The following advanced configuration options are available:
Signature Confirmation:
If this filter is configured as part of an Initiator circuit, whereby the
Enterprise Gateway is acting as the client in a Web Services transaction, you
can select Initiator here. This means that the filter
will keep a record of the Signature that it has verirified and will check
the <SignatureConfirmation> returned by the Recipient.
On the other hand, if the Enterprise Gateway is acting as the Recipient in the
transaction, you should select the Recipient option
here. In this case, the Enterprise Gateway will return the
<SignatureConfirmation> elements in the response to the Initiator.
Default Derived Key Label:
If the Enterprise Gateway consumes a <DerivedKeyToken>, the default value
entered here is used to recreate the derived key.
Algorithm Suite:
Select the WS-Security Policy Algorithm Suite that
must have been used when signing the message. This check will ensure
that the appropriate algorithms were used to sign the message.
Fail if No Signatures to Verify:
Check this option if you want to configure the filter to fail if no
XML Signatures are present in the incoming message.
Verify Signature for Authentication Purposes:
The Integrity XML-Signature Verification filter can
be used to authenticate an end-user. If the message can be successfully
validated, it proves that only the private key associated with the
public key used to verify the signature could have been used to sign
the message. Because the private key is only accessible to its owner, a
successful verification can be used to effectively authenticate the
message signer.
Message Attribute Containing DOM:
This field can be configured to verify the response from a SAML PDP.
When the Enterprise Gateway receives a response from the SAML PDP, it stores the
signature on the response in a message attribute. You can select this
attribute from the dropdown in order to verify this signature.
|