Services Administration - How to: Enable SOAP Digital Signatures

Overview

Some SOAP (Simple Object Access Protocol) APIs APIs (application programming interfaces) are a set of protocols and definitions developers use to build and integrate application software. APIs act as the connective tissue between products and services. require that you attach a SOAP digital signature to a service. A digital signature is a value computed with a cryptographic algorithm. When that value sends as part of a request, it lets the recipient verify the security and integrity of the incoming data.

The Enable SOAP Digital Signature checkbox lets you attach a digital signature to any service that might use SOAP. For example, services using the WSSE Username Token Profile or SOAP Custom Header authentication types. When a service request comes in, the authentication processes. Then, the digital signature is added to the XML of the request body object.

You must specify a signing, digest, and canonicalization algorithm to set up the digital signature. To learn about each algorithm, see the W3C XML Signature Syntax and Processing documentation here: https://www.w3.org/TR/xmldsig-core1/#sec-AlgID. To learn more about SOAP digital signatures, see the W3C documentation here: https://www.w3.org/TR/SOAP-dsig/.

Adding a SOAP Digital Signature to a Service

A static image displaying the

The following instructions will help you add a SOAP digital signature to a service.

These instructions assume you already set up a service that requires a SOAP digital signature.

1. Set Enable SOAP Digital Signature to Checked Box Icon (checked).
2. In the SOAP Digital Signature --- PFX or PKCS12 Encoded (hex) Private Key and Certificate Chain field, copy and paste the digital signature key.  
3. If required, copy and paste the passphrase into the SOAP Digital Signature --- PFX Passphrase field.
4. In the SOAP Digital Signature --- Signing Algorithm field, enter the signing algorithm.

To reference a list of signing algorithms, visit http://santuario.apache.org/Java/api/constant-values.html#org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256.

5. In the SOAP Digital Signature --- Digest Algorithm field, enter the digest algorithm .

To reference a list of digest algorithms, visit http://santuario.apache.org/Java/api/constant-values.html#org.apache.xml.security.algorithms.MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256.

6. In the SOAP Digital Signature --- Canonicalization Algorithm field, enter the canonicalization algorithm.

To reference a list of canonicalization algorithms, visit http://santuario.apache.org/Java/api/constant-values.html#org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.

7. Click Save Changes.

Resources