A company needs to securely exchange sensitive financial data between its internal accounting system and an external auditing system. To ensure data integrity and authenticity, they use XML signatures. The end-to-end process includes:
- Signing the document
- Verifying the XML signature
This blog will cover how to configure the XML firewall in DataPower to sign a document and validate the signed document.
Steps to Create XML digital signature verification from XML Firewall using
Sign-verify Actions.
In a specific user domain, Create a XML Firewall Policy
Enter the details according to the requirement and as shown below , click on ‘+’ to create a new processing policy for any specific action to perform on the request.
3.Enter the policy-Name and click on ‘Add’ to specify the rules.
Enter the Rule name and Rule direction as per the need and click on the ‘Match rule’ action.
Click on ‘+’ to create a ‘Match Rule’.
Enter the Name and click on ‘Add’.
Specify the URL details to match and get the response according to the rules defined
And click on ‘Apply’.
The defined Matching Rule is created as shown below and again click on ‘Apply’
You can see a successful creation message and select the created rule name and click
On ‘Done’.
10. So, as highlighted below, select the ‘+’ sign to add the required Actions, and have selected the highlighted ‘Sign’ action.
11. On the ‘Sign’ Action, enter the below details and also need to add a key and cert pair and click on ‘Done’.
12. The Rule 1 is created with the below Actions and click on ‘Done’ and the successful creation messages also should be triggered accordingly.
13. Rule 1 details gets updated in the table as shown and similarly , again click on ‘Add’ to create a Verify Action with the Rules mentioned below.
14. After the ‘Verify’ rule, click on ‘+’ and add the ‘Results’ actions as shown below .
15. The 2 rules are created and click on ‘Apply Policy’.
16. As highlighted below, created a ‘sign-verify’ policy with /sign and /verify rules and
Update the details as mentioned below and the ‘XML Firewall policy’ is been created with name ‘testverify’.
Now, you can hit the below endpoint and will be able to get the response and test.
1. http://hostname:port/sign
POST request: with any sample SOAP XML as payload
Port: 2060 as mentioned in the ‘XML Firewall’ Policy creation
2. http://hostname:port/verify
POST request: <response of /sign> as payload