We want to consume an existing WCF service from API gateway. The WCF service is implementing Security Token based authentication scheme. We raised a Support ticket & they asked us to post a question in community. Please can you point us to an example policy to understand it?
For some reason which I will look into, the WCF component of the online documentation did not include the components that use to exist in the shipped PDF back in 8.2. I've attached that Layer 7 Policy Manager User Manual document plus several sample policies to help with the various roles that the gateway can act in for Secure Conversation. In the user manual look at the "How to Integrate the Gateway with WCF"
In this scenario, the gateway sits in the middle of the client and the end service. The secure conversation session is established for the gateway and the endpoint service, but the session is also shared by the client and the gateway. Think of it as a "legitimized Man-In-The-Middle attack".
In this scenario, the gateway acts as WCF Client, which establishes a secure conversation with the WCF service and then sends the service/business request to the WCF service.
In this scenario, the gateway acts as WCF Service, which establishes a secure conversation with a WCF client and handle the client's service request.
Director, CA Support