Previous Topic: Create a KeystoreNext Topic: Encryption

Web ServicesInvoke SOAP Method OperatorInput ParametersWS SecurityCommon WS Security ParametersSignature

Signature
Add Signature

If selected, the product signs the SOAP request and then it adds a signature to the <wsse:Security> header. A private key in the keystore signs the SOAP request content. The product also enables all of the Signature Parameters fields.

Signature Parameters

The following parameters define the signature:

Private Key Alias

Defines the key alias in the keystore that the product uses for signing.

Private Key Password

Defines the key password in the keystore.

Canonicalization Algorithm

Defines the canonicalization method with which to serialize the data (the SOAP request body or the parts to be signed) before applying the signature. Leave this field blank to use the implementation default exclusive XML canonicalization algorithm xml-exc-c14n#.

Signature Algorithm

Defines the algorithm with which to define the signature. Leave this field blank if you want the product to try to detect and use a signature algorithm that matches the data in the key.

Public Key Identifier Type

Specifies the key identifier that sets up the certificate (public key) identification elements in the signature. The receiver uses this value to identify the signature certificate (public key) that validates the SOAP request signature.

Values:
  • 1 (Binary Security Token): The product adds <wsse:SecurityTokenReference> to the Signature element. The Signature element uses a URI fragment in a <wsse:Reference> element to reference the signature certificate (public key). The URI fragment references the signature public key. The product includes the signature public key as binary data in the <wsse:Security> header <wsse:BinarySecurityToken> element.
  • 2 (Issuer Name and Serial Number): The product adds <wsse:SecurityTokenReference> to the Signature element. The Signature element uses a <ds:X509Data><ds:X509:IssuerSerial> element to reference the signature certificate (public key). This element uniquely identifies a certificate by its X.509 issuer name and serial number.
  • 3 (X509 Certificate Identifier): The product adds <wsse:SecurityTokenReference> to the Signature element. The Signature element uses a <wsse:KeyIdentifier ValueType="oasis-200401-wss-x509-token-profile-1.0#X509v3"> element to reference the signature certificate (public key).
  • 4 (Subject Key Identifier): The product adds <wsse:SecurityTokenReference> to the Signature element. The Signature element uses a <wsse:KeyIdentifier ValueType="#oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"> element to reference the signature certificate (public key).

Default: 0. The operator uses the default key identifier (the Issuer Name and Serial Number) from the implementation.

Parts to Sign

Specifies which parts of the SOAP request to sign. Click Add Parameter to enter either a security ID or a Name/Namespace combination of the element to sign.

Values:
  • WSU ID: Defines the wsu:id attribute of the element to sign. You can add wsu:id as an attribute of an element in the SOAP request and you can specify your own value. For example: 
       <token wsu:id="123"> </token>

    The following statement shows the definition of the WSU namespace:

       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  • Name: Defines the name of the element to sign.
  • Namespace: Defines the namespace URI (not the local name of the namespace) of the element to sign. For example: 
       "http://www.ca.com/itpam"

Note: Leave this parameter blank to sign the body of the SOAP request. If you specify the WSU ID, the product ignores the Name and Namespace values.