Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space FUNCTDEV and version SOAVIRT_9.10.5_CTP_3.1.1

...

  • Form: Choose the appropriate form to specify the key and certificate used for encryption.
  • Actor: Enter a value to specify a SOAP actor.
  • Add mustUnderstand="1" attribute: Specifies whether or not the receiver must recognize and decrypt the message. If this option is enabled, a SOAP fault will be sent back if the receiver does not know how to decrypt and deserialize the message.
  • Add timestamp: Select to add a timestamp to the message. When this option is enabled, the following are available:
    • Sign timestamp: Select to provide a digital signature with the timestamp.
    • Add expiration: Select to enter an expiration value in the Time to Live field.

Anchor
Target Elements
Target Elements
Target Elements

When selecting Target Elements from the left pane of the Tools Settings tab, the following options are available—if Encrypt is selected in the General tab:

  • SOAP body/entire document: Select to encrypt the entire SOAP body or entire XML document.
  • Click the Add button (only available if SOAP body/entire document is unselected) to specify an XPath and encrypt a specific element within the XML document. After clicking the Add button, a row will appear in the Element Selection list. The Element Selection list consists of the following two columns:
    • XPath Expression: Allows you to enter the desired XPath you would like encrypted.
    • Target: Allows you to choose either Entire Element or Content Only.
      Selecting Entire Element will encrypt the entire XPath.
      Selecting Content Only will encrypt only the text content.

Anchor
Emulation Options
Emulation Options
Emulation Options

When selecting Emulation Options from the left pane of the Tools Settings tab, the following options are available:

Note
titleNote
The following options are available only if WS-Security Mode is selected in the General tab.
  • Emulate: Select the application server you are using to automatically configure the emulation options. You can also select the appropriate version number of your application server from the Version drop-down menu.
    • To manually configure the emulation options, select Custom from the Emulate drop-down menu. The following options will be available for you to manually configure:
      • wsse URI: Select the namespace URI of the WS-Security specification used.
      • wsu URI: Select the utility namespace URI of the WS-Security specification used.
      • Qualify signed element ID attribute: Select to qualify signed element ID attribute.
      • Qualify BinarySecurity Token attributes: Select to qualify binary security token attributes with the wsse namespace.
      • Prefix BinarySecurity Token attribute values: Select to prefix binary security token attributes with the wsse URI.

Anchor
Encryption Options
Encryption Options
Encryption Options

With Encryption Options selected in the left pane of the Tools Settings tab, the following options are available:

  • Security Header Layout: This property indicates which layout rules to apply when adding items to the security header. The following options are available:
    • Lax: Items are added to the security header in any order that conforms to WSS: SOAP Message Security
    • LaxTimestampFirst: Same as Lax, except that the first item in the security header MUST be a wsse:Timestamp
    • LaxTimestampLast: Same as Lax, except that the last item in the security header MUST be a wsse:Timestamp
    • Strict: Items are added to the security header following the numbered layout rules described below according to a general principle of 'declare before use'.

Anchor
Decryption Options
Decryption Options
Decryption Options

With Decryption Options selected in the left pane of the Tools Settings tab, the following options are available:

Note
titleNote
The following options are available only if the Decrypt radio button is selected in the General tab.
  • Signature verification: This setting allows you to specify whether you'd like to perform a Signature verification when decrypting the XML message.
  • Key Store: Specifies the key store used to verify the signature. The Key Stores available in this menu depend on the Key Stores you added at the test or Responder suite level.

    • Decrypt all known WSS headers: Select to decrypt WSS header formats.
    • Decrypt specific header formats: Select to decrypt specific header formats.

Input Type Tab

The Input Type tab is only available if the XML Encryption tool is added as a standalone tool and not chained to another tool. The following options are available from the Input Type tab:

  • Text: Use this option if you want to type or copy the XML document into the UI. Select the appropriate MIME type, enter the XML in the text field below the Text radio button.
  • File: Use this option if you want to use an existing file. Click the Browse button to choose a file.
    • Check the Persist as Relative Path option if you want the path to this file to be saved as a path that is relative to the current configuration file. Enabling this option makes it easier to share tools across multiple machines. If this option is not enabled, the test or Responder suite will save the path to this file as an absolute path. 

Usage Notes


You can  chain the XML Encryption tool to a tool by right-clicking the desired tool node and selecting Add Output from the shortcut menu and then selecting XML Encryption from the dialog that opens. The tool will use the transformed XML.

You can chain the XML Encryption tool and the XML Signer tool to a messaging tool to perform both encryption and XML signature on a message. For more information on the XML Signer tool, see XML Signer.

 You can also chain any tool, such as an Edit or Browse tool, to the XML Encryption Tool by right-clicking the desired XML Encryption Tool node and selecting Add Output from the shortcut menu and then selecting XML Encryption from the dialog that open

Anchor
Unlimited Strength Java Cryptography Extension
Unlimited Strength Java Cryptography Extension
Unlimited Strength Java Cryptography Extension

Info
titleImportant
In order to perform security operations using the XML Signature Verifier, XML Signer, or XML Encryption tools, or if using Key Stores, you will need to download and install the Unlimited Strength Java Cryptography Extension. For details, see JCE Prerequisite.