Validating signatures

You can add validate signatures of incoming SOAP messages if you want authentication by using signature validation.

About this task

The ability to validate signatures of SOAP messages is available only in HCL OneTest™ API 8.5.0 or later.


  1. Open a SOAP message for editing.
  2. On the Config page, right-click the node and click Properties.
  3. In the Field Properties dialog, click the WS-Security tab.
  4. On the WS-Security page, ensure that the Enable field is selected.
  5. Select Validate Signature from the list. The Validate Signature editor is displayed.
  6. Configure the validate signature action.

    The following table outlines the fields and options used for validating signatures.

    Field/Option Description
    Transformation Name (Required) Enter a name for the security action that will help identify the action in the main list.
    Keystore (option) You can use an HCL OneTest API identity store.
    Username token Alternatively, you can use a user name token if a user token action is listed above this action (under the toolbar on the WS-Security tab).
    SAML Assertion token Or, you can use a SAML assertion action if a SAML token action is listed above this action (under the toolbar on the WS-Security tab).
    Keystore (list) Select a HCL OneTest API identity store.
    Certificate Alias Select a public key alias (defined in the selected keystore).
    Actor Indicates a specific message receiver, either the ultimate receiver or an intermediary. For each actor/role that is defined (that is, in multiple tokens), a separate security header is added to the SOAP header.
    Must understand? Select this check box to make the SOAP header mandatory for the specified actor/role. In this case, either the header block must be processed or the entire SOAP message is ignored, and a SOAP fault is generated. If this check box is cleared (the default), the specified actor/role may or may not process the SOAP header.
  7. Click OK.