A company needs to securely exchange sensitive financial data between its internal accounting system and an external auditing system. To ensure data integrity and authenticity, they use XML signatures. The end-to-end process includes:
- Signing the document
- Verifying the XML signature
This blog will cover how to configure the XML firewall in DataPower to sign a document and validate the signed document.
Steps to Create XML digital signature verification from XML Firewall using
Sign-verify Actions.
In a specific user domain, Create a XML Firewall Policy
![](https://dw1.s81c.com//IMWUC/MessageImages/5e4daa58dd3b4b0b9034969d161040e2.png)
Enter the details according to the requirement and as shown below , click on ‘+’ to create a new processing policy for any specific action to perform on the request.
![](https://dw1.s81c.com//IMWUC/MessageImages/55d17ed7bc08441a990db4b239029dfe.png)
3.Enter the policy-Name and click on ‘Add’ to specify the rules.
![](https://dw1.s81c.com//IMWUC/MessageImages/8e8bd98d057148f2a62402a0b8720799.png)
Enter the Rule name and Rule direction as per the need and click on the ‘Match rule’ action.
![](https://dw1.s81c.com//IMWUC/MessageImages/6a4907480c6b4dec8c6eb18e3faab46e.png)
Click on ‘+’ to create a ‘Match Rule’.
![](https://dw1.s81c.com//IMWUC/MessageImages/05672d501be04c89a7898bf163607036.png)
Enter the Name and click on ‘Add’.
![](https://dw1.s81c.com//IMWUC/MessageImages/5ae9c408b8a0442db152aa8319fe9c09.png)
Specify the URL details to match and get the response according to the rules defined
And click on ‘Apply’.
![](https://dw1.s81c.com//IMWUC/MessageImages/e7ec37ffe45a472a8f57d825411ab9e3.png)
The defined Matching Rule is created as shown below and again click on ‘Apply’
![](https://dw1.s81c.com//IMWUC/MessageImages/14ff5a5c661c494796619bc4670c403f.png)
You can see a successful creation message and select the created rule name and click
On ‘Done’.
![](https://dw1.s81c.com//IMWUC/MessageImages/44e1026a7b80427bb4d6645ba6981134.png)
10. So, as highlighted below, select the ‘+’ sign to add the required Actions, and have selected the highlighted ‘Sign’ action.
![](https://dw1.s81c.com//IMWUC/MessageImages/5cdc33e844434ccaa986f11be7b9d9fd.png)
11. On the ‘Sign’ Action, enter the below details and also need to add a key and cert pair and click on ‘Done’.
![](https://dw1.s81c.com//IMWUC/MessageImages/aadddf2289054024b2b95f6086a006ac.png)
12. The Rule 1 is created with the below Actions and click on ‘Done’ and the successful creation messages also should be triggered accordingly.
![](https://dw1.s81c.com//IMWUC/MessageImages/742e882b6bb14e05a8ef57392a3cf2d2.png)
13. Rule 1 details gets updated in the table as shown and similarly , again click on ‘Add’ to create a Verify Action with the Rules mentioned below.
![](https://dw1.s81c.com//IMWUC/MessageImages/55d22c774662475594e9e2279ced959f.png)
![](https://dw1.s81c.com//IMWUC/MessageImages/a50999e5e4c544298ac5f84564621cb5.png)
14. After the ‘Verify’ rule, click on ‘+’ and add the ‘Results’ actions as shown below .
![](https://dw1.s81c.com//IMWUC/MessageImages/a7feb7d8334d44d6b1d497700584f08c.png)
15. The 2 rules are created and click on ‘Apply Policy’.
![](https://dw1.s81c.com//IMWUC/MessageImages/18db1b168ae94eb591af56814fbe9e0d.png)
16. As highlighted below, created a ‘sign-verify’ policy with /sign and /verify rules and
Update the details as mentioned below and the ‘XML Firewall policy’ is been created with name ‘testverify’.
![](https://dw1.s81c.com//IMWUC/MessageImages/b39753586d5b4b439df7883628a27554.png)
![](https://dw1.s81c.com//IMWUC/MessageImages/264d96963a8a44c18799c12de1f74bc3.png)
Now, you can hit the below endpoint and will be able to get the response and test.
1. http://hostname:port/sign
POST request: with any sample SOAP XML as payload
Port: 2060 as mentioned in the ‘XML Firewall’ Policy creation
2. http://hostname:port/verify
POST request: <response of /sign> as payload