Signing/Encryption - 7.1

Talend ESB Infrastructure Services Configuration Guide

Version
7.1
Language
English (United States)
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade

Signing and Encryption use the same two policies, both available here:

  • /add-ons/registry/policies/wspolicy_authn_saml_crypto.policy

    This policy add the SAML token, and sign and encrypt the SOAP Body.

  • /add-ons/registry/policies/wspolicy_authn_authz_crypto.policy

    Same as the above, but with the authorization policy.

The SOAP Body is signed using the key associated with the SAML Token. The Body is encrypted using a certificate for the service obtained from the XKMS service.

However, some of the policies appear more than once, because in the Studio, you have four different options:

  • Username / Password. It maps to the org.talend.esb.job.token.policy file.

  • SAML Token. It maps to the org.talend.esb.job.saml.policy file, if you are not using any authorization or encryption.

  • Authorization. It must be used in conjunction with SAML and it maps to the etc/org.talend.esb.job.saml.authz.policy file.

  • Encryption/Signature body. It must also be used with SAML but it maps to either org.talend.esb.job.saml.authz.crypto.policy or org.talend.esb.job.saml.crypto.policy depending if authorization is selected or not.