SSL Proxy Profile or Transport Layer Security
Forward
Reverse
Two-way
When DataPower Acts as Server
Create SSL proxy profile by following the steps shown below , it can be referred in
any Front side handler that supports SSL(Example HTTPS)
When DataPower Acts as Client
Upload certificate shared by server in cert/pubcert directory of Datapower
File Management.
Create SSL proxy profile as shown below. This can be either referred in proxy
settings or set dynamically using routing-ssl-profile variable
Server to which Datapower acts as client will share its certificate to
Datapower (Client).
Using certificate shared, a crypto certificate object is created.
Crypto Validation credentials created using crypto certificate object will be
included in crypto profile.
Crypto profile created will be used in Datapower as SSL proxy profile
TWO-WAY-SSL-Proxy-Profile :
A TWO-WAY-SSL-Proxy-Profile contains two crypto profiles one refers crypto
validation credentials evaluated in response (Datapower as client to Backend) and other one
refers crypto Identification credentials used in request flow(When Datapower acts as SSL
server to front end systems)
Message Level Security by Using AAA
AAA - Authentication Authorization and Auditing
AAA can be implemented in various ways like Digital Signature Method, LDAP Authentication
and AAAInfo.xml file
AAA has mainly 5 steps:
i. How to Extract the User’s identity from an incoming request
ii. How to Authenticate the User
iii. How to Extract the Resources
iv. How to Authorize the User
v. Auditing
Digital Signature Method
Client/Consumer will be using their own Private Key to digitally sign a message and
sends to Datapower.
Client/Consumer will be sharing their public Certificate to Datapower, which we upload
into Cert folder under File Management and Create a Crypto Certificate.
The Created Crypto Certificate object will be used inside Crypto Validation Credentials
LDAP Method
Client/Consumer will be sending the username token and password as part of WS-
Security Header.
We extract the Header and Send it to LDAP Server for Authentication purpose
AAAinfo.xml Method
Client/Consumer will be sending the username token and password as part of WS-
Security Header
We extract the Header and verify the same in the AAAinfo.xml file for Authentication
purpose