Configure XML digital signature for v5.x web services with an assembly tool
XML digital signature is one of the methods WebSphere Application Server provides to secure the web services. It provides message integrity and authentication capabilities when used with SOAP messages.
Subtopics
- Configure trust anchors using an assembly tool
Use an assembly tool to configure trust anchors (that specify keystores which contain trusted root certificates to validate the signer certificate) or trust stores at the application level.- Configure the client-side collection certificate store using an assembly tool
We can configure the client-side collection certificate store using the assembly tool.- Configure the server-side collection certificate store using an assembly tool
A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collections of CA certificates and CRLs are used to check the signature of a digitally signed SOAP message. We can configure the server-side collection certificate store using an assembly tool.- Configure key locators using an assembly tool
The following information provides instructions on how to configure key locators using an assembly tool.- Secure web services for v5.x applications using XML digital signature
XML digital signature is one of the methods WebSphere Application Server provides to secure the web services. It provides message integrity and authentication capabilities when used with SOAP messages.- Configure the client for request signing: digitally signing message parts
To configure the client for request signing, specify which message parts to digitally sign when configuring the client.- Configure the client for request signing: choosing the digital signature method
To configure the client for request signing, specify which message parts to digitally sign when configuring the client.- Configure the server for request digital signature verification: Verifying the message parts
Configure the server for request digital signature verification by modifying the extensions to indicate which parts of the request to verify.- Configure the server for request digital signature verification: choosing the verification method
To configure server for request digital signature verification, use an assembly tool to modify the extensions and indicate which digital signature method the server will use during verification.- Configure the server for response signing: digitally signing message parts
Use an assembly tool to specify which message parts to digitally sign when configuring the server for response signing.- Configure the server for response signing: choosing the digital signature method
Use an assembly tool to specify which digital signature method to use when configuring the server for response signing.- Configure the client for response digital signature verification: verifying the message parts
To configure the Web Services Security extensions and the Web Services Security bindings, use the WS Extension tab and the WS Binding tab in the Client Deployment Descriptor within an assembly tool.- Configure the client for response digital signature verification: choosing the verification method
We can configure the Web Services Security extensions and Web Services Security bindings using the WS extension tab and the WS binding tab in the web services editor within an assembly tool.- Configure the client security bindings using an assembly tool
Use the web services client editor within an assembly tool to include the binding information, that describes how to run the security specifications found in the extensions, in the client EAR file.- Configure the server security bindings using an assembly tool
Use an assembly tool to edit bindings for a web service after these bindings are deployed on a server.