Signing WS-Security elements in a SOAP message in TIBCO ActiveMatrix BusinessWorks™ 5

When the Integrity option is selected in an outbound security policy, TIBCO ActiveMatrix BusinessWorks™ 5 (BW) signs the SOAP Body element only. It is a common requirement to sign WS-Security elements along with the SOAP Body element. This article explains how to configure BW to sign WS-Security elements in a SOAP message.

First, let’s take a look at a sample outbound SOAP message that is generated when the Security Policy shared resource is configured with Integrity and Timeout options. Only the SOAP Body element SOAP-ENV:Body is signed.

Now, let’s say, the requirement is to have the signature include the Timestamp element along with the SOAP Body element. To sign additional elements along with SOAP Body, specify the elements along with the SOAP Body element in the Message Elements for Signature field under the Outbound tab of Security Policy Association shared resource. In this case, it would be SOAP-ENV:Body and wsu:TImestamp. Steps below.

1. Select the Security Policy Association shared resource.

2. Go to the Outbound tab and add the following to the Message Elements for Signature field 

SOAP-ENV:Body and wsu:Timestamp

3. Under Prefix Namespace Pair, add the prefixes SOAP-ENV and wsu and select the corresponding namespaces.

The signature in the outbound request should now include the Timestamp element in addition to the SOAP Body element.

A sample project is available here.

To get the signed SOAP message logged to the Designer console or application log file, set the logger com.tibco.spin to DEBUG.

5.14.0

Add the following to TIBCO_HOME/bw/5.x/lib/log4j.xml

<logger name="com.tibco.spin">
<level value="DEBUG"/>
<appender-ref ref="tibco_bw_log"/>
</logger>

5.14.1, 5.15.x

Add the following to TIBCO_HOME/bw/5.x/lib/log4j2.properties

logger.spin.name = com.tibco.spin
logger.spin.level = DEBUG
logger.spin.additivity = false
logger.spin.appenderRef.bw_log.ref = tibco_bw_log