Forum Discussion
ASM and Web Service Security
- Jun 02, 2016
Hi,
Is the full xml payload encrypted or just some parts ?
If you import key used for enc on the ASM, you will be able to parse the payload and apply related security check with the use of xml profile.
Otherwise, ASM will not be able to check content but only url, headers and method
Hi,
Here is sentence that best describe the use of client and server certificate in web services security :
Server Certificates
Decrypt SOAP messages from a web client to a web service, or sign SOAP messages from a web service back to a web client.
Client Certificates
Encrypt SOAP messages from a web service to a web client, or verify SOAP messages from a web client to a web service.
In the server certificates part, you need to put the private key and certificate that is currently on your backend server
In the client certificates part, you need to upload the certificate used by the client to sign the xml body.
If, in your case there is no signature, just encryption, you need to use server certificates only.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com