We often come across the situation where several components in the mix do not understand the authentication mechanisms and we then tend to integrate those components using DataPower integration appliance. Phew! Thanks for DataPower XI50.
I came across a situation where I wanted to integrate Component A (digital signature) with Component B (mutual authentication). For such clients, a “Verify Action” in the processing rule determines wheather the payload was signed by a trusted certificate. The “Verify Action” specifies a Validation Credential containing all the public keys that are accepted as signers of a payload (Validation Credentials are like trust stores). Thus our Front End system (Component A) is using digital signature in a message but since our back-end is not expecting digital signature and on the contrary its authentication mechanism is Mutual Authentication.
So following the digital signature verification (Verify Action) is a “Transform Action” which can be used to strip the incoming security header. This can be done to simplify configuration of backend servers that would otherwise be obligated to also verify the digital signature. This transform object should refer to an XSLT which will have logic to strip-off the header.
Back End as expected will use mutual authentication with the crypto profiles having identification and Validation Credentials (for more details on how to setup mutual auth refer to a different blog).
Generally people confused digital signature with digital certificate. Both are different things. A digital certificate contains the digital signature of certificate. And digital signature can be used for authentication of sender who send the message.
ReplyDeletedigital signature Adobe Reader
What is the use of client crypto profile in datapower and forward action in https?
ReplyDelete