Software AG Products 10.7 | Integrating On-Premises and Cloud Applications | Administering CloudStreams | webMethods CloudStreams Documentation | Administering webMethods CloudStreams | Policies | The Policy Actions | The Policy Action Reference | Require Signing
 
Require Signing
Note:
Dependency requirement: A policy that includes this action must also include the Identify Consumer action.
This action requires that a request's XML element (represented by an XPath expression) be signed. This action supports WS-SecurityPolicy 1.2 and cannot be used with REST services or connector virtual services.
Prerequisites:
1. Configure Integration Server: Set up keystores and truststores in Integration Server (see the section Securing Communications with the Server in the document webMethods Integration Server Administrator’s Guide).
2. Configure CloudStreams: In the Integration Server Administrator, navigate to Solutions > CloudStreams > Administration > General and complete the IS Keystore Name, IS Truststore Name and Alias (signing) fields, as described in Setting the General Options). CloudStreams uses the signing alias specified in the Alias (signing) field to sign the response.
When this policy action is set for the virtual service, CloudStreams validates that the requests are properly signed, and provides signing for responses. CloudStreams provides support both for signing an entire SOAP message body or individual elements of the SOAP message body.
CloudStreams uses a digital signature element in the security header to verify that all elements matching the XPath expression were signed. If the request contains elements that were not signed or no signature is present, then CloudStreams rejects the request.
Note:
You must map the public certificate of the key used to the sign the request to an Integration Server user. If the certificate is not mapped, CloudStreams returns a SOAP fault to the caller.
Input Parameters
Element Required to be Signed
An XPath expression that represents the XML element that is required to be signed.
Namespace Prefix
Optional. Right-click the action name and click Add Namespace Prefix if you want to specify the namespace prefix of the element required to be signed. Enter the namespace prefix in the following format:
xmlns:prefix-name
For example:
xmlns:soapenv
For more information, see the XML Namespaces specifications at http://www.w3.org/TR/REC-xml-names/#ns-decl.
See below for an example XPath element generated in the policy.
Example Generated XPath Element
The generated XPath element in the policy should look similar to this:
<sp:SignedElements xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-
securitypolicy/200702">
<sp:XPath
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">//soapenv:Body</sp:XPath>
</sp:SignedElements>