LinkedIn
Copied!

Table of Contents

Creating a SOAP connector that uses a digital signature and encryption

If your application connects to an external SOAP service that requires the WS-Security protocol, you can create a SOAP connector that uses a digital signature and encryption. To use a digital signature and encryption, you configure the connector rule to include the credentials in the SOAP request envelope header.

The following procedure assumes that you have configured a SOAP connector and explains how to create a WS-Security profile that uses encryption, signature, and timestamp credentials. For information about using the username credential, see How to create SOAP connectors that use WSS username tokens and timestamps.

Creating a SOAP connector to use a digital signature and encryption consists of the following high-level tasks:

Creating the WS-Security profile

Create the WS-Security profile from the SOAP connector rule.

  1. From the Records editor, click Integration-Connectors > Connect SOAP.
  2. Locate your connector and click on its row.
  3. Click Advanced.
  4. In the Web Services (ws-*) configuration section, click Enable ws-security.
  5. In the Security profile field, enter a name for the WS-Security profile.
    Thumbnail
  6. Click the Open icon.
  7. In the Short description field, enter text that describes the data instance.
  8. In the Web Service security profile name field, enter a name for the data instance.
  9. Click Create and open.

Configuring the keystore

A keystore is a collection of cryptographic data used for authentication and encryption.

  1. Click the Keystore tab.
  2. In the Keystore field, enter the name of the keystore file.
    Thumbnail
  3. Click the Open icon.
  4. Click Create and open.
  5. Click Upload file.
  6. Navigate to the keystore file and click Open.
  7. Click Upload file.
  8. In the Keystore type field, enter the type of file.
    Thumbnail

 

Configuring signature authentication

Requests that use a digital signature are digitally signed using information in the keystore file that was previously uploaded. 

  1. Click the Out Flow tab.
  2. Click the Add new configuration icon to add a new row.
  3. In the Configuration type field, select Signature.
  4. Complete the signature configuration. For more information, see Configuring a WS-Security Profile.
    Element names in the Signature parts field must be in the format Element names must be in the format: {Element}{Namespace URI}ElementName, for example, {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body
    Thumbnail

Configuring encryption

An encryption configuration enables you to encrypt specified parts of an outgoing message that can then be decrypted by a service. 

  1. Click the Out Flow tab.
  2. Click the Add new configuration icon to add a new row.
  3. In the Configuration type field, select Encryption.
  4. Complete the encryption configuration. For more information, see Configuring a WS-Security Profile.
    Element names in the Encryption parts field must be in the format Element names must be in the format: {Element}{Namespace URI}ElementName, for example, {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body
    Thumbnail

Configuring a timestamp

A timestamp specifies the number of seconds a request message remains alive. 

  1. Click the Out Flow tab.
  2. Click the Add new configuration icon to add a new row.
  3. In the Configuration type field, select Timestamp.
  4. In the Time to live field, enter the number of seconds that the message remains valid.
    Thumbnail

Configuring the incoming flow

The incoming flow configuration is applied to response messages received from a web service. the incoming flow can be used to decrypt encrypted messages. 

  1. Click the In Flow tab.
  2. Click the Add new configuration icon to add a new row.
  3. In the Configuration type field, select the configuration type you want to add.
  4. Repeat steps 2 and 3 for all of the configuration types you want to add.
    Thumbnail
  5. Click Save.

The request and response messages contain a reference to the security token contained within the keystore and a cipher of the message body contents as shown in the following example.


<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-7739053>
<xenc:EncryptedData Id="EncDataId-7739053" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-urn:uuid:FA106335A882E157EB12586467444374" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
pREpviwoLsfjIUNvvUCQfbIq+6kRcLT5soMa28Vd5BCIstlkACbSLIsg+b+LDLKyaeHyR0IAYaDC
YXhUk9yJ5LQbiaoMuUWIh/u2c9DB2qAnjYeOpkf0Hn6JWQckxlC2OexaUO1DF8oVYINKxLGFcIDh
CgOpcw/yEbthbhzno1TRbvHa/4i7Y/0MnhY00g3I0mNyAATQyIFy0OSkZa3VtdcFwJ+Q0JojfKAC
y6qyfrpxjsFasR+dYJT3Lr51c5EFgbTf/BqF6vgCzzl/o5IqS3fSLUKn+ngwoBADYJiS/BZyiu6rIkr
yUjWB1hda/mlfkDr2FpG5TVvSflKQTaKiZsDM9dPSLVVraLjcuAt3ANeAaDl9ik6H+mK4Kxd+TLp
DUo8Xvwvg0iIYIEhi4LVxOmJxV09NJxyJ6u4JLpt12bQHUhVmPR+D9iI592YZxxSNsQ7vA31EaQL
KC8m+JHqr1drZjaWl9mWb4pIJ76tRjQoTfkTybGDUjDqiXEOyHDe8kYO0Ez6rlV6ZrmaEN0IyNTY
eAeJEPm9jDvzRXfMhWKtIwzYOOYo9biv9tmqFms5xwca0RT+TpP8IAzsgXm4Pvtu77+JvgdVQgkZ
</xenc:CipherValue>
</xenc:CipherData></xenc:EncryptedData></soapenv:Body></soapenv:Envelope>

Suggest Edit
Did you find this content helpful?

80% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.