Services Administration - How to: Enable SOAP Digital Signatures

Overview                                        

Some SOAP (Simple Object Access Protocol) APIs require that you attach a SOAP digital signature to a service. A digital signature is a value computed with a cryptographic algorithm. When that value sends as part of a request, it lets the recipient verify the security and integrity of the incoming data.

The Enable SOAP Digital Signature checkbox lets you attach a digital signature to any service that might use SOAP. For example, services using the WSSE Username Token Profile or SOAP Custom Header authentication types. When a service request comes in, the authentication processes. Then, the digital signature is added to the XML of the request body object.

You must specify a signing, digest, and canonicalization algorithm to set up the digital signature. To learn about each algorithm, see the W3C XML Signature Syntax and Processing documentation here: https://www.w3.org/TR/xmldsig-core1/#sec-AlgID. To learn more about SOAP digital signatures, see the W3C documentation here: https://www.w3.org/TR/SOAP-dsig/.

Adding a SOAP Digital Signature to a Service

The following instructions will help you add a SOAP digital signature to a service.

These instructions assume you already set up a service that requires a SOAP digital signature.

1. Set Enable SOAP Digital Signature to (checked).

2. In the SOAP Digital Signature --- PFX or PKCS12 Encoded (hex) Private Key and Certificate Chain field, copy and paste the digital signature key.  

3. If required, copy and paste the passphrase into the SOAP Digital Signature --- PFX Passphrase field.

4. In the SOAP Digital Signature --- Signing Algorithm field, enter the signing algorithm.

   To reference a list of signing algorithms, visit http://santuario.apache.org/Java/api/constant-values.html#org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256.

5. In the SOAP Digital Signature --- Digest Algorithm field, enter the digest algorithm .

   To reference a list of digest algorithms, visit http://santuario.apache.org/Java/api/constant-values.html#org.apache.xml.security.algorithms.MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256.

6. In the SOAP Digital Signature --- Canonicalization Algorithm field, enter the canonicalization algorithm.

   To reference a list of canonicalization algorithms, visit http://santuario.apache.org/Java/api/constant-values.html#org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.

7. Click Save Changes.

Resources

• Learn about the Services Administration page.

• Add a new service to the environment.

• Read more about External APIs.

• Using an mTLS Certificate with OAuth 2.0 Authentication.

• Generating a PFX Certificate Bundle for mTLS.