Before you begin
Prior to completing this task, you must import your application into an assembly tool. For information on how to import your application, see Importing enterprise applications.Why and when to perform this task
Complete the following steps to specify which message parts to digitally sign when you configure the generator security constraints for either the request generator or the response generator. The request generator is configured for the client and the response generator is configured for the server. In the following steps, you must configure either the client-side extensions in step 2 or the server-side extensions in step 3.Steps for this task
Example
The following example is a SOAP message whose body is signed using the body keyword and the http://www.ibm.com/websphere/webservices/wssecurity/dialect-was dialect:
<soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Header soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/ 2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/ oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0# X509v3" wsu:Id="x509bst_956396521418196" xmlns:wsu="http://docs.oasis-open.org/ wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> MA0GCSqGSIb3DQEBBQUAA4 GBAHkthdGDgCvdIL9/vXUo74xpfOQd/rr1owBmMdb1TWdOyzwbOHC7lkUlnKrkI7SofwSLSDUP571ii MXUx3tRdmAVCoDMMFuDXh9V7212luXccx0s1S5KN0D3xW97LLNegQC0/b+aFD8XKw2U5ZtwbnFTRgs097 dmz09RosDKkLlM </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="wsse ds xsi soapenc xsd soapenv " xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#wssecurity_signature_id_5945817517184298591"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="p896 xsi soapenc xsd wsu soapenv " xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>vyu0JwXXSAvRCUCi6TPkeH8yUTU=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>dtbYA609wwAUAA8BmDmJlVHrWShy6OLJB3n4A6ToU0lI9tJrNhBksGqks17 cykf+uHTJcgOY18XrRDN4wHTW4zm/tmD5WqQd8K1WpYaGpbwlFoiwKVFNyfQn2K/WbZ2JccmZvJGF aOtqStg6TqSUGLQSA5MCSpZUhck545IY2F4= </ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#x509bst_956396521418196" ValueType="http://docs. oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" wsu:Id="wssecurity_signature_id_5945817517184298591" xmlns:wsu="http://docs.oasis-open.org/ wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <p896:getVersion xmlns:p896="http://msgsec.wssecfvt.ws.ibm.com"/> </soapenv:Body> </soapenv:Envelope>
What to do next
After you specify which message parts to digitally sign, you must specify which method is used to digitally sign the message. For more information, see Configuring signing information for the generator binding with an assembly tool.Related concepts
XML digital signature
Related tasks
Adding a stand-alone time stamp to generator security constraints
Adding time stamps for integrity to generator security constraints
with an XPath expression
Adding a nonce for integrity to generator security constraints with
an XPath expression
Configuring signing information for the generator binding with an assembly
tool