Layer7 API Management

When using the sign element assertion the actual signedInfo xml isn't created until the Apply WS-Security Assertion is called, but at that point the signature is calculated and injecting any new elements would invalidate it.  An outside vender requires an xpath element inserted in the transforms tag. How can i insert an element before signing. Thank you

Anyone able to assist here?

Thank you

Justin Cranford wrote:

 

When using the sign element assertion the actual signedInfo xml isn't created until the Apply WS-Security Assertion is called, but at that point the signature is calculated and injecting any new elements would invalidate it.  An outside vender requires an xpath element inserted in the transforms tag. How can i insert an element before signing. Thank you

I got a response from CA support on a case i opened. I was told that XPath transforms in the XML Signature were a security risk and were not likely to be implemented byt the gateway.  While i understand the reasoning for incoming request being validated by the gateway, i don't understand why i can't do it for outbound messages where i'm creating the signature.

i really just want to be able to delay the calculation of the signed value, have some more control over the signedInfo element within the security header and then calculate the signed value. Or just have the ability to just recreate the signed value.

justin