Configure XML digital signature for Version 5.x web services with an assembly tool

XML digital signature is one of the methods WebSphere Application Server provides to secure the web services. It provides message integrity and authentication capabilities when used with SOAP messages.

Subtopics

• Configure trust anchors using an assembly tool
  Use an assembly tool to configure trust anchors (that specify keystores which contain trusted root certificates to validate the signer certificate) or trust stores at the application level.

• Configure the client-side collection certificate store using an assembly tool
  We can configure the client-side collection certificate store using the assembly tool.

• Configure the server-side collection certificate store using an assembly tool
  A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collections of CA certificates and CRLs are used to check the signature of a digitally signed SOAP message. We can configure the server-side collection certificate store by using an assembly tool.

• Configure key locators using an assembly tool
  The following information provides instructions on how to configure key locators using an assembly tool.

• Secure web services for Version 5.x applications using XML digital signature
  XML digital signature is one of the methods WebSphere Application Server provides to secure the web services. It provides message integrity and authentication capabilities when used with SOAP messages.

• Configure the client for request signing: digitally signing message parts
  To configure the client for request signing, specify which message parts to digitally sign when configuring the client.

• Configure the client for request signing: choosing the digital signature method
  To configure the client for request signing, specify which message parts to digitally sign when configuring the client.

• Configure the server for request digital signature verification: Verify the message parts
  Configure the server for request digital signature verification by modifying the extensions to indicate which parts of the request to verify.

• Configure the server for request digital signature verification: choosing the verification method
  To configure the server for request digital signature verification, use an assembly tool to modify the extensions and indicate which digital signature method the server will use during verification.

• Configure the server for response signing: digitally signing message parts
  Use an assembly tool to specify which message parts to digitally sign when configuring the server for response signing.

• Configure the server for response signing: choosing the digital signature method
  Use an assembly tool to specify which digital signature method to use when configuring the server for response signing.

• Configure the client for response digital signature verification: verifying the message parts
  To configure the Web Services Security extensions and the Web Services Security bindings, use the WS Extension tab and the WS Binding tab in the Client Deployment Descriptor within an assembly tool.

• Configure the client for response digital signature verification: choosing the verification method
  We can configure the Web Services Security extensions and Web Services Security bindings using the WS extension tab and the WS binding tab in the web services editor within an assembly tool.

• Configure the client security bindings using an assembly tool
  Use the web services client editor within an assembly tool to include the binding information, that describes how to run the security specifications found in the extensions, in the client EAR file.

• Configure the server security bindings using an assembly tool
  Use an assembly tool to edit bindings for a web service after these bindings are deployed on a server.