Hi, I want to use the "SAML (Form)" Feature (part of WSS Security Configuration) in soapUI 4.5.1.Out problem is, that we have a special server-policy, so the server expects a message/request, where only the header is signed ( not the whole message/request). This is for performance reasons.Is it possible to configure soapUI so that only the header will be signed?Best regardsNico

Hi!Do you mean a SOAP header? If so, it's possible to do so by selecting the header ID in the Parts table of the Signature entry, as described here: http://www.soapui.org/SOAP-and-WSDL/app ... .html#3-1--- RegardsErikSmartBear Swedenentries

Hi Erik,thank you very much.But I still have some problems here.The node to sign is <soapenv:Header>.So I fill the table like this:But when running the testcase, an error is shown in the error log, telling me, that the element "Header" was not found.The same error occurs if I define "soapenv" in the "namespace" field.Do you know, what's wrong here?best regards

Hi!You have to specify the namespace in the Namespace column as well, try "http://schemas.xmlsoap.org/soap/envelope/"-- RegardsErikSmartBear Sweden

Hi Erik,this helped me a lot. Thank you!But now I'm faced with another problem:When using an outgoing WS-Security Configuration, containing both, a SAML-Assertion and a Signature, a certain element of the SAML-Assertion is modified by soapUI. Actually this element is the attribute MajorVersion of the xml-node <assertion>.In my configuration the node looks like (I replaced some values by "anyValue"):<Assertion AssertionID="anyValue" IssueInstant="anyValue" Issuer="anyValue" MajorVersion="1" MinorVersion="1" xmlns="anyValue" xmlns:saml="anyValue" xmlns:samlp="anyValue">But when using this configuration to generate the request the node looks like: (I recorded this when sending the request to a soapUI-mock)<Assertion AssertionID="anyValue" IssueInstant="anyValue" IssueranyValue" MajorVersion="" MinorVersion="1" wsu:Id="id-3" xmlns="anyValue" xmlns:saml="anyValue" xmlns:samlp="anyValue">As you can see, the value of attribute "MajorVersion" is now empty ("1" before).Also a new attribute "wsu:ID" was added.Especially because of the empty "MajorVersion" value the request was rejected by the ESB.This behaviour does not appear when the assertion was added to the request-header manually (not by the WS-Security configuration).Is this a bug? Did I something wrong here?Best regards

Hi!This sound like a bug. Have you tried to apply the SAML assertion manually using the SAML (XML) instead?Is it possible for you to send us your project file to http://www.soapui.org/Support/support-overview.html. That would help us a lot while trying to reproduce this.-- RegardsErikSmartBear Sweden

sign header only | SmartBear Community

17 Replies

Richard_Garcia
Occasional Contributor
12 years ago
The SAML specification does not allow wsu:Id attributes on SAML assertions. The XML schema doesn't permit it.
The id attribute for SAML 1.1 is called AssertionID, for SAML 2.0 it is called ID.

I requested a bug fix for wss4j, which has been accepted: https://issues.apache.org/jira/browse/WSS-492
Once wss4j 1.6.15 is released, SoapUI can be upgraded.
Richard_Garcia
Occasional Contributor
12 years ago
The MajorVersion disappearing (MajorVersion="1" becomes MajorVersion="") is an issue in wss4j 1.6.2. The latest version 1.6.14 does not have this peculiarity.
SmartBear_Suppo
Alumni
12 years ago
Hi,

Thanks for the additional information. It sounds like using the latest version of wss4j should resolve this issue for SoapUI users. Thanks.

Regards,
Marcus
SmartBear Support
BA_Service_Haus
Regular Contributor
12 years ago
Hi Marcus,

will wss4j 1.6.14 (or newer) be part of soapUI Pro soon?
Or do we have to get it ourselves?
SmartBear_Suppo
Alumni
12 years ago
Hi,

WSS4J 1.6.14 is incorporated in the current maintenance build, and also part of the next SoapUI Pro release. You can download the SoapUI Pro maintenance build from http://www.soapui.org/Downloads/soapui- ... uilds.html.

Regards,
Marcus
SmartBear Support
Richard_Garcia
Occasional Contributor
12 years ago
wss4j 1.6.15 has been released with a bug fix that is also present in SoapUI: the addition of wsu:Id attributes in SAML assertions, which is invalid according to the specification.

http://archive.apache.org/dist/ws/wss4j/1_6_15/
SmartBear_Suppo
Alumni
12 years ago
Hi,

I will notify development of this. Thanks for the information.

Regards,
Marcus
SmartBear Support

Forum Discussion

sign header only

17 Replies

Recent Discussions

Unable to authenticate license in Ready API Login button unresponsive

Assertions Panel issue to update assertions since update 3.63

ReadyAPI websocket plugin issue

Related Content

Missing header

Issue with connections (self-signed certificates?) after upgrading to 3.63.0

Unable to sign in to TestComplete with fixed license