Signing/Encryption - 7.1

Talend ESB Infrastructure Services Configuration Guide

EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
EnrichPlatform
Talend ESB
Talend Runtime
task
Design and Development
Installation and Upgrade

Signing and Encryption use the same two policies, both available here:

  • /add-ons/registry/policies/wspolicy_authn_saml_crypto.policy

    This policy add the SAML token, and sign and encrypt the SOAP Body.

  • /add-ons/registry/policies/wspolicy_authn_authz_crypto.policy

    Same as the above, but with the authorization policy.

The SOAP Body is signed using the key associated with the SAML Token. The Body is encrypted using a certificate for the service obtained from the XKMS service.

However, some of the policies appear more than once, because in the Studio, you have four different options:

  • Username / Password. It maps to the org.talend.esb.job.token.policy file.

  • SAML Token. It maps to the org.talend.esb.job.saml.policy file, if you are not using any authorization or encryption.

  • Authorization. It must be used in conjunction with SAML and it maps to the etc/org.talend.esb.job.saml.authz.policy file.

  • Encryption/Signature body. It must also be used with SAML but it maps to either org.talend.esb.job.saml.authz.crypto.policy or org.talend.esb.job.saml.crypto.policy depending if authorization is selected or not.