Unable To Sign Header Sub-Element In OWSM (Doc ID 2291262.1)

Last updated on JULY 28, 2017

Applies to:

Oracle Web Services Manager - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Goal

In OWSM 12.2.1.1.0, there is a necessity to sign a header sub-element a custom web service header when communicating with a particular web service gateway.

In this example, it is necessary to sign the gwsxns:ConsumerApplicationID header only in each web service request.

<soapenv:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
        <gwsxns:GWSXHeader xmlns:gwsxns="http://www.gwsx.sg/gwsx/request/audit">
            <gwsxns:ConsumerApplicationID>GWSX-WSS-EAPP</gwsxns:ConsumerApplicationID>
            <gwsxns:ConsumerTxnID>WSW_TXN301703280</gwsxns:ConsumerTxnID>
        </gwsxns:GWSXHeader>
...

As an attempt, a change was made in the policy to add the header inside of the signed-parts element.  This doesn't work.

<orasp:msg-security ..>
    <orasp:request>
        <orasp:signed-parts>
                <orasp:header orasp:name="ConsumerApplicationID" orasp:namespace="http://www.gwsx.sg/gwsx/request/audit"/>
        </orasp:signed-parts>
        <orasp:encrypted-parts/>
        <orasp:signed-elements/>       
...

Another approach taken was to define it as signed element, which also doesn't work.
        
<orasp:msg-security ...">
    <orasp:request>
        <orasp:signed-parts/>
        <orasp:encrypted-parts/>
        <orasp:signed-elements>
            <orasp:element orasp:name="ConsumerApplicationID" orasp:namespace="http://www.gwsx.sg/gwsx/request/audit"/>
        </orasp:signed-elements>       
...
         
The only process that will allow customization of the signed header is to define the entire gwsxns:GWSXHeader header in the signed-parts element:
  
...       
<orasp:signed-parts>
        <orasp:header orasp:name="GWSXHeader " orasp:namespace="http://www.gwsx.sg/gwsx/request/audit"/>
</orasp:signed-parts>
<orasp:encrypted-parts/>  
...        
          
Is it possible to fulfill the requirement and if so, how can it be accomplished?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms