Solved

How do I generate a signature value

Posted on 2014-09-03
4
1,713 Views
Last Modified: 2016-02-26
Given a SOAP xml file, how do I gnerate a signature value ?
0
Comment
Question by:Anthony Lucia
  • 2
4 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40303122
Normally the SOAP message with a signature header entry, where the SOAP Body is signed and the resulting signature <ds:Signature> is added to the <SOAP-SEC:Signature> header entry.
http://www.w3.org/TR/SOAP-dsig/

the algorithm and value after computation is as below example using RSA (signing the digest) and SHA1 (digest)

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod  
            Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026">
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
          <ds:Reference URI="#Body">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MC0CFFrVLtRlk=...</ds:SignatureValue>
      </ds:Signature>

As to generate the XML signature, you likely to explore in the SOAP gateway doing that transparently e.g. The Enterprise Gateway can sign both SOAP and non-SOAP XML messages. Attachments to the message can also be signed. The resultant XML Signature is inserted into the message for consumption by a downstream Web Service. At the Web Service, the signature can be used to authenticate the message sender and/or verify the integrity of the message.
http://docs.oracle.com/cd/E24191_01/common/tutorials/content_sign_message.html

an sample of web service (Java) performing the signing function can be as below code sample
http://www.java2s.com/Tutorial/Java/0410__Web-Services-SOA/SignSOAPmessage.htm

there is tool such as soapui using for appl testing  
http://fandry.blogspot.sg/2011/05/how-to-test-secure-web-services-with.html
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
0
 
LVL 45

Expert Comment

by:aikimark
ID: 40303160
What kind of signature do you need?
What is your development language?
0
 

Author Comment

by:Anthony Lucia
ID: 40303770
I am trying to put a digital signature into a SAML assertion

I was hoping to find an online tool that would convert my XML to a signed XML, therefore, I could test the IdP out directly
0
 
LVL 62

Expert Comment

by:btan
ID: 40303853
Something on "OSTwoUserManJavaDSIG"
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManJavaDSIG

separately saw a list of saml tool but not attach signature though
http://www.coreblox.com/2011/06/collection-of-useful-saml-tools/

and the firefox plugin may be worth exploring though i did not delve further
https://addons.mozilla.org/en-US/firefox/addon/xml-digital-signature-tool/

This tool provides an XPCOM-IDL based wrapper around C++ based Apache XML security library. Our XPCOM-IDL based API allows any Firefox based extension to access XSEC library using JavaScript and C++. This tool also provides XUL based GUI for specifying various parameters for signing XML files and verifying signed XML files.

In addition, the tool provides following features:
- encryption and decryption of XML documents (follows the W3C spec for XML Encryption Syntax and Processing)
- ability to generate Self-Issued SAML Token (both v1.1 and v2.0) using the RSA/DSA keys in the browser's certificate DB. The SAML Token generation is implemented using our XPCOM based component for signing and encryption of XML documents.
- XPCOM based API for UUID generation. The XPCOM implementation reuses the UUID generation source code in the RFC4122. We have adapted the UUID generation code code in RFC4122 for Mozilla NSS based digest and added string based UUID API.
- Signing of HTML document and verification of signed HTML pages - follows W3C HTML Signing Profile
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Three simple tips to quickly and efficiently back up and protect the contents of your PC and Mac®.
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now