets minimum SSL protocol to
    TLS 1.1
    .
  • T2
    . Sets minimum SSL protocol to
    TLS 1.2
    .
  • T3
    . Sets minimum SSL protocol to
    TLS 1.3
    .
If you use a value other than the values in the preceding list, the minimum SSL protocol is set to
TLS 1.1
.
SSAOPTS
Enables you to view messages in the log file according to the values that you set for the
SSA_SSL_MIN_PROTOCOL
 variable. Set the values +D+Q or +D+q to view these messages in the log file. You can view the following messages in the log file using the
SSAOPTS
 variable:
  • If you don't set a value for the
    SSA_SSL_MIN_PROTOCOL
     variable, you get the following message:
    Protocol version='TLSv1.3' OpenSSL_version='OpenSSL 1.1.1n 15 Mar 2022' Minimum supported protocol version='TLS 1.2
    .
  • If you set
    SSA_SSL_MIN_PROTOCOL=S
    , you get the following message:
    Protocol version='TLSv1.3' OpenSSL_version='OpenSSL 1.1.1n 15 Mar 2022' Minimum supported protocol version='SSL v3'
    .
  • If you set
    SSA_SSL_MIN_PROTOCOL=T2
    , you get the following message:
    Protocol version='TLSv1.3' OpenSSL_version='OpenSSL 1.1.1n 15 Mar 2022' Minimum supported protocol version='TLS 1.2'
    .

Samples

The
ws-sample3.cs
 sample file requires Web Services Enhancements (WSE) 3.0 and uses a specified X509 RSA certificate to create a message signed with a private key.
The Identity Resolution servers use the specified public RSA key to validate the request.
Use the following sample Java files to connect to the XML Search Server:
  • HTTPSample.java
     for HTTP authentication
  • HTTPSSample.java
     for HTTPS authentication
The sample programs are located in the following directory:
<installation directory>\samples\programs\java-xml
.
0 COMMENTS
We’d like to hear from you!