DataPower

 View Only

Configuring the XML firewall in DataPower to sign a document and validate the signed document_using_sign_verify_rules

By Aparna Reddy posted Fri May 17, 2024 04:08 AM

  

A company needs to securely exchange sensitive financial data between its internal accounting system and an external auditing system. To ensure data integrity and authenticity, they use XML signatures. The end-to-end process includes:
  1. Signing the document
  2. Verifying the XML signature
This blog will cover how to configure the XML firewall in DataPower to sign a document and validate the signed document.

Steps to Create  XML digital signature verification from XML Firewall using

Sign-verify Actions.

 In a specific user domain, Create a XML Firewall Policy


Enter the details according to the requirement and as shown below , click on ‘+’ to create a new processing policy for any specific action to perform on the request.

3.Enter the policy-Name and click on ‘Add’ to specify the rules.

Enter the Rule name and Rule direction as per the need and click on the ‘Match rule’ action.

Click on ‘+’ to create a ‘Match Rule’.

Enter the Name and click on ‘Add’.

 Specify the URL details to match and get the response according to the rules defined

And click on ‘Apply’.

The defined Matching Rule is created as shown below and again click on ‘Apply’

You can see a successful creation message and select the created rule name and click

On ‘Done’.

10.   So, as highlighted below, select the ‘+’ sign to add the required Actions, and have selected the highlighted ‘Sign’ action.

11.   On the ‘Sign’ Action, enter the below details and also need to add a key and cert pair and click on ‘Done’.

12.  The Rule 1 is created with the below Actions and click on ‘Done’ and the successful creation messages also should be triggered accordingly.

13. Rule 1 details gets updated in the table as shown and similarly , again click on ‘Add’ to create a Verify Action with the Rules mentioned below.

14. After the ‘Verify’ rule, click on ‘+’ and add the ‘Results’ actions as shown below .

15.   The 2 rules are created and click on ‘Apply Policy’.

16. As highlighted below, created a ‘sign-verify’ policy with /sign and /verify rules and

Update the details as mentioned below and the ‘XML Firewall policy’ is been created with name ‘testverify’.

Now, you can hit the below endpoint and will be able to get the response and test.

1.     http://hostname:port/sign

POST request: with any sample SOAP XML  as payload

                       Port: 2060 as mentioned in the ‘XML Firewall’ Policy creation

2.     http://hostname:port/verify

        POST request: <response of /sign> as payload

0 comments
9 views

Permalink