SOAP UI testing for security enabled WebService
I am testing a webservice which is SSL enabled in SOAP UI 4.6.4. WS-Security token authentication over SSL (weblogic’s wss_username_token_over_ssl policy) is applied to the service endpoints.
I have configured an Outgoing WS- Security at SOAP UI project level and added 2 entries, Username(Username, Password, Add Nonce, Add Created, PasswordText) & Timestamp(Time To Live=300).
Then in the Request Auth..I selected the created Outgoing WSS. Upon submiting the request, I am getting error. I would be helpful if someone can guide me resolve this issue
SOAP UI Error:
<env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>ns0:FailedCheck</faultcode>
<faultstring>FailedCheck : failure in security check</faultstring>
<faultactor/>
</env:Fault>
From Http Logs the Header in Request is like:
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-18">
<wsse:Username>ohrserviceadmin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ohrservice@dm1n</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">b6Aaks+xMUH3hswUiJ8Beg==</wsse:Nonce>
<wsu:Created>2014-02-10T12:00:42.128Z</wsu:Created>
</wsse:UsernameToken>
<wsu:Timestamp wsu:Id="TS-17">
<wsu:Created>2014-02-10T12:00:42Z</wsu:Created>
<wsu:Expires>2014-02-10T12:05:42Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>[\n]"
Below is the Header of Request message from one of the instances on Weblogic Service for my project:
<header> <wsse:Security env:mustUnderstand="1"> <wsse:UsernameToken wsu:Id="UsernameToken-4de1H71s0DUnr4ZuNpZsZA22"> <wsse:Username>ohrserviceadmin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ohrservice@dm1n</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FQJgYOw4cWuScaqQ6kQgoypJDcM=</wsse:Nonce> <wsu:Created>2014-02-06T12:43:54Z</wsu:Created> </wsse:UsernameToken> <wsu:Timestamp wsu:Id="Timestamp-5L3eN64tfhNBvDcVUaCzFg22"> <wsu:Created>2014-02-06T12:43:54Z</wsu:Created> <wsu:Expires>2014-02-06T12:48:54Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </header>
I have configured an Outgoing WS- Security at SOAP UI project level and added 2 entries, Username(Username, Password, Add Nonce, Add Created, PasswordText) & Timestamp(Time To Live=300).
Then in the Request Auth..I selected the created Outgoing WSS. Upon submiting the request, I am getting error. I would be helpful if someone can guide me resolve this issue
SOAP UI Error:
<env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>ns0:FailedCheck</faultcode>
<faultstring>FailedCheck : failure in security check</faultstring>
<faultactor/>
</env:Fault>
From Http Logs the Header in Request is like:
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-18">
<wsse:Username>ohrserviceadmin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ohrservice@dm1n</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">b6Aaks+xMUH3hswUiJ8Beg==</wsse:Nonce>
<wsu:Created>2014-02-10T12:00:42.128Z</wsu:Created>
</wsse:UsernameToken>
<wsu:Timestamp wsu:Id="TS-17">
<wsu:Created>2014-02-10T12:00:42Z</wsu:Created>
<wsu:Expires>2014-02-10T12:05:42Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>[\n]"
Below is the Header of Request message from one of the instances on Weblogic Service for my project:
<header> <wsse:Security env:mustUnderstand="1"> <wsse:UsernameToken wsu:Id="UsernameToken-4de1H71s0DUnr4ZuNpZsZA22"> <wsse:Username>ohrserviceadmin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ohrservice@dm1n</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FQJgYOw4cWuScaqQ6kQgoypJDcM=</wsse:Nonce> <wsu:Created>2014-02-06T12:43:54Z</wsu:Created> </wsse:UsernameToken> <wsu:Timestamp wsu:Id="Timestamp-5L3eN64tfhNBvDcVUaCzFg22"> <wsu:Created>2014-02-06T12:43:54Z</wsu:Created> <wsu:Expires>2014-02-06T12:48:54Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </header>