Require Signing
Note: Dependency requirement: A policy that includes this action must also include the Identify Consumer action.
This action requires that a request's XML element (represented by an XPath expression) be signed. This action supports WS-SecurityPolicy 1.2 and cannot be used with REST services or connector virtual services.
Prerequisites:
1. Configure Integration Server: Set up keystores and truststores in Integration Server (see the section Securing Communications with the Server in the document webMethods Integration Server Administrator’s Guide).
2. Configure
CloudStreams: In the
Integration Server Administrator, navigate to
Solutions > CloudStreams > Administration > General and complete the
IS Keystore Name,
IS Truststore Name and
Alias (signing) fields, as described in
Setting the General Options).
CloudStreams uses the signing alias specified in the
Alias (signing) field to sign the response.
When this policy action is set for the virtual service, CloudStreams validates that the requests are properly signed, and provides signing for responses. CloudStreams provides support both for signing an entire SOAP message body or individual elements of the SOAP message body.
CloudStreams uses a digital signature element in the security header to verify that all elements matching the XPath expression were signed. If the request contains elements that were not signed or no signature is present, then CloudStreams rejects the request.
Note: You must map the public certificate of the key used to the sign the request to an Integration Server user. If the certificate is not mapped, CloudStreams returns a SOAP fault to the caller.
Input Parameters
Element Required to be Signed | An XPath expression that represents the XML element that is required to be signed. |
Namespace Prefix | Optional. Right-click the action name and click Add Namespace Prefix if you want to specify the namespace prefix of the element required to be signed. Enter the namespace prefix in the following format: xmlns:prefix-name For example: xmlns:soapenv See below for an example XPath element generated in the policy. |
Example Generated XPath Element
The generated XPath element in the policy should look similar to this:
<sp:SignedElements xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-
securitypolicy/200702">
<sp:XPath
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">//soapenv:Body</sp:XPath>
</sp:SignedElements>