|
|
|
For the XML-DSIG authentication scheme to work, the XML document sent by the web service consumer must contain the following elements:
As the parent element for the XML signature, it specifies all information relevant to the digital signature.
To verify the signature, SOA Security Manager requires that an X.509 certificate be part of the <Signature> element in the XML document.
Because the Policy Server does not interact with a Certificate Authority for this scheme, you must configure a certificate mapping that maps the Issuer DN in the certificate to a corresponding entry in the referenced user store. For LDAP user directories only, you can configure the certificate mapping to require that a copy of the certificate is in the user store to be compared against the certificate in the document.
This element specifies the key needed to validate the signature. This information may include keys, names, and certificates for the sender.
For the Policy Server to authenticate a client, this element must have enough information to determine the public key that created the signature.
This is a child element of <KeyInfo>; it contains a string value that identifies the key to the recipient of the XML document. This string could be a key index, a distinguished name (DN), or an email address, for example.
The Policy Server maps the value of this element to an entry in the user store.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |