• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2412
  • Last Modified:

How do I generate a signature value

Given a SOAP xml file, how do I gnerate a signature value ?
0
Anthony Lucia
Asked:
Anthony Lucia
  • 2
1 Solution
 
btanExec ConsultantCommented:
Normally the SOAP message with a signature header entry, where the SOAP Body is signed and the resulting signature <ds:Signature> is added to the <SOAP-SEC:Signature> header entry.
http://www.w3.org/TR/SOAP-dsig/

the algorithm and value after computation is as below example using RSA (signing the digest) and SHA1 (digest)

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod  
            Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026">
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
          <ds:Reference URI="#Body">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MC0CFFrVLtRlk=...</ds:SignatureValue>
      </ds:Signature>

As to generate the XML signature, you likely to explore in the SOAP gateway doing that transparently e.g. The Enterprise Gateway can sign both SOAP and non-SOAP XML messages. Attachments to the message can also be signed. The resultant XML Signature is inserted into the message for consumption by a downstream Web Service. At the Web Service, the signature can be used to authenticate the message sender and/or verify the integrity of the message.
http://docs.oracle.com/cd/E24191_01/common/tutorials/content_sign_message.html

an sample of web service (Java) performing the signing function can be as below code sample
http://www.java2s.com/Tutorial/Java/0410__Web-Services-SOA/SignSOAPmessage.htm

there is tool such as soapui using for appl testing  
http://fandry.blogspot.sg/2011/05/how-to-test-secure-web-services-with.html
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
0
 
aikimarkCommented:
What kind of signature do you need?
What is your development language?
0
 
Anthony LuciaAuthor Commented:
I am trying to put a digital signature into a SAML assertion

I was hoping to find an online tool that would convert my XML to a signed XML, therefore, I could test the IdP out directly
0
 
btanExec ConsultantCommented:
Something on "OSTwoUserManJavaDSIG"
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManJavaDSIG

separately saw a list of saml tool but not attach signature though
http://www.coreblox.com/2011/06/collection-of-useful-saml-tools/

and the firefox plugin may be worth exploring though i did not delve further
https://addons.mozilla.org/en-US/firefox/addon/xml-digital-signature-tool/

This tool provides an XPCOM-IDL based wrapper around C++ based Apache XML security library. Our XPCOM-IDL based API allows any Firefox based extension to access XSEC library using JavaScript and C++. This tool also provides XUL based GUI for specifying various parameters for signing XML files and verifying signed XML files.

In addition, the tool provides following features:
- encryption and decryption of XML documents (follows the W3C spec for XML Encryption Syntax and Processing)
- ability to generate Self-Issued SAML Token (both v1.1 and v2.0) using the RSA/DSA keys in the browser's certificate DB. The SAML Token generation is implemented using our XPCOM based component for signing and encryption of XML documents.
- XPCOM based API for UUID generation. The XPCOM implementation reuses the UUID generation source code in the RFC4122. We have adapted the UUID generation code code in RFC4122 for Mozilla NSS based digest and added string based UUID API.
- Signing of HTML document and verification of signed HTML pages - follows W3C HTML Signing Profile
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now