Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

Use fake SAML token with soap requests

ChunWong
New Contributor
‎03-05-2019 07:42 AM
‎03-05-2019 07:42 AM

Use fake SAML token with soap requests

Hello all,

 

I've stumbled upon a problem with fake SAML Tokens.
I need to send a mock token to test our webservice which doesn't have access to a SAML Service.
We implemented a a debug behaviour which allows invalid SAML Tokens.

I'm trying to send the following token:

<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
      <saml2:NameID>2000034</saml2:NameID>
      <saml2:Conditions NotBefore="2016-01-01T01:00:00Z" NotOnOrAfter="2017-12-31T01:00:00Z"/>
   </soap:Header>

The request refuses to take the mock token.

 

It works when I put it in manually into the request, but not if I inherit the authentication from parent.
The endpoint is configured to use SAML.

Any help is appreciated

 

Best regards,

Chun

 

0 Kudos
2 REPLIES 2
Nastya_Khovrina
SmartBear Alumni (Retired)
SmartBear Alumni (Retired)
‎03-07-2019 05:02 AM
‎03-07-2019 05:02 AM

Hi Chun,

 

Can you please provide raw requests which you get when you specify the token manually and when you use the "Inherit from parent" option? Also, how did you set up the request in ReadyAPI?


Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️
0 Kudos
ChunWong
New Contributor
In response to Nastya_Khovrina
‎03-07-2019 05:45 AM
‎03-07-2019 05:45 AM

Thanks for the reply

We did the following:

 

  1. I add the WSDL to the project and let ReadyAPI generate the request
  2. Under Projects WS-Security config I add an outgoing ws-s config of the type saml (XML) in which I only put a property (the Token property used in the test case)
  3. Under SoapUI > Environments > SOAP Service I configure the Environmnet Endpoint Data
    1. Auth Profile "Inherit from Parent"
    2. Outgoing WSS: the saml (XML)

When I send the request with the auth setting "Inherit from Parent", the token gets invoked in the header included in a wss node.

This works well for real SAML tokens but the mocked token is ignored.

 

This is the RAW request I get when I include the mock token manually (removed some sensitve data)

POST EndPoint
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="Action"
Content-Length: 1013
Host: HOST
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_162) 

<soap:Envelope xmlns:ns="NameSpace" xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
   <soap:Header xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
      <saml2:NameID>UserName</saml2:NameID>
      <saml2:Conditions NotBefore="2016-01-01T01:00:00Z" NotOnOrAfter="2019-12-31T01:00:00Z"/>
   <wsa:Action>"Action"</wsa:Action><wsa:To>EndPoint</wsa:To></soap:Header>
   <soap:Body>
      <ns:Version>
         <ns:p_ManufacturerKey>MF-Key</ns:p_ManufacturerKey>
      </ns:Version>
   </soap:Body>
</soap:Envelope>

 

 

0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: