The following advanced configuration options are available:
Signature Confirmation:
If this filter is configured as part of an Initiator circuit, where the
Enterprise Gateway acts as the client in a Web Services transaction, select the
Initiator option. This means that the filter keeps a
record of the Signature that it has verified, and checks the
<SignatureConfirmation> returned by the Recipient.
Alternatively, if the Enterprise Gateway acts as the Recipient in the transaction,
select the Recipient option. In this case, the Enterprise Gateway
returns the <SignatureConfirmation> elements in the
response to the Initiator.
Default Derived Key Label:
If the Enterprise Gateway consumes a <DerivedKeyToken> , the default
value entered is used to recreate the derived key.
Algorithm Suite:
Select the WS-Security Policy Algorithm Suite that
must have been used when signing the message. This check ensures that the
appropriate algorithms were used to sign the message.
Fail if No Signatures to Verify:
Select this option if you want to configure the filter to fail if no
XML Signatures are present in the incoming message.
Verify Signature for Authentication Purposes:
You can use the XML Signature Verification filter
to authenticate an end user. If the message can be successfully
validated, it proves that only the private key associated with the
public key used to verify the signature was used to sign the message.
Because the private key is only accessible to its owner, a successful
verification can be used to effectively authenticate the message signer.
Message Attribute Containing DOM:
You can configure this field to verify the response from a SAML PDP.
When the Enterprise Gateway receives a response from the SAML PDP, it stores the
signature on the response in a message attribute. You can select this
attribute from the drop-down list to verify this signature.
Remove enclosing WS-Security element on successful verification:
Select this checkbox if you wish to remove the enclosing WS-Security block when
the signature has been successfully verified. This setting is not selected by default.
|