User guide
Chapter 15: User Authentication, SOAP Digital Signature and XML Encryption for Web Services (SOAP)
15-12
Notes
• If the SOAP digital signature generation function is enabled from the Web Service Information Edit
Tool, the SOAP digital signature is automatically attached to the SOAP header based on the
settings.
• If details are not set, the signature is generated to the results of XML canonicalization after deleting
comments from the contents in the SOAP body elements of the SOAP message.
• The settings of the SOAP digital signature generation can also be configured by the
soapsecsignconf command. For information on the soapsecsignconf command refer to Reference
Manual (Command Edition).
Specifying the Signature Target
The following two types of signature target can be selected for the SOAP digital signature:
• Any nodes inside the SOAP envelope
− ID Reference
− XPath filtering
• Attachment files
− Content-Id
Specifying the Signature Target Using ID Reference
If the SOAP message is created using SAAJ-API, it is possible to add an ID attribute to the element
being signed. In the SOAP digital signature, the following attributes are regarded as an ID attribute:
Namespace URI: http://schemas.xmlsoap.org/ws/2002/07/utility
Local Name: “Id”
To sign an element with an ID attribute, specify a string of the ID attribute value after the number sign
("#") as the signature target.
Example
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body xmlns:wsu="http:// schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="body">
<m:ResponseBody xmlns:m="urn:SampleMsg">
<Response>response string...</Response>
</m:ResponseBody>
</soapenv:Body>
</soapenv:Envelope
If "#body" is specified as the signature target for the above SOAP message, <soapenv:Body> and its
contents will be signed.