Adding signatures

You can add signatures if you want to apply signature authentication to the header and body elements of a SOAP message.

About this task

If you did not define an identity store in Architecture School, or if no acceptable user token exists, you must create an identity store before you can add a signature. See Identity stores and SSL.

Procedure

To sign the body of an outgoing SOAP message:

  1. Open a SOAP message for editing.
  2. On the Config page, right-click the node and click Properties.
  3. In the Field Properties dialog, click the WS-Security tab.
  4. On the WS-Security page, ensure that the Enable field is selected.
  5. Select Signature from the drop-down list. The Signature editor is displayed.

    Use the following fields and options for signatures:

    Field Description
    Transformation Name (Required) User-defined name for the security action (helps identify the action in the main list).
    Signature Key Source Select whether to sign with a keystore (identity store) or user token.
    Note: You can sign only with a user token that was created with a Digest, or with the Nonce and Created options enabled.
    Keystore The HCL OneTest™ API identity store to use
    Certificate Alias The private key alias to use (defined in the selected keystore).
    Password (Required) The password to use for the selected certificate alias.
    Key identifier type Indicates how to refer to the signature key:

    - Binary security token direct reference

    - Issuer serial

    - X509 key identifier

    Signature Algorithm Indicates signature algorithm to use:

    - RSA-SHA1: http://www.w3.org/2000/09/xmldsig#rsa-sha1

    - DSA-SHA1: http://www.w3.org/2000/09/xmldsig#dsa-sha1

    Actor Indicates a specific message receiver (either the ultimate receiver or an intermediary). For each actor/role that is defined (that is, in multiple tokens), a separate security header is added to the SOAP header.
    Must understand If enabled, makes the SOAP header mandatory for the specified actor/role. In this case, either the header block must be processed or the entire SOAP message is ignored, and a SOAP fault is generated.
    If not enabled, the specified actor/role may or may not process the SOAP header.
    SOAP Body Select this check box to sign the body of a SOAP message.
    Note: In the Signature window, only message elements that are explicitly selected will be signed.
    WS-Security Tokens Select this check box to sign other security actions listed above this action (under the toolbar on the WS-Security tab) for a SOAP message. For each action displayed under this check box, you must select the check box next to it if you want to sign it.
    WS-Addressing Select this check box to encrypt WS-Addressing fields of a SOAP message. For each field that is displayed under this check box, you must select the check box next to it if you want to encrypt it.
    SOAP Headers Select this check box to sign individual header elements in the SOAP envelope. You must select the check box next to each element that you want to sign.
Feedback