Digitally Signing XML messages

My servlets receive XML messages and after processing and filling in some values, Digitally Sign the XMLs and send over secure connection to another server. How could possibly this be performed?
Please support your answer with code samples.
Awaiting Response

Hi,
You may need to sigm in, but try this (it's free)
http://207.68.162.250/cgi-bin/linkrd?_lang=EN&lah=7ffae4f4a6000dbf55d82280194c86c1&lat=1031873112&hm___action=http%3a%2f%2fwww%2einformit%2ecom%2fcontent%2findex%2easp%3fproduct_id%3d%7bC5920864%2d705B%2d45D3%2dBF71%2dC1E18270319A%7d%26amp%3b090102
yes, bit of a mouthful, isn't it?
best
kev
(probably a digital signature)

Similar Messages

  • Oracle.security.crypto.cert.PKCS7 signing xml message

    Dear All
    Can anybody have java sample code to sign xml message by using oracle.security.crypto.cert.PKCS7 libarary.
    Regards
    Aamir

    Hi Michal,
    > about a WM application (which only has SAP in the name)
    I'm afraid you have a completely wrong understanding of the Business Connector... 
    About 10-20% of the code (everything that deals with RFC communication, IDoc processing and conversion of IDoc/function module data to and from XML) has been developed here at SAP. And with release 4.7 (2003), SAP obtained 100% control over the source code, and we have done many fixes and enhancements in the webMethods part of the code (as well as in our own...) since then.
    I just wanted to make this point clear...
    BTW: the problem reported here is neither related to webMethods, nor to SAP: it's simply a problem with the certificate (probably a mismatch between private key and public key?!)
    Best Regards, Ulrich
    (SAP BC team)

  • RMSBulk is not unprotecting digitally signed email messages in a pst

    The RMSBulk.exe tool is not unprotecting pst messages that are digitally signed.  Any recommendations on how to get this to work? 
    The tool also does not unprotect attachment that are RMS messages (so a protected message attached to a protected message).  Is this also by design?
    Thanks

    Hi Warren,
    we are using a german product called OLX Tools Disclaimer (http://www.gangl.de/default.asp?redirect=produkte/produkte.asp%3Ffilter=noagents), unfortunatelly I could only find a the webpage in german language. But I'm sure there are a lot of more tools from other companies available in english language. I think searching for Exchange disclaimer will bring you a lot of results.
    chrissy

  • NullPointerException while sending signed XML via SOAP to Axis webservice

    Hello,
    I was wondering if it was possible to change the behavior of Apache XML Security libraries and delete "ds:" namespaces while digitally signing XML files.
    We are trying to send signed XML to a local chilean IRS, as a part of an automatic autentication process. The steps to authenticate are quite straightforward and involve:
    1. Obtain from webservice 1 a "seed", which is a random number representing temporal session opened
    2. Sign this seed (in XML format) using our certificate
    3. Send signed XML to another webservice 2, which should validate it and open a permanent session, returning a "token", which is an alphanumeric string
    What happens is that steps 1 and 2 are completed without problems, while we cannot pass step 3. The webservice (as far I know mounted on Apache Axis) fails with ugly error "NullPointerException".
    The IRS says that our signed XML, although valid, seems strange to them, as it contains those "ds:" added by Apache Xml Security libraries while signing the file.
    So here comes the question: is it possible to obtain valid signed XML without those "ds:"? What other reasons may result in that NullPointerException error?
    We use simple Java class and VeriSign certificate stored in Java keystore to sign XML files, and Apache Xml Security 1.2.0 jars.
    For any clues that could help us thank you in advance.
    Jack

    Hi,
    Few months ago we had also problems with "locked user" in XI, in our case XIAPPLUSER was sometimes (b)locked.
    Perhaps note:
    721548 Changing the passwords of the XI 3.0 service users
    will help you.
    We removed and entered the service users again, with the password in CAPITALS and language blank.
    After that our problem was solved, I hope yours too.
    Regards
    Jack

  • Can't digitally sign and encrypt email any longer.

    I used to sign and encrypt my emails digitally and then send them to people. I had two email certificates from Comodo, and it's been a while they're expired. so I renewed my certificates and deleted the old ones from my keychain, then downloaded and added the new ones. The trouble is I no longer get the digitally sign the message and encrypt the message button when I compose a new email. What could be the problem? how can I fix this?

    I am now having the same problem.  Have you seen a resolution yet?

  • Sap PI-xml Digital Signing and encryption in PI-ehp1

    Hi Experts,
    Our Business scenario is sap R/3 (sender)>rfc data to PI and to webservice(receiver) using rfc and soap adapters
    The communication channels are secured by snc/ssl.
    Now the issue is PI have to send digitally sign and encrypt xml messages to receiver and I got no clue how to do this.
    Experts please advise.
    We have to Digitally sign and encrypt xml messages in PI
    1)can we use SAML or Ssfdata xml..if so how to use them,can you send me some documents with screen shots so that i can configure the same in PI
    We used adepative tool but it does not support Dsigning
    2)Please advise the correct procedure
    3)how to develop a adapter user module and how to call it for testing purpose...please advise
    O/s:windows
    PI EHP1 7.1
    DB:oracle
    PLEASE HELP
    Thanking you
    Pooja

    Hi Experts,
    Please Advise for my above querys
    1)I tried to develop a EJB project and generate EAR file and depoly it in J2ee server and create adapter modules to call It..however I tried to use a document provided my sdn http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c0b39e65-981e-2b10-1c9c-fc3f8e6747fa?quicklink=index&overridelayout=true................however I am unable to see the options provided ,unable to create EAR project and unable to see deploy option,please can you share a correct document irrespective of nwds SP level
    2)Apart from giving JNDI name in module tab,what else should be mentioned for a small test message request/response
    3)How to call the adapter for testing purpose apart from monitoring audit logs
    Please Advise Experts
    Thanking you
    Pooja

  • Unable to digitally sign or encrypt messages in Mail

    I recently switched from a PC to a Mac and I have been unable to digitally sign or encrypt any of my e-mails. I'm currently running version 3.3 (926.1/926) for Mail and I made sure that my .cer security certificate is located in Keychain Access as well as certificates for my contacts. My certificate is valid because it has the green checkmark next to it.
    I know what the *digitally sign* and encryption buttons should look like and where they should be located when composing e-mails, but they are just not there for me. Does anyone have any advice on how to fix this. Does it matter which folder the .cer security certificates should be located in for Keychain Access? Or is there a specific option I need to enable within Mail to be able to see those buttons?
    I know that Mail is recognizing security certificates for e-mails that are being sent to me because it is showing the starburst/checkmark icon next to those e-mail addresses, and my Address Book is showing that same icon next to those e-mail addresses for my contacts.

    I finally have a solution to this problem. I had been trying to use a .cer security certificate issued by Comodo, it had worked just fine on Windows but my Mac didn't seem to like it. I also tried creating my own certificate through OSX, but even after I created it I still couldn't see the buttons.
    I had someone direct me to this webpage which ultimately helped me fix the problem:
    http://allforces.com/2007/03/02/email-security/
    I ended up using Thawte to issue me another security certificate (this time it was an x.509 file), the security certificate automatically opened in Keychain Access and downloaded to the Certificates and My Certificates folder. Once I shutdown Mail and restarted it I had the buttons for both encryption and digitally signed. Of course the encryption button is still greyed out because it is a new certificate and I need to make sure my Address Book contacts have a copy of it before I can encrypt.
    Message was edited by: Matthew Little

  • Error message "not digitally signed or not signed in the appropriate manner

    My computer keeps crashing and I discovered that it is not recognizing a hardware device.  The device is the printer.  When I check further, it asks for driver updates and when I try to do that, I get an error message "not digitally signed or not signed in the appropriate manner.  
    I have no idea how to fix this since I am the administrator and I have an HP laptop too.  Any help is great.
    Thanks,
    Sonja

    Welcome to the community, Sonja! Aka @sonipsl 
    I have personally ran into the error message you are receiving before that states "not digitally signed or not signed in the appropriate manner", and I had posted a solution to it as well. I would like for you to see the steps that had fixed the problem in my first link below. You will notice that you will have to download the correct drivers for your printer, the Photosmart B210a model, and that link is also below.
    Click this link and try the steps in my post: Solution! Re: Getting Error when updating Driver for D110a
    This is link to get your drivers for your printer model: HP Photosmart Full Feature Software and Drivers
    I hope this does the trick! Please write me back to let me know the outcome
    Enjoy the rest of your Tuesday
    R a i n b o w 7000I work on behalf of HP
    Click the “Kudos Thumbs Up" at the bottom of this post to say
    “Thanks” for helping!
    Click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution!

  • Use Sign.xml and Encrypt.xml for both request AND response within WSDL?

    Hi,
    ALSB: 2.6
    I was wandering if it's possible to use abstract outof the box WS-Policy file within WSDL file to specify encryption
    (Encrypt.xml) and digital signature(Sign.xml) with X509 for both request and response???
    So far, it only works for either request or response BUT not both. i.e. within WSDL file
    <!-- following WSDL works for encrypting and signing request with X509 in test console -->.....
    <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
        <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
        <wsdl:operation name="Message">
                <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                              <wsdl:input>
                               <!-- WS-Policy file applied here -->
                             <wsp:Policy>
                                            <wsp:PolicyReference URI="policy:Sign.xml"/>
                                            <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                       </wsp:Policy>
                                     <soap:body use="literal" />
                               </wsdl:input>
                             <wsdl:output>
                                  <soap:body use="literal" />
                               </wsdl:output>
        </wsdl:operation>
      </wsdl:binding>
               Or
    <!-- following WSDL works for encrypting and signing response with X509 in test console -->
    <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
        <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
        <wsdl:operation name="Message">
                <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                              <wsdl:input>
                                     <soap:body use="literal" />
                               </wsdl:input>
                             <wsdl:output>
                                       <!-- WS-Policy file applied here -->
                                       <wsp:Policy>
                                            <wsp:PolicyReference URI="policy:Sign.xml"/>
                                            <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                       </wsp:Policy>
                                  <soap:body use="literal" />
                               </wsdl:output>
        </wsdl:operation>
      </wsdl:binding>
    But not both
    <!-- following WSDL doesn't work for encrypting and signing both response and request with X509 in test console -->
    <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
        <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
        <wsdl:operation name="Message">
                <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                              <wsdl:input>
                                        <!-- WS-Policy file applied here -->
                                       <wsp:Policy>
                                            <wsp:PolicyReference URI="policy:Sign.xml"/>
                                            <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                       </wsp:Policy>
                                     <soap:body use="literal" />
                               </wsdl:input>
                             <wsdl:output>
                                       <!-- WS-Policy file applied here -->
                                       <wsp:Policy>
                                            <wsp:PolicyReference URI="policy:Sign.xml"/>
                                            <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                       </wsp:Policy>
                                  <soap:body use="literal" />
                               </wsdl:output>
        </wsdl:operation>
      </wsdl:binding>
    ...      Instead, I got error message like
    <15/01/2008 10:15:04 AM NZDT> <Error> <ALSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: Fault
    , message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fdb, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: Message]
    --- Error message:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode>
    <faultstring>Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</faultstring></soapenv:Fa
    ult></soapenv:Body></soapenv:Envelope>
    weblogic.xml.crypto.wss.WSSecurityException: Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
    X509v3
    at weblogic.xml.crypto.wss.SecurityBuilderImpl.addEncryption(SecurityBuilderImpl.java:308)
    at weblogic.wsee.security.wss.SecurityPolicyDriver.processConfidentiality(SecurityPolicyDriver.java:280)
    at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:75)
    at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
    at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:86)
    Truncated. see log file for complete stacktrace
    >
    <15/01/2008 10:15:24 AM NZDT> <Error> <com.bea.weblogic.kernel> <000000> <Failed to build CertPath
    java.security.cert.CertPathBuilderException: [Security:090603]The certificate chain is invalid because it could not be completed. The trusted CAs did not inclu
    de CN=x509,OU=x509,O=x509,L=Wellington,ST=Wellington,C=NZ.
    at weblogic.security.providers.pk.WebLogicCertPathProviderRuntimeImpl$JDKCertPathBuilder.engineBuild(WebLogicCertPathProviderRuntimeImpl.java:669)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
    at com.bea.common.security.internal.legacy.service.CertPathBuilderImpl$CertPathBuilderProviderImpl.build(CertPathBuilderImpl.java:67)
    at com.bea.common.security.internal.service.CertPathBuilderServiceImpl.build(CertPathBuilderServiceImpl.java:86)
    at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
            Truncated. see log file for complete stacktrace
    >
    <15/01/2008 10:15:24 AM NZDT> <Error> <ALSB Security> <BEA-387022> <An error ocurred during web service security inbound request processing [error-code: Fault,
    message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fd8, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: null]
    --- Error message:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault xmlns:wsse="http://docs.oasis-open.or
    g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurityToken</faultcode><faultstring>Security token failed to validate. weblo
    gic.xml.crypto.wss.SecurityTokenValidateResult@3c5347b[status: false][msg [
      Version: V1
      Subject: CN=x509, OU=x509, O=x509, L=Wellington, ST=Wellington, C=NZ
      Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
      Key:  Sun RSA public key, 1024 bits
      modulus: 13052787793731294943682394984664645854838424340012907077330623....
      The 'System Error Handler' from 'Invocation Trace' in ALSB test console is something like
    [pre]     
    $fault:
    <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
         <con:errorCode>BEA-386201</con:errorCode>
         <con:reason>
              A web service security fault
              occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Failed
              to get token for tokenType:
              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3]
         </con:reason>
         <con:details>
              <err:WebServiceSecurityFault
                   xmlns:err="http://www.bea.com/wli/sb/errors">
                   <err:faultcode
                        xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                        soapenv:Server
                   </err:faultcode>
                   <err:faultstring>
                        Failed to get token for tokenType:
                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
                   </err:faultstring>
              </err:WebServiceSecurityFault>
         </con:details>
         <con:location>
              <con:path>response-pipeline</con:path>
         </con:location>
    </con:fault>
    So is this a feature not supported in ALSB 2.6 yet or am I missing something dead simple?
    Thanks in advance
    Sam

    Instead of specifying policies for input and output separately you could place the policy reference only once in the operation element. Maybe will this solve your problem...
    http://e-docs.bea.com/alsb/docs26/security/ws_policy.html#wp1061166

  • Digitally Signing specific SOAP elements using Java Mapping

    Hello SDNers,
    Iu2019m having trouble creating java mappings to sign and verify digital signatures.  Iu2019m new to Java so this is proving difficult.  I understand the basic concepts of OO programming and utilizing classes/objects to build the program, but Iu2019m having trouble with the conceptual understanding of how I would like to get this done.
    I have outbound and inbound messages.  The outbound messages are originating from an ECC backend.  The messages are processed through PI with a basic Message Mapping, then it is wrapped in a SOAP envelope with specific information using a XSL mapping and then I would like to use a Java Mapping to Digitally Sign specific portions of the entire message; specifically around an element in the SOAP header and sign the SOAP body.  I also need to verify these sections for all inbound messages.
    The simple pseudo code I have for the outbound messages is as follows:
    <ol>
    <li>1. read in xml (file input stream)</li>
    <li>2. find the (specific information)</li>
    <ol>
    <li>a. assign that string to a variable</li>
    <li>b. sign this variable with the security profile (keystore, private key)</li>
    <li>c. e-write the variable into the main xml file</li>
    </ol>
    <li>3. find the soap body</li>
    <ol>
    <li>a. assign that string to a variable</li>
    <li>b. sign this variable with the security profile (keystore, private key)</li>
    <li>c. re-write the variable into the main xml file</li>
    </ol>
    <li>4. write the output file with both variables written (file output stream)</li>
    </ol>
    Currently Iu2019m using PI 7.1 so there is no more Visual Administrator tool.
    Iu2019ve seen the examples from the last link, but I canu2019t seem to put it together when mixed with basic java mapping example.  I have been searching the SDN forums for a while now, but hereu2019s my specific question:  how do you create a java mapping to sign and verify specific elements of a SOAP message?
    Thanks in advance,
    Jason

    Hi Jason, did you ever architect a solution for this?

  • How to send a signed SOAP message with additional HTTP Header fields

    Our Partner's integration requirements are that we send them asynchronous SOAP messages, that are digitally signed, and whose HTTP headers contains 5 or 6 additional header fields, of which 3 or 4 will need to be dynamically set during the message mapping.  I believe we can use the HTTP adapter for adding new fields to the HTTP header, but don't believe it supports signing.  I believe that the SOAP adapter supports signing, but I'm not clear on how to use it to add fields to the HTTP header.  What is the most straight-forward way to achieve both the signing of the message and the addition of the HTTP header values?
    Thanks,
    Kurt

    >>>What is the most straight-forward way to achieve both the signing of the message and the addition of the HTTP header values?
    Use Java mapping for both.
    1) Signing the message
    You can digitally sign the soap message using many standard api like WSS4j? or  refer Java XML signature API which comes in Jdk1.6.
    Refer these links
    WSS4J  -  http://ws.apache.org/wss4j/axis.html
    Java XML signature : http://java.sun.com/developer/technicalArticles/xml/dig_signature_api/
    2) >>whose HTTP headers contains 5 or 6 additional header fields, of which 3 or 4 will need to be dynamically set during the message mapping
    Use Dynamic configuration API to set the additional header fields during message mapping.

  • Digitally Signing Flex/AIR Application

    I am looking for some help with updating an AIR application with a renewed certificate.
    The way that Adobe AIR handles digitally signed certificates is fairly confusing. I think it has changed with the release of AIR 1.5.3 and this change has caught us off guard and has resulted in some problems.
    According to the Adobe website: Prior to AIR 1.5.3, signing an AIR application with a renewed certificate did not always require a migration signature. Starting with AIR 1.5.3, a migration signature is always required for renewed certificates.
    Furthermore: The certificate must be changed before the original certificate expires. If you do not create an update signed with a migration signature before your certificate expires, users will have to uninstall their existing version of your application before installing a new version. As of AIR 1.5.3, an expired certificate can be used to apply a migration signature within a 180 day grace period after the certificate has expired. (You cannot use the expired certificate to apply the main application signature.).
    See:
    http://help.adobe.com/en_US/AIR/1.5/devappsflex/WS5b3ccc516d4fbf351e63e3d118666ade46-7ff0. html#WS5b3ccc516d4fbf351e63e3d118666ade46-7cca
    http://help.adobe.com/en_US/AIR/1.5/devappsflex/WS13ACB483-1711-43c0-9049-0A7251630A7D.htm l
    BOTTOM LINE:
    We did not create a "migration signature" within the 180 grace period because we had no updates (bug fixes or enhancements) to our application during this time. When I finally did prepare a new release of our application and signed it with our new certificate, the Adobe installer is not recognizing the new application as an UPDATE of the old application so when you try to install it, the user gets an error message that an application that the same name is already installed. In the past, the installer recognizes the new application as an update and it replaces the old app. I think there may be a way for me to handle this properly, but all of my attempts so far have not produced the results I am looking for.
    The issues may be related to specifying a Publisher ID. We may need to specify the publisherId in the descriptor.xml file, which we have never had to do in the past. However, the publisherId property may only be available in 1.5.3. I have been having trouble specifying the 1.5.3 name space (<application xmlns="http://ns.adobe.com/air/application/1.5.3">). I think that must only be available for newer versions of the compiler. I am currently using 3.5.
    Are there any experts on this topic that can explain How I can package my updated app so that the installer recognizes it as an UPDATE and not a NEW APP with the same name (which doesn't work)?

    Any ideas on this?

  • Signed XML in SOAP Adapter

    Hello Experts,
    I have a scenario with receiver SOAP adapter, I have used the security profile in the channel and receiver agreement i have selected sign and all rudimentary requirements..
    But im unable to see the signed payload in the CC monitoring..it should be in the format
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="................</wsse:BinarySecurityToken>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
    <ds:Reference URI="#id-24819136">
    <ds:Transforms>
    <ds:Transform Algorithm=...........
    Im not able to see it in the SOAP adapter...have i missed something in the config...I have generated the cert in visual admin and given the correct values too in the channel and recv agreement.
    Can ne one elucidate on this please...
    How can i view the signed xml coming from the SOAP adapter?
    Regards,
    Farooq
    Edited by: Farooq Hussain on Nov 12, 2008 7:46 PM

    Hi  Farooq
    You have generated certificates? this will encrypt complete xml while sending. for that you need to set procedure as Encrypt this is what my understanding in this.
    XML Signature
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/55814003-0b01-0010-1ca2-c683a191ebfc
    Did you have checked with this
    Using Digital Signatures in XI
    it doesn't talk about generating the certificate and encrypting complete message but it actually encrypt complete message when you generate certificate.
    How XML Encryption can be done using web services security in SAP NetWeaver XI
    This also speaks similar. I am not able to get the link .. try search for "Ensure the Confidentiality of Your SOAP Message Content" to understand more on this
    Thanks
    Gaurav

  • Digital Sign into payload and other security doubts

    Hello experts,
    I have a RFC_to_SOAP scenario, and I have to digitally sign the information of the outbound payload (comming from the RFC sender) AND add it to the inbound payload (send it to the target web service, which imported wsdl file is forcing me to include that sign).
    In order to do so, can I use the receiver agreement option for digitally sign the document? I guess I can't because it would be added to the payload. So how to do it? Should it be done in message mapping as java mapping? Any indications about how to do that?
    Besides I have a doubt about the certification settings in the receiver soap channel and the sign settings in receiver determination. What's exactly the difference? What does each of them with the message?
    Thanks in advance.

    Hi Ivan, thank you for your response.
    I'm trying to develope a module for the soap adapter as you suggested, however I have a question about what you said.
    If you only want to sign the content of the XML and not sing the whole payload you can use a Java Mapping
    What exactly do you mean with signing the whole payload or just the content?
    If I have this xml
    <?xml version="1.0" encoding="UTF-8" ?>
      <ListaDecV3Ent xmlns="https://www3.aeat.es/ADUA/internet/es/aeat/dit/adu/adht/banent/ListaDecP3Ent.xsd">
      <declarante>
      <NifDeclarante>27456992N</NifDeclarante>
      <NombreDeclarante>José Gutierrez</NombreDeclarante>
      </declarante>
      </ListaDecV3Ent>
    with signing only the content you mean that it would only make the digest and encription of the text 27456992N and José Gutierrez, and signing the whole payload would digest and encritp the xml tags too? If so I need the whole payload to be signed.
    Couldn't be that done in java mapping?
    By the way I've seen documentation indicating that in order to program an adapter module, a J2EE Java Bean must be developed and deployed to the server. However I'm working in PI 7.1 and in the module tab of the channel I see the option to use a Java Library instead (the options are local enterprise bean, remote enterprise bean and java library). Is it possible? Any info on how it works?
    About my doubts in the previous post, if I use the receiver agreement sign option, where would exactly be the sign be placed in the message, and what would it exactly sign?
    Any forum mate who can answer is welcome
    PD: Ivan I'll open a thread in the spanish forum too if you want to talk there

  • OSB: fn-bea:inlinedXML format my signed XML

    Hello.
    I'm trying to replace my output xml message with the same message, but digitally signed.
    My proxy flow looks like:
    1. Call to BS.
    2. In response, take the output from BS and digitally sign it (Service callout to a signing service).
    3. Take the output from that service (it returns the signed xml into a "CDATA" section).
    4. Extract the xml (CDATA), and call to fn-bea:inlinedXML
    5. Substitute the output message with the xml in point 4).
    But "inlinedXML" seems to format the xml string (whitespace, line breaks,...), so the sign is no longer valid.
    ¿Can OSB convert from string to xml without formatting?.
    Thanks.

    Hello.
    Does anyone knows how to tell OSB to stop formatting my XML?.
    Thanks.

Maybe you are looking for

  • When I bookmark a page, a list of suggested places to save it is available, but how does it select those places (and how can I edit it to remove unneeded folders)?

    The pull-down includes a few logical places where I might want to save my bookmark, but it also includes a few that I may have used in the past but no longer want listed. How do I remove the erroneous locations??

  • Touch Apps for Creative Cloud Users

    I recently took a survey for Adobe and in that survey there was a question asking if I knew that Touch apps were available to Creative Cloud subscribers as part of our membership.  Maybe I misread, because this definitely doesn't seem to be the case.

  • Fastest type of data repository vi

    I have inherited a large LV application that in some instances runs VERY slowly. This is almost exclusively due to data transfers either between the application and the database or between some vis accessing data in repository vis. The first time dat

  • IPod nano - capacity, again!

    Before I commit to Apple and turn my back on Creative, a question! I know that Apple quotes a 1000 song capacity for the 4Gb nano - but is there any firmware limit to the capacity? My 1Gb Creative MuVo can hold 600 songs, but the firmware only allows

  • Single layout for multiple printers

    Hi All,    My requirement is that I need to create a single SAPScript driver and layout program which should work for multiple printers. I know that a SAPScript layout is printer-dependent. So is there any way through which I can make a single layout