Require Encrypted Element Assertion
The Require Encrypted Element assertion is used to require that specified message elements are encrypted in the target message.
gateway90
The
Require Encrypted Element
assertion is used to require that specified message elements are encrypted in the target message.You can add a Require Encrypted Element assertion for each element of the target message that you want to verify as encrypted. This assertion supports WS-Security 1.0 and 1.1.
To learn more about changing the WSS Recipient for this assertion, see Change the WSS Assertion Recipient.
Setting the WSS recipient to one other than "Default" will cause the Require Encrypted Element assertion to always succeed.
This assertion is intended for use in a web service policy. It should be placed before the routing assertion in a policy when targeting the request message.
To learn about selecting the target message for this assertion, see Select a Target Message.
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Add an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Right-click thein the policy window and select<target>:Require Encrypted ElementEncrypted Element Propertiesor double-click the assertion in the policy window. The assertion properties are displayed. The title of the dialog will show "Request", "Response", or "${variableName}", depending on the target message.
- Specify the XPath and indicate which element from the target message must be encrypted in the code box. For detailed instructions on using the interface to build your XPath, see Select an XPath.
- Select the check box next to theEncryption Methodsthat may be used in the target message:AES 128 CBC(default)AES 192 CBCAES 256 CBCTriple DESAES 128 GCMAES 256 GCMIf your security provider does not support the "AES-GCM" encryption options, encryption/decryption attempts may fail at run time if these options are selected.
- Click [OK].