WS-Security Configuration Issues.
I have a few issues with WS-Security Configuration in saopUI v3.0.1
1. I have tried various ways of specifying Outgoing WS-Security Configurations in the Project View. I've added a configuration with a unique name, default username and default password and nothing else. I assumed that when I selected this configuration as the Outgoing WSS on the Service Endpoints tab of the Interface view and assigned to All Requests, that every request I executed would have the username and password populated from the project defaults. That doesn't happen. I have also added a Username subtab to the project-level Outgoing configuration assuming that by selecting that project-level configuration as the Outgoing WSS and the Username of the additional user as the Username on the Service Endpoints tab of the Interface view and assigning to All Requests, all requests would execute using that specified Username and its password. That didn't work either. In fact, I haven't found anyway the project-level WS-Security Configurations can be applied to executing requests; the information appears to exist merely for documentation purposes.
2. Problem 1 above is made worse by the fact that the online documentation does not match the software. If I click on the Help icon for the Project View/Security Configurations/Outgoing WS-Security Configurations tab, a help page is displayed that shows a very different screen appearance than what is presented by the actual software. Two of the columns in the tab, Actor and Must Understand, are not included in the Help page, and the arrangement of tabs is different.
3. If I enter my authentication information in the Interface Viewer/Service Endpoints tab for each interface in the project and assign the endpoint to All Requests, the necessary authentication header is included when every request is executed, but the Password field on the Service Endpoints tab does not mask the password, and that's a security issue at the government facility where we are considering using this tool.
I'm posting this topic in the hopes that someone more experienced with soapUI can enlighten me about my ignorance in this area. Alternatively, if the problem is the tool and someone has found workarounds, it would be much appreciated.
1. I have tried various ways of specifying Outgoing WS-Security Configurations in the Project View. I've added a configuration with a unique name, default username and default password and nothing else. I assumed that when I selected this configuration as the Outgoing WSS on the Service Endpoints tab of the Interface view and assigned to All Requests, that every request I executed would have the username and password populated from the project defaults. That doesn't happen. I have also added a Username subtab to the project-level Outgoing configuration assuming that by selecting that project-level configuration as the Outgoing WSS and the Username of the additional user as the Username on the Service Endpoints tab of the Interface view and assigning to All Requests, all requests would execute using that specified Username and its password. That didn't work either. In fact, I haven't found anyway the project-level WS-Security Configurations can be applied to executing requests; the information appears to exist merely for documentation purposes.
2. Problem 1 above is made worse by the fact that the online documentation does not match the software. If I click on the Help icon for the Project View/Security Configurations/Outgoing WS-Security Configurations tab, a help page is displayed that shows a very different screen appearance than what is presented by the actual software. Two of the columns in the tab, Actor and Must Understand, are not included in the Help page, and the arrangement of tabs is different.
3. If I enter my authentication information in the Interface Viewer/Service Endpoints tab for each interface in the project and assign the endpoint to All Requests, the necessary authentication header is included when every request is executed, but the Password field on the Service Endpoints tab does not mask the password, and that's a security issue at the government facility where we are considering using this tool.
I'm posting this topic in the hopes that someone more experienced with soapUI can enlighten me about my ignorance in this area. Alternatively, if the problem is the tool and someone has found workarounds, it would be much appreciated.