CA API Gateway 9.1

9.4 9.1

Build RST SOAP Request Assertion

gateway90
The Build RST SOAP Request assertion is used to create a SOAP message containing a Request Security Token (RST) in the SOAP body. The security token requested from the service is either a Security Context Token (SCT) or a SAML Token.
Context Variables Created by This Assertion
The Build RST SOAP Request assertion sets details about the RST request message in the following context variables.
The default <prefix> is "requestBuilder" and can be changed in the assertion properties.
Variable
Description
<prefix>.
rstRequest
Stores the RST Request message generated
<prefix>.
clientEntropy
Stores the client entropy, if the option [
Generate and include client entropy
] is selected in the assertion properties
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. Right-click
    Build RST SOAP [Cancel|Issue|Validate] Request
     in the policy window and choose
    RST SOAP Request Builder Properties
     or double-click the assertion in the policy window. The assertion properties are displayed.
  3. Configure the properties as follows.
    Setting
    Description
    SOAP Version
    Choose the SOAP version to be used in the RST SOAP message: 1.1 or 1.2.
    WS-Trust Namespace
    Choose the WS-Trust namespace to be used in a RequestSecurityToken element:
    • http://docs.oasis-open.org/ws-sx/ws-trust/200512
       (v1.3 and v1.4)
    • http://schemas.xmlsoap.org/ws/2005/02/trust
       (v1.2)
    • http://schemas.xmlsoap.org/ws/2004/04/trust
       (pre-v1.2)
    Token Type
    Choose the token type to be used in the message:
    <Not Included> (no token is requested)
    SAML2 Assertion
    SAML Assertion
    WS-SC SecurityContextToken
    Request Type
    Choose the type of request to build:
    Cancel
    Issue (default)
    Validate
    <wst:Issuer> Address
    Optionally specify the issuer of the security token that is presented in the RST SOAP request message. The Issuer element's type is an endpoint reference as defined in WS-Addressing. You may reference context variables.
    <wsp:AppliesTo> Address
    Optionally specify the URL of the <Address> in a <wsp:AppliesTo> element, which is a scope specified by the requestor for the issued token. You may reference context variables.
    Target Token Variable
    If the
    Request Type
     is either
    Cancel
     or
    Validate
    , optionally specify a context variable of type String that will be used for the target element (the CancelTarget or ValidateTarget elements, respectively). This context variable should either contain:
    • an Element—for example, one that was selected using an XPath; this Element should be a SecurityTokenReference or a security token.
    • a Security Context Token (for example, one created by the Establish Outbound Secure Conversation Assertion. A SecurityTokenReference will be generated for the token.
    You can use an indexing option to specify a value from a multivalued context variable. For example, use foo[1] to choose the second value in the multivalued variable foo. For more information, see Indexing Options during Interpolation in Working with Multivalued Context Variables.
    Key Size (bits)
    Optionally specify the key size in bits.
    Token Lifetime
    Optionally, select this check box to specify a time range for the returned security token.
    The issuer is not obligated to honor this range and may return a more (or less) restrictive interval.
    Use System Default
    When specifying a Token Lifetime, select this check box to use the system default, as defined by the outbound.secureConversation.defaultSessionDuration  cluster property. The default value for this property is 2 hours.
    Generate and include client entropy
    Optionally select this check box to generate client entropy and include it in the RST request. The generated entropy will be saved into the context variable <prefix>.clientEntropy.
    Variable Prefix
    Enter a prefix that will be added to the context variables created by this assertion. This prefix will ensure uniqueness and will prevent the variables from overwriting each other when multiple instances of this assertion appear in a policy.
    The default prefix is requestBuilder.
    For an explanation of the validation messages displayed, see Context Variable Validation.

Content feedback and comments