Signing/Encryption - 8.0

Talend ESB Infrastructure Services Configuration Guide

Version
8.0
Language
English
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade

Signing and Encryption use the same two policies, both available here:

  • /add-ons/registry/policies/wspolicy_authn_saml_crypto.policy

    This policy add the SAML token, and sign and encrypt the SOAP Body.

  • /add-ons/registry/policies/wspolicy_authn_authz_crypto.policy

    Same as the above, but with the authorization policy.

The SOAP Body is signed using the key associated with the SAML Token. The Body is encrypted using a certificate for the service obtained from the XKMS service.

However, some of the policies appear more than once, because in the Studio, you have four different options:

  • Username / Password. It maps to the org.talend.esb.job.token.policy file.

  • SAML Token. It maps to the org.talend.esb.job.saml.policy file, if you are not using any authorization or encryption.

  • Authorization. It must be used in conjunction with SAML and it maps to the etc/org.talend.esb.job.saml.authz.policy file.

  • Encryption/Signature body. It must also be used with SAML but it maps to either org.talend.esb.job.saml.authz.crypto.policy or org.talend.esb.job.saml.crypto.policy depending if authorization is selected or not.