Namespace Settings

Contents

Overview

The Enterprise Gateway exposes a global setting that allows you to configure what versions of the SOAP and WSSE specifications it supports. Furthermore, it allows you to specify what attribute is used to identify the XML Signature referenced within a SOAP message.

To configure the Namespace Settings, in the Policy Studio main menu, select Settings -> Settings -> Namespace Settings. This displays the Namespace Settings dialog. Alternatively, in the toolbar, click the drop-down option on the Settings button , and select Namespace Settings.

Signature ID Attribute

The Signature ID Attribute tab allows you to list the supported attributes that can be used by the Enterprise Gateway to identify a Signature reference within an XML message.

An XML-signature <signedInfo> section may reference signed data via the URI attribute. The URI value may contain an id that identifies data in the message. The referenced data will hold the "URI" field value in one of its attributes.

By default, the server will use the "Id" attribute for each of the WSSE namespaces listed above to locate referenced signed data. The following sample XML Signature illustrates the use of the "Id" attribute: 

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
 <soap:Header>
  <dsig:Signature id="Sample" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
   <dsig:SignedInfo>
    ...
    <dsig:Reference URI="#Oracle:sLmDCph3tGZ10">
      ...
    </dsig:Reference>
   </dsig:SignedInfo>
    ....
  </dsig:Signature>
 </soap:Header>
 <soap:Body>
  <getProduct wsu:Id="Oracle:sLmDCph3tGZ10" 
      xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility">
   <Name>SOA Test Client</Name>
   <Company>Company</Company>
  </getProduct>
 </soap:Body>
</soap:Envelope>

It is clear from this example that the Signature reference identified by the URI attribute of the <Reference> element refers to the nodeset identified with the Id attribute, i.e. the <getProduct> block.

Because different toolkits and implementations of the XML-Signature specification can use attributes other than the Id attribute, the Enterprise Gateway allows the user to specify other attributes that should be supported in this manner. By default, the Enterprise Gateway supports the Id, ID, and AssertionID attributes for the purposes of identifying the signed content within an XML Signature.

However it is possible to add more attributes by clicking the Add button and adding the attribute in the interface provided. The priorities of attributes can be altered by clicking the Up and Down buttons. For example, if most of the XML Signatures processed by the Enterprise Gateway use the ID attribute, this attribute should be given the highest priority.

WSSE Namespace

The WSSE Namespace tab is used to specify the WSSE (and corresponding WSSU) namespaces that are supported by the Enterprise Gateway.

The Enterprise Gateway attempts to identify WS Security blocks belonging to the WSSE namespaces listed in this table. It first attempts to locate Security blocks belonging to the first listed namespace, followed by the second, then the third, and so on until all namespaces have been utilized. If no Security blocks can be found for any of the listed namespaces, the message will be rejected on the grounds that the Enterprise Gateway does not support the namespace specified in the message. To add a new namespace, click the add button.

It is important to note that every WSSE namespace has a corresponding WSSU namespace. For example, the following WSSE and WSSU namespaces are inextricably bound:

WSSE Namespace http://schemas.xmlsoap.org/ws/2003/06/secext
WSSU Namespace http://schemas.xmlsoap.org/ws/2003/06/utility

First, enter the WSSE namespace in the Name field. Then enter the corresponding WSSU namespace in the WSSU Namespace field.

SOAP Namespace

The SOAP Namespace tab can be used to configure the SOAP namespaces that are supported by the Enterprise Gateway. In a similar manner to the way in which the Enterprise Gateway handles WSSE namespaces, the Enterprise Gateway will attempt to identify SOAP messages belonging to the listed namespaces in the order given in the table.

The default behavior is to attempt to identify SOAP 1.1 messages first, and for this reason, the SOAP 1.1 namespace is listed first in the table. The Enterprise Gateway will only attempt to identify the message as a SOAP 1.2 message if it can't be categorized as a SOAP 1.1 message first.