SOAP signature validation

Report Inappropriate Content · 03-09-2017 03:16 PM

Does APIGEE provide some way to validate signed soap message against digital certificates stored in keystore? If any example is available for same, Please provide.

anilsr

@praveenkumar.kithuvaramesh , I don't think so. What exactly are you trying to achieve ? Are you trying to do some request message validation ? Can you post an example request & what exactly you are looking for ? Above information is not enough in my opinion. Please keep us posted.

Report Inappropriate Content

Client sends signed soap message[refer https://www.w3.org/TR/SOAP-dsig/] to APIGEE. APIGEE to validate soap signature against apigee keystore and pass the soap request to target server if validation passes, else reject the soap message.

DChiesa

Client sends signed soap message[refer https://www.w3.org/TR/SOAP-dsig/] to APIGEE. APIGEE to validate soap signature against apigee keystore and pass the soap request to target server if validation passes, else reject the soap message.

Yes, I've done this, using a Java callout. Except I did not use the Apigee Keystore, as the Java callout cannot at this time derive keys from the keystore. Instead you can read keys from the JAR itself or from the KVM in Apigee.

In short, it's possible with some custom Java code, but there is not a ready-made policy to accomplish what you want. Unfortunately, the code I used previously is not public domain code, so I cannot share it with you here.