Hi,
We are developing a POC with OSB and IBM Datapower acting as SOA security gateway. DataPower is receiving all the requests at the DMZ and resolving all the security checks before go to the ESB layer in the intranet/secure zone.
They have 3 security flavors implemented, having OID as LDAP:
1.- WS-Security using username token.
2.- WS-Security using binary token (x.509 certificates).
3.- SAML 2.0 assertions.
We can overcome the 2 first barriers without problems; it means that we have DataPower + OSB working on those scenarios.
For the SAML one, we have a proxy service deployed at the OSB and we tried with the SAML security policy named oracle/wss11_saml20_token_with_message_protection_service_policy available at the OWSM, but the requests from DataPower could not be processed, instead of we are using the same keys infrastructure at the both sides.
- Could we create a new security policy at the OWSM side to adopt DataPower requirements?
- Where we can find detailed documentation about the encryption/signature mechanism applied at each SOAP message part for the OWSM policy mentioned above?
We need specific documentation about how this policy works: oracle/wss11_saml20_token_with_message_protection_service_policy
It means, the encryption/signature methods used at each SOAP message part . For example, looking at the message processed by this policy, seems that there are message parts which are signed more than one time, switching between different encryption algorithms. We need understand the security logic/strategy followed by this policy for our integration needs.
Thanks