My Oracle Support Banner

Unable To Sign Header Sub-Element In OWSM (Doc ID 2291262.1)

Last updated on MAY 25, 2023

Applies to:

Oracle Web Services Manager - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Goal

In OWSM 12.2.1.1.0, there is a necessity to sign a header sub-element a custom web service header when communicating with a particular web service gateway.

In this example, it is necessary to sign the <name>ns:ConsumerApplicationID header only in each web service request.

<soapenv:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
        <gwsxns:GWSXHeader xmlns:gwsxns="http://www.<name>.<domain>/<name>/request/audit">
            <            <        </<name>ns:<NAME>Header>
...

As an attempt, a change was made in the policy to add the header inside of the signed-parts element.  This doesn't work.

<orasp:msg-security ..>
    <orasp:request>
        <orasp:signed-parts>
                <orasp:header orasp:name="ConsumerApplicationID" orasp:namespace="http://www.<name>.<domain>/<name>/request/audit"/>
        </orasp:signed-parts>
        <orasp:encrypted-parts/>
        <orasp:signed-elements/>       
...

Another approach taken was to define it as signed element, which also doesn't work.
        
<orasp:msg-security ...">
    <orasp:request>
        <orasp:signed-parts/>
        <orasp:encrypted-parts/>
        <orasp:signed-elements>
            <orasp:element orasp:name="ConsumerApplicationID" orasp:namespace="http://www.<name>.<domain>/<name>/request/audit"/>
        </orasp:signed-elements>       
...
         
The only process that will allow customization of the signed header is to define the entire <name>ns:<NAME>Header header in the signed-parts element:
  
...       
<orasp:signed-parts>
        <orasp:header orasp:name="<NAME>Header " orasp:namespace="http://www.<name>.<domain>/<name>/request/audit"/>
</orasp:signed-parts>
<orasp:encrypted-parts/>  
...        
          
Is it possible to fulfill the requirement and if so, how can it be accomplished?

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.