Previous Topic: EncryptionNext Topic: Troubleshooting WS Security

Web ServicesInvoke SOAP Method Async OperatorInput ParametersWS SecurityEncryption/Signature Process for the SOAP Request

Encryption/Signature Process for the SOAP Request

The Invoke SOAP Method operator and the Invoke SOAP Method Async operator sign or encrypt all or part of the SOAP request body.

Encryption
  1. CA Process Automation uses the Canonicalization Algorithm to serialize the data to encrypt. This data includes either the entire request body or the parts that you specify in Parts to Encrypt.
  2. CA Process Automation uses a symmetric key (depending on the Symmetric Encryption Algorithm) to encrypt the data. This data includes either the entire request body or the parts that you specify in Parts to Encrypt.
  3. CA Process Automation uses the Public Key Alias to retrieve the public key from the keystore. The public key then uses the algorithm that you specify in the Symmetric Key Encryption Algorithm to encrypt the symmetric key.
  4. CA Process Automation adds the encrypted symmetric key to the SOAP request in the <xenc:EncryptedKey> element.
  5. Depending on the reference type you specified in the Public Key Identifier Type, CA Process Automation adds to the SOAP request a reference to the public key used to encrypt the symmetric key.
  6. The receiver decrypts the symmetric key and then uses the decrypted symmetric key to decrypt the SOAP request.
Signature
  1. CA Process Automation uses the Private Key Alias and the Private Key Password to retrieve the private key from the keystore.
  2. CA Process Automation uses the Canonicalization Algorithm to serialize the data to sign. This data includes either the entire request body or the parts that you specify in Parts to Sign.
  3. CA Process Automation uses the private key from the keystore to sign the SOAP request content using the Signature Algorithm that the user specifies. The product signs either the entire request body or the parts that you specify in Parts to Sign.
  4. CA Process Automation adds a reference to the certificate/public key that is associated with the private key to the SOAP request. The user specifies the type of reference in the Public Key Identifier Type.
  5. The receiver uses the public key to validate the signature in the SOAP request.