LinkedIn
Copied!

Table of Contents

Configuring digital signature and encryption for SOAP connectors

If your application connects to an external SOAP service that requires the WS-Security protocol, you can create a SOAP connector that uses a digital signature and encryption. To use a digital signature and encryption, you configure the connector rule to include the credentials in the SOAP request envelope header.

You create a WS-security profile in Pega Platform and define a keystore. The keystore contains the cryptographic data that is used for authentication and encryption. Requests that use a digital signature are digitally signed using information in the keystore file that you upload. An encryption configuration enables you to encrypt specified parts of an outgoing message, which can then be decrypted by a service.

The request and response messages contain a reference to the security token contained within the keystore and a cipher of the message body content, as shown in the following example.

<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-7739053>
<xenc:EncryptedData Id="EncDataId-7739053" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-urn:uuid:FA106335A882E157EB12586467444374" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
pREpviwoLsfjIUNvvUCQfbIq+6kRcLT5soMa28Vd5BCIstlkACbSLIsg+b+LDLKyaeHyR0IAYaDC
YXhUk9yJ5LQbiaoMuUWIh/u2c9DB2qAnjYeOpkf0Hn6JWQckxlC2OexaUO1DF8oVYINKxLGFcIDh
CgOpcw/yEbthbhzno1TRbvHa/4i7Y/0MnhY00g3I0mNyAATQyIFy0OSkZa3VtdcFwJ+Q0JojfKAC
y6qyfrpxjsFasR+dYJT3Lr51c5EFgbTf/BqF6vgCzzl/o5IqS3fSLUKn+ngwoBADYJiS/BZyiu6rIkr
yUjWB1hda/mlfkDr2FpG5TVvSflKQTaKiZsDM9dPSLVVraLjcuAt3ANeAaDl9ik6H+mK4Kxd+TLp
DUo8Xvwvg0iIYIEhi4LVxOmJxV09NJxyJ6u4JLpt12bQHUhVmPR+D9iI592YZxxSNsQ7vA31EaQL
KC8m+JHqr1drZjaWl9mWb4pIJ76tRjQoTfkTybGDUjDqiXEOyHDe8kYO0Ez6rlV6ZrmaEN0IyNTY
eAeJEPm9jDvzRXfMhWKtIwzYOOYo9biv9tmqFms5xwca0RT+TpP8IAzsgXm4Pvtu77+JvgdVQgkZ
</xenc:CipherValue>
</xenc:CipherData></xenc:EncryptedData></soapenv:Body></soapenv:Envelope>
To send SOAP messages using SSL only, you must create a keystore record and a WS-Security profile instance. You reference the keystore record in the WS-Security profile instance, and then reference the WS-Security profile from your SOAP connector.

The following tasks explain how to create a WS-Security profile that uses encryption, signature, and timestamp credentials. For more information about using the username credential, see Creating SOAP connectors that use WSS username tokens and timestamps.

Before you begin the following tasks, make sure you create a SOAP connector. For more information, see Creating a SOAP integration.

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.