Require Signing
This action requires that a request's XML element (which is represented by an XPath expression) be signed. This action supports WS-SecurityPolicy 1.2.
Prerequisites
1. Configure Integration Server: Set up keystores and truststores in Integration Server, as described in webMethods Integration Server Administrator’s Guide.
2. Configure Mediator: In the Integration Server Administrator, navigate to Solutions > Mediator > Administration > General and complete the IS Keystore Name, IS Truststore Name, and Alias (signing) fields, as described in Administering webMethods Mediator. Mediator uses the signing alias specified in the Alias (signing) field to sign the response.
When this action is set for the virtual service, Mediator validates that the requests are properly signed, and provides signing for responses. Mediator provides support both for signing an entire SOAP message body or individual elements of the SOAP message body.
Mediator uses a digital signature element in the security header to verify that all elements matching the XPath expression were signed. If the request contains elements that were not signed or no signature is present, then Mediator rejects the request.
Note: | Keep the following in mind: 1. You must map the public certificate of the key used to sign the request to an Integration Server user. If the certificate is not mapped, Mediator returns a SOAP fault to the caller. 2. You can include this action multiple times in a policy. |
Input Parameters
Namespace | String. Optional. Namespace of the element required to be signed. Note: | Enter the namespace prefix in the following format: xmlns:<prefix-name> . For example: xmlns:soapenv. |
The generated XPath element in the policy should look similar to this: <sp:SignedElements xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-security policy/200702"> <sp:XPath xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> //soapenv:Body</sp:XPath> </sp:SignedElements> |
Element Required to be Signed | String. An XPath expression that represents the XML element that is required to be signed. |