Extracting X509 certificate fields for use in the workflow.

Extracting X509 certificate fields for use in the workflow.

You might want to deal with various details which the certificate
carries in the workflow, maybe to perform some kind of verification and
authorisation. There are two distinct ways to do this in Services

Method 1:

Choose a custom GetSOAPHeader workflow action that extracts out the
Security node with the wsse namespace for WS Security. this is followed
by an extension function:

soae-xf:get-certificate-field$GetSOAPHeader//*[local-name() = 'BinarySecurityToken'], 'subject-name')

which (for our built in certificate) then gives:

CN=SarvegaDemoCert,OU=Support,O=Sarvega,L=Oakbrook Terrace,ST=Illinois,C=US

Method 2:

Use the AAA workflow action to extract the certifiacte subject name. Its a three step process:

AAA workflow action and policy to get the full cert from the WS Sec header.

GetSecurityMetadata workflow action retrieves the text of the Certificate.

And the extension function is changed to look like:

soae-xf:get-certificate-field($GetSecurityMetadata, 'subject-name')

Pros and Cons of each method:

The AAA plus policy and extra BPEL action step will be slower as
there is an extra workflow action step and the AAA policy to read in
but it more accurately extracts the X509 certificate from the binary
security token node of the WS Security header. The first method may be
faster but you need to be aware that you cannot just pass the whole
SOAP header to the get-certificate-field and expect it to find the
certificate. instead you need to narrow down what gets passed to it and
weed out any other SOAP headers like WS Addressing and WS Security
Timestamps by using XPath.

- Pete
1 post / 0 new
For more complete information about compiler optimizations, see our Optimization Notice.