Search code examples
web-servicessoapuiws-security

Use single certificate in WS Security

I'm working in WS-Security configurations in SOAP UI. In Signature, I have an option called "Use Single Certificate for signing" I tried checking it and unchecking it, the request are same. I don't find the differences. When should I use that option?

I tried to search on google, I couldn't find the answer. Pardon me if my understanding is wrong.

Solution

  • After a little search with the OP seems that we found the answer.

    This checks adds a specific <wsse:BinarySecurityToken> in the <wsse:Security> headers, specifying a certificate (in SOAPUI specific case specifying the certificate used to perform the signature).

    From the oasis spec we can see the definition of this element:

    3.1 Token types

    This profile defines the syntax of, and processing rules for, three types of binary security token using the URI values specified in Table 2 (note that URI fragments are relative to the URI for this specification).

    enter image description here

    3.1.1 X509v3 Token Type

    The type of the end-entity that is authenticated by a certificate used in this manner is a matter of policy that is outside the scope of this specification.

    In this document there is also a sample of the <wsse:BinarySecurityToken> node added to the <wsse:Security> headers, which is basically a <wsse:BinarySecurityToken> with a valueType"wsse:X509v3" attribute and the certificate codified as base64 in the text value of this node:

    <wsse:BinarySecurityToken 
   wsu:Id="binarytoken" 
   ValueType="wsse:X509v3"
   EncodingType="wsse:Base64Binary">MIIEZzCCA9CgAwIBAgIQEmtJZc0…
</wsse:BinarySecurityToken>