Table of Contents

Configuring digital signature and encryption for SOAP connectors

If your application connects to an external SOAP service that requires the WS-Security protocol, you can create a SOAP connector that uses a digital signature and encryption. To use a digital signature and encryption, you configure the connector rule to include the credentials in the SOAP request envelope header.

You create a WS-security profile in Pega Platform and define a keystore. The keystore contains the cryptographic data that is used for authentication and encryption. Requests that use a digital signature are digitally signed using information in the keystore file that you upload. An encryption configuration enables you to encrypt specified parts of an outgoing message, which can then be decrypted by a service.

The request and response messages contain a reference to the security token contained within the keystore and a cipher of the message body content, as shown in the following example.

<soapenv:Body xmlns:wsu="" wsu:Id="Id-7739053>
<xenc:EncryptedData Id="EncDataId-7739053" Type="">
<xenc:EncryptionMethod Algorithm="" />
<ds:KeyInfo xmlns:ds="">
<wsse:SecurityTokenReference xmlns:wsse="">
<wsse:Reference URI="#EncKeyId-urn:uuid:FA106335A882E157EB12586467444374" />
To send SOAP messages using SSL only, you must create a keystore record and a WS-Security profile instance. You reference the keystore record in the WS-Security profile instance, and then reference the WS-Security profile from your SOAP connector.

The following tasks explain how to create a WS-Security profile that uses encryption, signature, and timestamp credentials. For more information about using the username credential, see Creating SOAP connectors that use WSS username tokens and timestamps.

Before you begin the following tasks, make sure you create a SOAP connector. For more information, see Creating a SOAP integration.

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.