Layer7 API Management

  • 1.  How do I check for authentic signed response?

    Posted Apr 25, 2018 03:44 AM
      |   view attached

    We send a signed soap message to a remote service and get a #signed response back.

    How do I check with the signed response if the signinbg certificate is from a trusted federated Identity provider?

    I get the siging certificate from the response and I check if the signature is valid. But I somehow cannot use that variable to authenticate it to a federated identity provider.

    See the attached policy part.

     

    Someone have any idea?

     

    Sebastian van Voorn.

    Attachment(s)



  • 2.  Re: How do I check for authentic signed response?
    Best Answer

    Broadcom Employee
    Posted Apr 25, 2018 04:06 AM

    Hi Sebastian, did you try your use case with this assertion Require Signed Element Assertion - CA API Gateway - 9.3 - CA Technologies Documentation 



  • 3.  Re: How do I check for authentic signed response?

    Posted Apr 25, 2018 10:49 AM

    Hello Mikael,

    Yes I did and I allso got credentials from it using Retreive credentials from Contect variable. But I didn't manage to use that to authenticate to an identity provider.

    Or is it implicitly done?