CA API Gateway 9.1

9.4 9.1

Add Timestamp Assertion

The Add Timestamp assertion is used to add a signed <wsu:Timestamp> element into the SOAP security header of all target messages. You can configure the expiry time period for the timestamp and you can choose the method used to include the SSL certificate for the .
gateway90
The Add Timestamp assertion is used to add a signed <wsu:Timestamp> element into the SOAP security header of all target messages. You can configure the expiry time period for the timestamp and you can choose the method used to include the SSL certificate for the
API Gateway
.
To learn about selecting the target message for this assertion, see Select a Target Message.
To learn more about selecting a private key for this assertion, see Select a Custom Private Key.
To learn more about changing the WSS Recipient for this assertion, see Change the WSS Assertion Recipient.
The Add or Remove WS-Security Assertion must follow the Add Timestamp assertion in a policy.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. This assertion contains default settings that are appropriate for most instances. To change any of the settings, right-click <
    target
    >:
    Add [Signed] Timestamp
     in the policy window and select
    Timestamp Properties
     or double-click the assertion in the policy window. The assertion properties are displayed.
  3. Configure the properties as follows:
Setting
Description
Resolution
To specify a timestamp resolution, select a value from the resolution drop-down list. When the value is '<Default>', the
API Gateway
 default resolution is used.
Expiry Time
Select the unit of measure from the drop-down list (milliseconds, seconds, minutes, hours), then enter the length of the expiry time for the timestamp. Fractional measurements are permitted. The default is 5 minutes.
Sign Timestamp
Select this check box to digitally sign the timestamp. When signatures are used, "signed" will appear in the assertion name in the policy window ("Add signed Timestamp").
The [
Sign Timestamp
] check box must be enabled if a private key has been selected for this assertion. If the check box is cleared, any private key will be ignored.
Gateway Certificate Inclusion
Select the method to use to include the SSL certificate for the
API Gateway
:
  • BinarySecurityToken
    : The certificate is embedded within the message and does not require the recipient to already possess a copy of the signing certificate. This results in larger messages, but is more compatible. This setting is the default.
  • SecurityTokenReference with SKI
    : Use SecurityTokenReference containing the SubjectKeyIdentifier (SKI). This produces smaller messages, but at the risk of decreased compatibility.
  • Issuer Name/Serial Number
    : Use a SecurityTokenReference containing the certificates issuer distinguished name and serial number. This produces smaller messages, but at the risk of decreased compatibility.

Content feedback and comments