Hi, I am a new user for this tool and I have some problem to understand how to setup a security configuration for SoapUI 2.5- I create a project with my WSDL file- Dubble click on the project file and start to modify the "Sequrity configuration" tab* Add my KeyStore* Add a new WS-Sequrity Configurations called "testout" (Signature: Keystore, password, X509-Certificate, #rsa-sha1, #wothComments, Use Single Certificate, added all parts)I then open my soap request (getAspects) and select "Aut" in the button of the window. In Aut window I select testout for Outgoing WSS, all other field are blank.When I press the run button (green) i always get the same replay and that is: "Security Requirements not met - No Security header in message"So, can someone please give me some tips of what I am missing?I have attached the WSDL file I use.

Hej Fredrik,looks like you did the right thing.. can you check the error log for any errors and the raw request view to see what soapUI actually sent over the wire?regards,/Oleeviware.com

Thank you. When I added a TimeStamp I got my first question to work. This questions returns a SAML assertion that shall be used in next request. Do anyone has an example how to use SAML? I have now copied my SAML assertion to the "Outgoing WS-Security Configuration" but SopUI fails when it trys to generate the request:Mon Jan 26 13:46:11 CET 2009:ERROR:java.lang.NumberFormatException: For input string: ""

Thanks Fredrik, I'll check into this.. it may be due to the SAML version you are using (2.0?), but I'll get back to you on that!regards,/Oleeviware.com

Hi, I am using version 2.0. Is that a problem? I haved tried to copy my SAML assertion to the SAML field but it complains:Tue Jan 27 10:21:09 CET 2009:ERROR:java.lang.NumberFormatException: For input string: "" java.lang.NumberFormatException: For input string: "" at java.lang.NumberFormatException.forInputString(Unknown Source) at java.lang.Integer.parseInt(Unknown Source) at java.lang.Integer.parseInt(Unknown Source) at org.opensaml.SAMLAssertion.fromDOM(Unknown Source) at org.opensaml.SAMLAssertion.(Unknown Source) at com.eviware.soapui.impl.wsdl.support.wss.entries.AddSAMLEntry.process(AddSAMLEntry.java:91) at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:156)

I did a new test with a very simple SAML assertion that I found when I was Google (do not know if it is 100% valid). However, I get the same error: Wed Jan 28 11:41:42 CET 2009:ERROR:java.lang.NumberFormatException: For input string: "" java.lang.NumberFormatException: For input string: "" at java.lang.NumberFormatException.forInputString(Unknown Source) at java.lang.Integer.parseInt(Unknown Source) at java.lang.Integer.parseInt(Unknown Source) at org.opensaml.SAMLAssertion.fromDOM(Unknown Source) at org.opensaml.SAMLAssertion.(Unknown Source) at com.eviware.soapui.impl.wsdl.support.wss.entries.AddSAMLEntry.process(AddSAMLEntry.java:91)So, is it a problem with SAML 2.0?

WSDL security | SmartBear Community

15 Replies

omatzura
Super Contributor
17 years ago
Hi,

ok.. then I'm sorry to say that this is a limitation in the WS-Security support, ie it doesn't support SAML 2.0. I'll put this on our list for an upcoming version.

How could we work around this? Could you add the assertion "manually" with a property-transfer or something?

Sorry for the inconvenience..

regards!

/Ole
evwiare.com
Fredrik_Granstr
Occasional Contributor
17 years ago
Hi,
I think manually is ok for now. Can you tell me more about how I can add a SAML assertion to the SOAP security header information.

Regards,

Fredrik
omatzura
Super Contributor
17 years ago
Hi!

well, you would have to add a static WS-Security header to your request (ie not use the automatic feature in soapUI) and then a property-transfer from the previous response that transfers the assertion to the corresponding (prepared) element in the WS headers..

regards!

/Ole
eviware.com
Fredrik_Granstr
Occasional Contributor
17 years ago
Hi again,
Don't know if I missunderstand you. Today I have configured my security header in the "Security Configurations" (TimeStamp, Signature). To activate this security header I open the request and select "Aut" tab and press the "outgoing WSS" button where I can select my security configuration. I also select the "WS-A" tab and select the checkbutton (Enable WS-A addressing).

If I understan you correct I should remove all above and intead create my own security header. That is no problem, I have examples of headers so I can just copy and paste them. But I do not know where I can add not find where I can add this security header in soapUI.

PS! We have bought IBM Rational Soa Tester for $$$$ and it can not handle SAML2.0 either. So I have requested a soapUIpro license now. A looked at your video and I think we can do the same performance tests with this tool so maybe we can kick out IBM now. :-)
omatzura
Super Contributor
17 years ago
Hi!

Remove the outgoing wss setting as you said (otherwise these will always get added to outgoing requests) and instead add these headers statically to the message from the request editors' right-button menu (Outoing WSS->...). The inserted headers can then be used as target for your transfers..

Does that help?

regards!

/Ole
eviware.com

Forum Discussion

WSDL security

15 Replies

Recent Discussions

Signature\Encryption tags missing in Security Header

CVE-2024-7565 and CVE-2017-16670 vulnabilities

Vulnerabilities found in SoapUI 5.9.1

Related Content

[Solved] SSL Handshake exception calling a secure webservice

log4j security vulnerability

Unable to load https wsdl