Configure XML digital signature for v5.x web services with the administrative console
XML digital signature provides both message integrity and authentication capabilities when it is used with SOAP messages. XML digital signature is one of the methods WebSphere Application Server provides to secure web services. Use the WebSphere Application Server administrative console to configure XML digital signature.
Subtopics
- Login mappings collection
View a list of configurations for validating security tokens within incoming messages. Login mappings map an authentication method to a JAAS login configuration to validate the security token. Four authentication methods are predefined in the WebSphere Application Server: BasicAuth, Signature, IDAssertion, and LTPA.- Login mapping configuration settings
Specify the JAAS login configuration settings used to validate security tokens within incoming messages.- Configure nonce using Web Services Security tokens
Nonce is a randomly generated, cryptographic token used to thwart the highjacking of user name tokens, which are used with SOAP messages. Use nonce in conjunction with the BasicAuth authentication method.- Configure trust anchors
Use the WAS administrative console to configure trust anchors that specify keystores which contain trusted root certificates to validate the signer certificate.- Configure the client-side collection certificate store
We can configure the client-side collection certificate store using the administrative console.- Configure the server-side collection certificate store
We can configure the collection certificate either using an assembly tool or the WAS administrative console.- Configure default collection certificate stores at the server level in the WAS administrative console
We can define a single collection certificate store for all of the applications that need to use the same certificates. Use the WAS administrative console to configure the default collection certificate store at the server level.- Configure default collection certificate stores at the cell level in the WAS administrative console
A collection certificate store is a collection of non-root certificate authority (CA) certificates and certificate revocation lists (CRLs). Use this collection of CA certificates and CRLs to check the signature of a digitally signed SOAP message. A certificate store typically refers to a certificate store located in the file system.- Configure key locators
We can configure binding information and key locators using the WAS administrative console.- Configure server and cell level key locators
A key locator typically locates a key store in the file system. We can configure server and cell-level key locators for a specific application using the WAS administrative console. We can configure binding information in the administrative console; however, for extensions, we must use an assembly tool.- Configure the security bindings on a server acting as a client
Use the web services client editor within an assembly tool to include the binding information, that describes how to run the security specifications found in the extensions, in the client EAR file.- Configure the server security bindings
Use the WAS administrative console to edit bindings for a web service after these bindings are deployed on a server.