Need assistance implementing more robust security.

For the past 5 years my company has been supporting only Basic Authentication with our WebMethods platform (currently 7.1.2). This lack of more robust security support on our part is now starting to cause problems. Microsoft has implemented restrictions in .NET WCF that limit the use of basic authentication and some of our vendors are providing web services that do not support basic auth.

For example, we are in the process of upgrading one of our systems and the vendor provides APIs that support the following authentication schemes

  • Single sign-on via SAML
  • XML encryption
  • Digital Signatures

Based on the web service development documentation, webMethods does support some of these, but details on how to do that exactly leave much to be desired.

For instance, there are no examples on how one would generate, configre and then provide the necessary certificate information in a call to a web service (non webMethods) that support digital signatures.

Does anyone have an example or know of one that would illustrate this better than the webMethods documentation?

My team is trying to get up to speed with implementing better/different security methods, but it has been a struggle so far. I am very new to this stuff so I am still learning some of the terminology and the webMethods documentation is geared toward people that are extremely well versed in this already.

Any assitance would be greatly appreciated.