Unable to sign SOAP header parts in WS-security profile
Unable to sign a part of the SOAP header in the WS-Security profile.
There are two service options and both must sign a header part (the signature part or the user specific identification part). On adding these parts to the WS-security profile, the service fails and an error is generated in the log file.
Steps to Reproduce
- Create a WS-security profile.
- Add the configuration type Timestamp and Signature.
- In the signature, set the signature parts on the Timestamp.
- Execute the service.
Only the SOAP header can be signed if the correct element configuration is entered.
Both setSignatureParts and setEncryptionParts elements use the below syntax for the part name identifiers:
To sign the entire SOAP message header element, the Signature Parts value must be set on the WS-Security Profile outflow tab as below:
For a SOAP 1.1 envelope:
For a SOAP 1.2 envelope:
To sign individual headers within the SOAP envelope header, identify each header that requires signing.
For example, sign the WS-Security UsernameToken header as below.
Perform the following local-change:
Sign the Body and Timestamp part in the header for this part name.
For more information on how to sign individual headers within the SOAP envelope header, refer to: https://community.pega.com/knowledgebase/articles/creating-soap-connector-uses-digital-signature-and-encryption
0% found this useful