Solved

How do I generate a signature value

Posted on 2014-09-03
4
2,014 Views
Last Modified: 2016-02-26
Given a SOAP xml file, how do I gnerate a signature value ?
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40303122
Normally the SOAP message with a signature header entry, where the SOAP Body is signed and the resulting signature <ds:Signature> is added to the <SOAP-SEC:Signature> header entry.
http://www.w3.org/TR/SOAP-dsig/

the algorithm and value after computation is as below example using RSA (signing the digest) and SHA1 (digest)

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod  
            Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026">
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
          <ds:Reference URI="#Body">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MC0CFFrVLtRlk=...</ds:SignatureValue>
      </ds:Signature>

As to generate the XML signature, you likely to explore in the SOAP gateway doing that transparently e.g. The Enterprise Gateway can sign both SOAP and non-SOAP XML messages. Attachments to the message can also be signed. The resultant XML Signature is inserted into the message for consumption by a downstream Web Service. At the Web Service, the signature can be used to authenticate the message sender and/or verify the integrity of the message.
http://docs.oracle.com/cd/E24191_01/common/tutorials/content_sign_message.html

an sample of web service (Java) performing the signing function can be as below code sample
http://www.java2s.com/Tutorial/Java/0410__Web-Services-SOA/SignSOAPmessage.htm

there is tool such as soapui using for appl testing  
http://fandry.blogspot.sg/2011/05/how-to-test-secure-web-services-with.html
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
0
 
LVL 46

Expert Comment

by:aikimark
ID: 40303160
What kind of signature do you need?
What is your development language?
0
 

Author Comment

by:Anthony Lucia
ID: 40303770
I am trying to put a digital signature into a SAML assertion

I was hoping to find an online tool that would convert my XML to a signed XML, therefore, I could test the IdP out directly
0
 
LVL 64

Expert Comment

by:btan
ID: 40303853
Something on "OSTwoUserManJavaDSIG"
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManJavaDSIG

separately saw a list of saml tool but not attach signature though
http://www.coreblox.com/2011/06/collection-of-useful-saml-tools/

and the firefox plugin may be worth exploring though i did not delve further
https://addons.mozilla.org/en-US/firefox/addon/xml-digital-signature-tool/

This tool provides an XPCOM-IDL based wrapper around C++ based Apache XML security library. Our XPCOM-IDL based API allows any Firefox based extension to access XSEC library using JavaScript and C++. This tool also provides XUL based GUI for specifying various parameters for signing XML files and verifying signed XML files.

In addition, the tool provides following features:
- encryption and decryption of XML documents (follows the W3C spec for XML Encryption Syntax and Processing)
- ability to generate Self-Issued SAML Token (both v1.1 and v2.0) using the RSA/DSA keys in the browser's certificate DB. The SAML Token generation is implemented using our XPCOM based component for signing and encryption of XML documents.
- XPCOM based API for UUID generation. The XPCOM implementation reuses the UUID generation source code in the RFC4122. We have adapted the UUID generation code code in RFC4122 for Mozilla NSS based digest and added string based UUID API.
- Signing of HTML document and verification of signed HTML pages - follows W3C HTML Signing Profile
0

Featured Post

Database Solutions Engineer FAQs

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller single-server environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Let's recap what we learned from yesterday's Skyport Systems webinar.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question