Forum Discussion

roadmusic's avatar
roadmusic
Occasional Visitor
8 days ago

WS-Security Configuration XML Code

The SOAP API I am trying to connect with requires a Outgoing WS-Security Configuration which i created and added an element "fooBar". It had the following components: 

  • Username
  • Password
  • Add Nonce (checked) 
  • Add Created (checked) 
  • Password Type : PasswordText

This was all added into the SOAPUI Project and configured and Assigned into the ServicesSoapBinding Service Endpoints in the Outgoing WSS column for the SOAP API Endpoint. 

The service runs successfully and returns the data. But when I look at the Raw XML I do not see the XML code generated for this configuration. 

This causes an issue when trying to create the API call in my code (VS.net)  I do see a usernameToken:

<wsse:UsernameToken wsu:Id="UsernameToken-1A2345BC79125763217146873325036">
            <wsse:Username>fooBar</wsse:Username>

I do not see how that UsernameToken is generated and when I create my UsernameToken it is in the form of a GUID not Hexadecimal 

This is the RAW XML generated for a successful call: 

POST https://Host SOAP API URL HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "API Method"
Content-Length: 1068
Host: Host Domain
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.5 (Java/16.0.2)

<soapenv:Envelope xmlns:ejb="https://Host SOAP API URL" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:UsernameToken wsu:Id="UsernameToken-1A2345BC79125763217146873325036"> (dummy token)
            <wsse:Username>fooBar</wsse:Username> (Raw XML included the name of the WS-Security Configuration element not the actual password)
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Password</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Password encryption</wsse:Nonce>
            <wsu:Created>2024-05-02T22:02:12.503Z</wsu:Created>
        </wsse:UsernameToken>
    </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <ejb:API Method>
         <vendorId>Real Password</vendorId>
         <applicationId>Real AppID</applicationId>
      </ejb:API Method>
   </soapenv:Body>
</soapenv:Envelope>

Is there a way to see the missing generated WS-Security Configuration code? 

Thanks. 

No RepliesBe the first to reply