Use fake SAML token with soap requests

Question

Hello all,
&nbsp;
I've stumbled upon a problem with fake SAML Tokens.I need to send a mock token to test our webservice which doesn't have access to a SAML Service.We implemented a a debug behaviour which allows invalid SAML Tokens.I'm trying to send the following token:
&lt;soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"&gt;
      &lt;saml2:NameID&gt;2000034&lt;/saml2:NameID&gt;
      &lt;saml2:Conditions NotBefore="2016-01-01T01:00:00Z" NotOnOrAfter="2017-12-31T01:00:00Z"/&gt;
   &lt;/soap:Header&gt;

The request refuses to take the mock token.
&nbsp;
It works when I put it in manually into the request, but not if I inherit the authentication from parent.The endpoint is configured to use SAML.
Any help is appreciated
&nbsp;
Best regards,
Chun
&nbsp;

nastya_khovrina · Answer

Hi Chun,
&nbsp;
Can you please provide raw requests which you get when you specify the token manually and when you use the&nbsp;"Inherit from parent" option? Also, how did you set up the request in ReadyAPI?

chunwong · Answer

Thanks for the reply
We did the following:
&nbsp;

I add the WSDL to the project and let ReadyAPI generate the request
Under Projects WS-Security config I add an outgoing ws-s config of the type saml (XML) in which I only put a property (the Token property used in the test case)
Under SoapUI &gt; Environments &gt; SOAP Service I configure the Environmnet Endpoint Data

Auth Profile "Inherit from Parent"
Outgoing WSS: the saml (XML)

When I send the request with the auth setting "Inherit from Parent", the token gets invoked in the header included in a wss node.
This works well for real SAML tokens but the mocked token is ignored.
&nbsp;
This is the RAW request I get when I include the mock token manually (removed some sensitve data)
POST EndPointAccept-Encoding: gzip,deflateContent-Type: application/soap+xml;charset=UTF-8;action="Action"Content-Length: 1013Host: HOSTConnection: Keep-AliveUser-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_162)&nbsp;&lt;soap:Envelope xmlns:ns="NameSpace" xmlns:soap="http://www.w3.org/2003/05/soap-envelope"&gt;
   &lt;soap:Header xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing"&gt;&lt;wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/&gt;
      &lt;saml2:NameID&gt;UserName&lt;/saml2:NameID&gt;
      &lt;saml2:Conditions NotBefore="2016-01-01T01:00:00Z" NotOnOrAfter="2019-12-31T01:00:00Z"/&gt;
   &lt;wsa:Action&gt;"Action"&lt;/wsa:Action&gt;&lt;wsa:To&gt;EndPoint&lt;/wsa:To&gt;&lt;/soap:Header&gt;
   &lt;soap:Body&gt;
      &lt;ns:Version&gt;
         &lt;ns:p_ManufacturerKey&gt;MF-Key&lt;/ns:p_ManufacturerKey&gt;
      &lt;/ns:Version&gt;
   &lt;/soap:Body&gt;
&lt;/soap:Envelope&gt;
&nbsp;
&nbsp;

Forum Discussion

Use fake SAML token with soap requests

2 Replies

Related Content

OAuth 2.0 Token request automation - stop request of new token after each REST Request run

Problems with refresh OAuth2 token

how to use token id in second request

Automation CLI token rotation required

Do not see fake memory leak in a DLL

Recent Discussions

Test Runner - Report All in One File

GroovyScript Help - Repeating JSON Attributes Have Specific Value.....some of the time?

Parameterising JDBC Connection Settings..Can you do it?

JDBC results are stored in the ReadyAPI project

MyFirstPlugin - button Project menu in Ready Api