Solved

How do I generate a signature value

Posted on 2014-09-03
4
1,849 Views
Last Modified: 2016-02-26
Given a SOAP xml file, how do I gnerate a signature value ?
0
Comment
Question by:Anthony Lucia
  • 2
4 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40303122
Normally the SOAP message with a signature header entry, where the SOAP Body is signed and the resulting signature <ds:Signature> is added to the <SOAP-SEC:Signature> header entry.
http://www.w3.org/TR/SOAP-dsig/

the algorithm and value after computation is as below example using RSA (signing the digest) and SHA1 (digest)

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod  
            Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026">
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
          <ds:Reference URI="#Body">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MC0CFFrVLtRlk=...</ds:SignatureValue>
      </ds:Signature>

As to generate the XML signature, you likely to explore in the SOAP gateway doing that transparently e.g. The Enterprise Gateway can sign both SOAP and non-SOAP XML messages. Attachments to the message can also be signed. The resultant XML Signature is inserted into the message for consumption by a downstream Web Service. At the Web Service, the signature can be used to authenticate the message sender and/or verify the integrity of the message.
http://docs.oracle.com/cd/E24191_01/common/tutorials/content_sign_message.html

an sample of web service (Java) performing the signing function can be as below code sample
http://www.java2s.com/Tutorial/Java/0410__Web-Services-SOA/SignSOAPmessage.htm

there is tool such as soapui using for appl testing  
http://fandry.blogspot.sg/2011/05/how-to-test-secure-web-services-with.html
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
0
 
LVL 45

Expert Comment

by:aikimark
ID: 40303160
What kind of signature do you need?
What is your development language?
0
 

Author Comment

by:Anthony Lucia
ID: 40303770
I am trying to put a digital signature into a SAML assertion

I was hoping to find an online tool that would convert my XML to a signed XML, therefore, I could test the IdP out directly
0
 
LVL 63

Expert Comment

by:btan
ID: 40303853
Something on "OSTwoUserManJavaDSIG"
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManJavaDSIG

separately saw a list of saml tool but not attach signature though
http://www.coreblox.com/2011/06/collection-of-useful-saml-tools/

and the firefox plugin may be worth exploring though i did not delve further
https://addons.mozilla.org/en-US/firefox/addon/xml-digital-signature-tool/

This tool provides an XPCOM-IDL based wrapper around C++ based Apache XML security library. Our XPCOM-IDL based API allows any Firefox based extension to access XSEC library using JavaScript and C++. This tool also provides XUL based GUI for specifying various parameters for signing XML files and verifying signed XML files.

In addition, the tool provides following features:
- encryption and decryption of XML documents (follows the W3C spec for XML Encryption Syntax and Processing)
- ability to generate Self-Issued SAML Token (both v1.1 and v2.0) using the RSA/DSA keys in the browser's certificate DB. The SAML Token generation is implemented using our XPCOM based component for signing and encryption of XML documents.
- XPCOM based API for UUID generation. The XPCOM implementation reuses the UUID generation source code in the RFC4122. We have adapted the UUID generation code code in RFC4122 for Mozilla NSS based digest and added string based UUID API.
- Signing of HTML document and verification of signed HTML pages - follows W3C HTML Signing Profile
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question