DataPower

DataPower

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  How to use dp:sign to apply WSSec method

    Posted 3 days ago
    Hello All,
     
    I am working with dp:sign() to digitally sign a SOAP request, but the output of the signed message is not the same as when we sign the message using the sign action. How can we ensure that the signature is included in the WS-Security header when using dp:sign()?
     
    I would appreciate any guidance, sample XSLT, or references that can help.


    ------------------------------
    Krishna
    ------------------------------


  • 2.  RE: How to use dp:sign to apply WSSec method

    Posted 2 days ago

    My advice is if you need what the sign action outputs, just use it!   That's why it is there.  It might mean, in your case, you have a couple of extra actions, but FWIW, I tend to use what is configurable out-of-the-box rather than write (and maintain) a bunch of code. 

    However, if you want to really dig in, try starting with the "store:///sign-wssec.xsl", which is, by default, what the Sign action uses.  That file, though, isn't going to help terribly much, but, it includes "store:///sign-wssec-common.xsl", and then you'll find more includes on more includes.   

    The dp:sign() is relatively simple and the sign action is far more complex (Just toggle the "Basic" to go to advanced on the new UI, or go to the advanced tab on the old UI to see what I'm talking about).   On the Sign action, the header policy is strict.   You'll find how it handles that somewhere in all those includes.



    ------------------------------
    Joseph Morgan
    CEO - Independent
    ------------------------------

    Original Message


  • 3.  RE: How to use dp:sign to apply WSSec method

    Posted yesterday
    Dear Joseph,
     
    The reason I am trying to use dp:sign() to sign the SOAP message in the same way that the Sign action does is because we need to sign the SOAP message within the API that we have in IBM API Connect.
    We have a requirement to sign the SOAP message in API Connect, and we are trying  with dp:sign() to achieve this. Please advise if there are any better options to achieve this.


    ------------------------------
    Krishna
    ------------------------------

    Original Message


  • 4.  RE: How to use dp:sign to apply WSSec method

    Posted yesterday
    Edited by Joseph Morgan yesterday

    Understood!   So, unfortunately, hopefully someone has a solution for you.  Otherwise, you may be running down the rabbit-hole of the sign-wssec.xsl as I described before.

    However, with that said, you could try a hack.  Disclaimer, I have no idea if this will work.  You can call a stylesheet rule from GatewayScript's multi-step module:

    • Build a dummy XMLFW (you won't actually use).
    • Build a dummy policy (you won't actually use).
    • Build a rule (which you will use). 
    • Match all and put in a sign action to sign the input. 
    • Use an API GatewayScript Assembly action callRule() to call the rule.   From there you'll have access to the output context and you should be good to go!

    Qualifier:  If this works, 1) let us know and 2) I get full credit because I am the king of DataPower hacks!!!   :-)



    ------------------------------
    Joseph Morgan
    CEO - Independent
    ------------------------------

    Original Message


Related Content