Verify Signature

When a signed request is received by the gateway, the verify signature policy is applied.

  • The signature in the message is verified using the shared resource specified in the policy.
  • The policy verifies that there is a signature in the message and it has been verified.

Example Policy

VerifySignature.policy

<wsp:Policy xmlns:tpa="http://xsd.tns.tibco.com/governance/policy/action/2009" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wssp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:All>
        <wsp:Policy>
            <tpa:WssProcessor ResourceInstance="WssAsp" />
        </wsp:Policy>
        <wsp:Policy>
            <tpa:VerifyAuthentication>
                <wssp:SignedSupportingTokens>
                    <wssp:SamlToken />
                </wssp:SignedSupportingTokens>
            </tpa:VerifyAuthentication>
        </wsp:Policy>
        <wsp:Policy>
            <tpa:VerifySignature>
                <wssp:SignedParts>
                    <wssp:Header Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-
secext-1.0.xsd" />
                    <wssp:Body />
                </wssp:SignedParts>
            </tpa:VerifySignature>
        </wsp:Policy>
    </wsp:All>
</wsp:Policy>