In BW, How to configure Security Policy Association to sign the SOAP Body and SOAP headers at the same time.
Article ID: KB0091688
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | - |
| Not Applicable | - |
Description
Resolution:
Background :
In BW, Security Policy and Security Policy Association are used to provide WS-Security functionality to SOAP Activities.
Currently, if leave Security Policy Association->Outbound->Message Elements Requiring Signature blank, it will only sign the SOAP body.
And if put some XPATH (for example, "headers/Header.action/ns3:Action") in it, it will sign the nodes specified by the XPATH. In this way, it is possible to sign elements inside SOAP Body. But for SOAP Body itself, it will not be signed.
Question :
So how is it possible to sign the SOAP Body and headers at the same time.
Answer :
Use this workaround :
1. Append "and SOAPENV:Body" to the end of XPATH in Message Elements Rquiring Signature, it should be like this "headers/Header.action/ns3:Action and SOAPENV:Body".
2. Add the SOAPENV namespace declaration in Security Policy Association. It may be done with text editor manually.
Find "<BWSharedResource xmlns:InLine=..."
For SOAP 1.1, replace it with "<BWSharedResource xmlns:SOAPENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:InLine=..."
For SOAP 1.2, replace it with "<BWSharedResource xmlns:SOAPENV="http://www.w3.org/2003/05/soap-envelope" xmlns:InLine=..."
3. Save it and reload the project in Desinger.
Now it signs the SOAP Body and headers at the same time.
Background :
In BW, Security Policy and Security Policy Association are used to provide WS-Security functionality to SOAP Activities.
Currently, if leave Security Policy Association->Outbound->Message Elements Requiring Signature blank, it will only sign the SOAP body.
And if put some XPATH (for example, "headers/Header.action/ns3:Action") in it, it will sign the nodes specified by the XPATH. In this way, it is possible to sign elements inside SOAP Body. But for SOAP Body itself, it will not be signed.
Question :
So how is it possible to sign the SOAP Body and headers at the same time.
Answer :
Use this workaround :
1. Append "and SOAPENV:Body" to the end of XPATH in Message Elements Rquiring Signature, it should be like this "headers/Header.action/ns3:Action and SOAPENV:Body".
2. Add the SOAPENV namespace declaration in Security Policy Association. It may be done with text editor manually.
Find "<BWSharedResource xmlns:InLine=..."
For SOAP 1.1, replace it with "<BWSharedResource xmlns:SOAPENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:InLine=..."
For SOAP 1.2, replace it with "<BWSharedResource xmlns:SOAPENV="http://www.w3.org/2003/05/soap-envelope" xmlns:InLine=..."
3. Save it and reload the project in Desinger.
Now it signs the SOAP Body and headers at the same time.
Issue/Introduction
In BW, How to configure Security Policy Association to sign the SOAP Body and SOAP headers at the same time.
Feedback
Yes
No
Powered by
