Web Services - WS Security (Decryp and Sig) for responses
We use SOAP UI for testing all our services. Our external services are secured using WS-Security (X509), encrypting and signing the message content.
- Consumer encrypts the message with Service public key and then signs the message with Consumer's private key
- The service then validates the signature using consumer's public key and decryps the message using Service's private key
- The service then processes the request and prepares the response for sending
- The service then encrypts the message with Consumer's public key and signs the message with Service's private key
- The consumer then validates the signature with Service's public key and decrypts the message with it's private key
We're trying to setup SOAP UI to test these secured services and are trying to do following -
1. For request (Outgoing): SOAP UI encrypts the request message with Service public key and signing the message with Consumer's private key
2. For response (Incoming): SOAP UI validates the signature with Service's public key and decrypts the message with consumer's private key
We're able to do #1 above that is adding encrypting and signature for outgoing message. Bur for response XML, we're unable to add details for signature validation and decryption, and SOAP UI shows the response in decrypted form.
So the question is that how can we set WS-Security (Signature validation and Decryption settings) for response (Incoming message) so that we can see the actual response (and not cryptic response).
Refer to following article that lists setting up WS-Security -
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
Refer to Section 3 Outgoing WSS and Section 4 Incoming WSS. Please note that Section 3 refers to Encryption and Signature but Section 4 does not provide this information. I want to understand how to setup security for responses.
- Consumer encrypts the message with Service public key and then signs the message with Consumer's private key
- The service then validates the signature using consumer's public key and decryps the message using Service's private key
- The service then processes the request and prepares the response for sending
- The service then encrypts the message with Consumer's public key and signs the message with Service's private key
- The consumer then validates the signature with Service's public key and decrypts the message with it's private key
We're trying to setup SOAP UI to test these secured services and are trying to do following -
1. For request (Outgoing): SOAP UI encrypts the request message with Service public key and signing the message with Consumer's private key
2. For response (Incoming): SOAP UI validates the signature with Service's public key and decrypts the message with consumer's private key
We're able to do #1 above that is adding encrypting and signature for outgoing message. Bur for response XML, we're unable to add details for signature validation and decryption, and SOAP UI shows the response in decrypted form.
So the question is that how can we set WS-Security (Signature validation and Decryption settings) for response (Incoming message) so that we can see the actual response (and not cryptic response).
Refer to following article that lists setting up WS-Security -
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
Refer to Section 3 Outgoing WSS and Section 4 Incoming WSS. Please note that Section 3 refers to Encryption and Signature but Section 4 does not provide this information. I want to understand how to setup security for responses.
