2 Replies Latest reply on Nov 12, 2008 12:07 PM by Matt Cheely

    Sigining a SOAP message using the enveloped-signature transf

    Matt Cheely Newbie

      I have an application that needs to consume a webservice. I've generated the client stubs with wsconsume, and I've configured most of the security settings our partner requires ( username tokens, and a signature ). However, the webservice provider requires that the SOAP envelope be signed using the enveloped-signature transform, and I can't seem to track down any information on how to do that. It _seems_ to be the sort of thing that would be configured in jboss-wsse-client.xml, but I don't see any reference to it in the xsd. If someone could point me in the right direction for this, even just let me know what documentation to look at, I would be grateful.

        • 2. Re: Sigining a SOAP message using the enveloped-signature tr
          Matt Cheely Newbie

          Unfortunately, the WS-Security documentation hasn't helped with the particular problem. It was very helpful in getting the WS-Security set up initially, and working from there I created the following jboss-wsse-client.xml file:

          <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.jboss.com/ws-security/config
           http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
           <key-store-file>META-INF/keystores/zcg.keystore</key-store-file>
           <key-store-password>zcgstore</key-store-password>
           <trust-store-file>META-INF/keystores/zcg.truststore</trust-store-file>
           <trust-store-password>zcgstore</trust-store-password>
           <config>
           <username/>
           <sign type="x509v3" alias="bandwidth.com">
           <targets>
           <target type="qname">{http://schemas.xmlsoap.org/soap/envelope/}Envelope</target>
           </targets>
           </sign>
           </config>
          </jboss-ws-security>


          Which signs the full SOAP envelope:
          <env:Envelope wsu:Id='element-2-1226509117041-2045010446' xmlns:env='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
          ...
          <ds:Reference URI='#element-2-1226509117041-2045010446' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
          


          But it still lists the Transform Algorithm as XML Exclusive Canonicalization:

           <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>