unencrypted username token generated w/ encrypted tokens
My coworker and I are seeing an odd thing in soapUI version 3.6. We have turned on the WS-Security to test a webservice. We want the username token to be encrypted and the soap body to be plain text. When we view the raw request message in soapUI, everything looks correct - the soap header contains the security/encryption tokens, and then the soap body is plain text. When the message is viewed in the webserver log, there is a plain-text username token before the encryption, which defeats the purpose of the encryption.
HTTP request as seen in webserver message log:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<wsse:Security S:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>AVOW2</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">3DoesNotMatter*</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3Ln6s3Go54EjS/ND+R/rGg==</wsse:Nonce>
<wsu:Created>2011-04-04T17:08:33.968Z</wsu:Created>
</wsse:UsernameToken>
<xenc:EncryptedKey Id="EncKeyId-A012FAA92D3E281AF912997944767619">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>EMAILADDRESS=dbarnhill@ku.edu, CN=sacpywb1.is.ku.edu, OU=Information Technology, O=University of Kansas, L=Lawrence, ST=Kansas, C=US</ds:X509IssuerName>
<ds:X509SerialNumber>14101994744615129021</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>ZAhit3NkfxqRloBEBsoa32LHbfMcg3LR981ZTwBOBU3yXVZHxu96WQ9D3qul/EvhIMHbtEeTFWT49yMrXJrcg0KxgnDOykeUGkBrDNZgP4O6VKDAcEjZADNsN58i3QPcOCf+vVRvds/QbfWEBohcgbRbiAKyoqkRxtTYaXKl6QvYOAio7DXPMTJfOjNO37NiwnKzBHiMcjX/M3C9BX+TXIGVS0Do0wlB2qUJmPdjlOqEOFzeRE63HnJZc1ZFOEX0YRmFvSin2rN6zoog1DggO6Mv3W0P4yEwEhbIaMXhsxUopP1IwCyPd3NEdckSOsG6oDrWAY96h8LaITskil2UzA==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-101"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id="EncDataId-101" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#EncKeyId-A012FAA92D3E281AF912997944767619"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>NJ0yQXtIdD2KedeMyraVrq7CmqViN+Of52x6yiMw4xAW5OBQG4G168ifbPU76NtCuztLZ8e8H2CbYBWohyyoHzt0HIv1Rj43Jf1cAHu5h/nP5Q+LU5/GpusvvBkaMPhbr+VExcVjNweulWzUvd0PNLOj7wL3yPqMwg9Kp80t+PuZ6UrqchT0NraSROA6ryd/lSOo+3tvh3qkJdcINokJxRronCIlywDJIGE9L1xMYbswWkPE5GrxKW1Wele82rCSPamxfVGaqMTtapG1Mlvl78ezKKwQH2UDInx+/I3m9v7mjcy0nKWtzcnuDQxh/DrSwM8MaZ5WxOT0n1s+BjIdl3ExD/lgYvk4r0NXSehMlqWHaOy0CoLfXj306RCmobg5wKX03nEuiZfs6AAHu7SyB1K2t6NXosUpcmhYS76OzUwFA49xV0cPG3V/QVqjMZl1xADrFrDdpAscTZhEPMg54cpblmlfRYtMH8spzwzmSBvI9eo8jpjUeyOPYtXd0ydJydv9+lDgmJo8pMfDD2cWV82h68TahMNmHlv3g/9wQnZHp/RHaHyxvpfuO+dya8duMJ3NcJDZ/g/ZBB4XIARUezEend7czwJCpBWzyxMQU+IeA5UhZabs3GW4qA+/YF/dQa33lhkJkyeCQY1539jlO54swMH9g0zALE62jWJ6EzzjsNWl3QnWWyiKlkNUgD91eTiAyxdENpnEOnCoSKwmUfBwBMsOxLu8AF6i8+WKW8jEJ1yYthqMqiPBcUb06I/U</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
</S:Header>
<S:Body>
<get_tran_si__CompIntfc__SERVICE_INDICATOR xmlns="http://cscpyib.ku.edu/Enterprise/Tools/schemas/KU_CHECK_TSCPT_HOLD_RQST.V1" xmlns:ns2="http://cscpyib.ku.edu/Enterprise/Tools/schemas/KU_CHECK_TSCPT_HOLD_FAULT.V1" xmlns:ns3="http://cscpyib.ku.edu/Enterprise/Tools/schemas/KU_CHECK_TSCPT_HOLD_RSPNS.V1">
<EMPLID>2542541</EMPLID>
</get_tran_si__CompIntfc__SERVICE_INDICATOR>
</S:Body>
</S:Envelope>
HTTP request as seen in webserver message log:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<wsse:Security S:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>AVOW2</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">3DoesNotMatter*</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3Ln6s3Go54EjS/ND+R/rGg==</wsse:Nonce>
<wsu:Created>2011-04-04T17:08:33.968Z</wsu:Created>
</wsse:UsernameToken>
<xenc:EncryptedKey Id="EncKeyId-A012FAA92D3E281AF912997944767619">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>EMAILADDRESS=dbarnhill@ku.edu, CN=sacpywb1.is.ku.edu, OU=Information Technology, O=University of Kansas, L=Lawrence, ST=Kansas, C=US</ds:X509IssuerName>
<ds:X509SerialNumber>14101994744615129021</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>ZAhit3NkfxqRloBEBsoa32LHbfMcg3LR981ZTwBOBU3yXVZHxu96WQ9D3qul/EvhIMHbtEeTFWT49yMrXJrcg0KxgnDOykeUGkBrDNZgP4O6VKDAcEjZADNsN58i3QPcOCf+vVRvds/QbfWEBohcgbRbiAKyoqkRxtTYaXKl6QvYOAio7DXPMTJfOjNO37NiwnKzBHiMcjX/M3C9BX+TXIGVS0Do0wlB2qUJmPdjlOqEOFzeRE63HnJZc1ZFOEX0YRmFvSin2rN6zoog1DggO6Mv3W0P4yEwEhbIaMXhsxUopP1IwCyPd3NEdckSOsG6oDrWAY96h8LaITskil2UzA==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-101"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id="EncDataId-101" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#EncKeyId-A012FAA92D3E281AF912997944767619"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>NJ0yQXtIdD2KedeMyraVrq7CmqViN+Of52x6yiMw4xAW5OBQG4G168ifbPU76NtCuztLZ8e8H2CbYBWohyyoHzt0HIv1Rj43Jf1cAHu5h/nP5Q+LU5/GpusvvBkaMPhbr+VExcVjNweulWzUvd0PNLOj7wL3yPqMwg9Kp80t+PuZ6UrqchT0NraSROA6ryd/lSOo+3tvh3qkJdcINokJxRronCIlywDJIGE9L1xMYbswWkPE5GrxKW1Wele82rCSPamxfVGaqMTtapG1Mlvl78ezKKwQH2UDInx+/I3m9v7mjcy0nKWtzcnuDQxh/DrSwM8MaZ5WxOT0n1s+BjIdl3ExD/lgYvk4r0NXSehMlqWHaOy0CoLfXj306RCmobg5wKX03nEuiZfs6AAHu7SyB1K2t6NXosUpcmhYS76OzUwFA49xV0cPG3V/QVqjMZl1xADrFrDdpAscTZhEPMg54cpblmlfRYtMH8spzwzmSBvI9eo8jpjUeyOPYtXd0ydJydv9+lDgmJo8pMfDD2cWV82h68TahMNmHlv3g/9wQnZHp/RHaHyxvpfuO+dya8duMJ3NcJDZ/g/ZBB4XIARUezEend7czwJCpBWzyxMQU+IeA5UhZabs3GW4qA+/YF/dQa33lhkJkyeCQY1539jlO54swMH9g0zALE62jWJ6EzzjsNWl3QnWWyiKlkNUgD91eTiAyxdENpnEOnCoSKwmUfBwBMsOxLu8AF6i8+WKW8jEJ1yYthqMqiPBcUb06I/U</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
</S:Header>
<S:Body>
<get_tran_si__CompIntfc__SERVICE_INDICATOR xmlns="http://cscpyib.ku.edu/Enterprise/Tools/schemas/KU_CHECK_TSCPT_HOLD_RQST.V1" xmlns:ns2="http://cscpyib.ku.edu/Enterprise/Tools/schemas/KU_CHECK_TSCPT_HOLD_FAULT.V1" xmlns:ns3="http://cscpyib.ku.edu/Enterprise/Tools/schemas/KU_CHECK_TSCPT_HOLD_RSPNS.V1">
<EMPLID>2542541</EMPLID>
</get_tran_si__CompIntfc__SERVICE_INDICATOR>
</S:Body>
</S:Envelope>
