(March 2016: Lab updated for IIB10003) This lab shows how IBM Integration Bus Integration Services can be secured using (message level) Web Services security and Transport Level Security (TLS) using X.509 certificates.


  • Policy Sets and Policy Set Bindings
  • Full and Partial Message Encryption
  • Client Authentication and TLS

6 comments on"[iib10] Lab 90: Web Services Security: Authentication and Encryption Using X.509 Certificates"

  1. Bala Narayanasamy November 22, 2017

    Hi Ian,

    I am getting the same exception as sarafarz mentioned. Could please advise if any fix available?..


  2. How we can configure HRDB for this tutorial? I donot want to create iibuser.

    • Hi Vikram,
      There are some notes about configuring HRDB, and the JDBC connection for IIB, with a different user (instead of iibuser and iibadmin). The notes are given in the PDF for Lab 1, in particular see the section “1.3.1 Recreating the HRDB database and tables”. Generally you need to edit the scripts given in the Lab directory /student10/Create_HR_database before running the scripts. For example, in 3_Create_JDBC_for_HRDB.cmd mqsisetdbparms %node1% -n jdbc::HRDB -u IIBUSER -p passw0rd

  3. I am following the lab at “section 7.2.1 Activate the Policy Set and Binding on the Consumer”, when i deploy the bar file to CONSUMER Integration Server it gives following error. The deploy of Policy on Provider node goes fine without error.

    BIP2087E: Integration node ‘IB10NODEC’ was unable to process the internal configuration message.
    The entire internal configuration message failed to be processed successfully.
    Use the messages following this message to determine the reasons for the failure. If the problem cannot be resolved after reviewing these messages, contact your IBM Support center. Enabling service trace may help determine the cause of the failure.

    BIP4041E: Integration server ‘CONSUMER’ received an administration request that encountered an exception. While attempting to process an administration request, an exception was encountered. No updates have been made to the configuration of the integration server.
    Review related error messages to determine why the administration request failed.

    BIP3726E: Failed to setup SOAP transport for node getEmployee_EmployeeService.Request.
    The SOAP nodes rely on the configuration of the SOAP transport layer within the integration node, and this has not been initialised correctly. The node will not be operational until the problems have been corrected.
    Determine the cause of the error and correct it. Subsequent error messages may contain more information.

    BIP3728E: Configuration of WS-Security layer using policy set ‘myConsumerPolicySet’ and policy set binding ‘myConsumerPolicySetBinding’ failed. WS-Security configuration requires correctly initialised policy set and policy set binding information in order to succeed. An error has occurred whilst attempting to use policy set ‘myConsumerPolicySet’ and policy set binding ‘myConsumerPolicySetBinding’. Common causes are:
    1: Either the policy set name or policy set binding name is missing from the node (or flow) configuration.
    2: If X.509 tokens are being used, including implicit usage such as signing or encryption, the keystore and/or truststore is not be set correctly.
    However, this may be an internal error, possibly due to a faulty installation. A review of the exception text may indicate a solution.
    Determine the cause of the error and correct it. Subsequent error messages may contain more information.

    BIP3665E: The policy set binding ‘myConsumerPolicySetBinding’ is of the wrong type for the specified node. A policy set binding can be either a “consumer” (for SOAPRequest and SOAPAsynchronousRequest) or “provider” (for SOAPInput and SOAPReply) nodes. The specified binding is the wrong type for the node.
    Either correct the policy set binding name associated with the message flow or node so that it refers to a binding that is of the correct type, or change the type of the policy set binding. Stop and start the message flow or redeploy the bar file depending on the action that caused the initial error.

    Please let me know the resolution.

  4. lab file is missing

Join The Discussion

Your email address will not be published. Required fields are marked *