Solved

How do I generate a signature value

Posted on 2014-09-03
4
1,764 Views
Last Modified: 2016-02-26
Given a SOAP xml file, how do I gnerate a signature value ?
0
Comment
Question by:Anthony Lucia
  • 2
4 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40303122
Normally the SOAP message with a signature header entry, where the SOAP Body is signed and the resulting signature <ds:Signature> is added to the <SOAP-SEC:Signature> header entry.
http://www.w3.org/TR/SOAP-dsig/

the algorithm and value after computation is as below example using RSA (signing the digest) and SHA1 (digest)

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod  
            Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026">
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
          <ds:Reference URI="#Body">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MC0CFFrVLtRlk=...</ds:SignatureValue>
      </ds:Signature>

As to generate the XML signature, you likely to explore in the SOAP gateway doing that transparently e.g. The Enterprise Gateway can sign both SOAP and non-SOAP XML messages. Attachments to the message can also be signed. The resultant XML Signature is inserted into the message for consumption by a downstream Web Service. At the Web Service, the signature can be used to authenticate the message sender and/or verify the integrity of the message.
http://docs.oracle.com/cd/E24191_01/common/tutorials/content_sign_message.html

an sample of web service (Java) performing the signing function can be as below code sample
http://www.java2s.com/Tutorial/Java/0410__Web-Services-SOA/SignSOAPmessage.htm

there is tool such as soapui using for appl testing  
http://fandry.blogspot.sg/2011/05/how-to-test-secure-web-services-with.html
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
0
 
LVL 45

Expert Comment

by:aikimark
ID: 40303160
What kind of signature do you need?
What is your development language?
0
 

Author Comment

by:Anthony Lucia
ID: 40303770
I am trying to put a digital signature into a SAML assertion

I was hoping to find an online tool that would convert my XML to a signed XML, therefore, I could test the IdP out directly
0
 
LVL 62

Expert Comment

by:btan
ID: 40303853
Something on "OSTwoUserManJavaDSIG"
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManJavaDSIG

separately saw a list of saml tool but not attach signature though
http://www.coreblox.com/2011/06/collection-of-useful-saml-tools/

and the firefox plugin may be worth exploring though i did not delve further
https://addons.mozilla.org/en-US/firefox/addon/xml-digital-signature-tool/

This tool provides an XPCOM-IDL based wrapper around C++ based Apache XML security library. Our XPCOM-IDL based API allows any Firefox based extension to access XSEC library using JavaScript and C++. This tool also provides XUL based GUI for specifying various parameters for signing XML files and verifying signed XML files.

In addition, the tool provides following features:
- encryption and decryption of XML documents (follows the W3C spec for XML Encryption Syntax and Processing)
- ability to generate Self-Issued SAML Token (both v1.1 and v2.0) using the RSA/DSA keys in the browser's certificate DB. The SAML Token generation is implemented using our XPCOM based component for signing and encryption of XML documents.
- XPCOM based API for UUID generation. The XPCOM implementation reuses the UUID generation source code in the RFC4122. We have adapted the UUID generation code code in RFC4122 for Mozilla NSS based digest and added string based UUID API.
- Signing of HTML document and verification of signed HTML pages - follows W3C HTML Signing Profile
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
mysql disables rename 4 65
Encrypting Windows 7 directories: general questions 5 28
Network Security Solution 7 44
Event 4625 - Account Name: _ 3 23
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
The 21st century solution to antiquated pagers.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now