Forum Discussion
ASM and Web Service Security
- Jun 02, 2016
Hi,
Is the full xml payload encrypted or just some parts ?
If you import key used for enc on the ASM, you will be able to parse the payload and apply related security check with the use of xml profile.
Otherwise, ASM will not be able to check content but only url, headers and method
Hi,
Is the full xml payload encrypted or just some parts ?
If you import key used for enc on the ASM, you will be able to parse the payload and apply related security check with the use of xml profile.
Otherwise, ASM will not be able to check content but only url, headers and method
- ghost-rider_124Jun 02, 2016Nimbostratusthank you. There is option in XML profile, web security service, use client/server certificate. This certificate will be single certificate from server? Then what about on server, should I disable encryption if I am doing on F5?
- Yann_Desmarest_Jun 02, 2016NacreousIt's up to you. But yes that's a possibility. F5 can be the endpoint that decrypt the xml content and forward it in clear text to the backend
- ghost-rider_124Jun 02, 2016NimbostratusIf I want encryption also between f5 and server, what I need to do? I mean where I have to install the server certificate as client on F5
- Yann_Desmarest_Jun 02, 2016NacreousI'm afraid that you can't reencrypt the soap body to the webserver. Web Services Security signature and encryption features are solely between the F5 and the client.
- ghost-rider_124Jun 05, 2016Nimbostratusthank you for the clarification. But in xml profile under web security, I can see two certificates, one is client and other is server. What should I put on both places. I mean same certificate from the server on F5 or also client certificate from the client?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com