Forum Discussion

s2bCWpLk6oq9jy's avatar
10 years ago

UsernameNoPasswordToken in WSSE Header

Hi,
I'm using soapUI 5.0
in my soap requests I need to provide a security header containing a username token without password:

</ds:KeyInfo>
</ds:Signature>
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>someusername</wsse:Username>
</wsse:UsernameToken>

But in the WS-Security Configurations (project view) I can't find that option.
Choosing Username element, I can only select from [PasswordText; PasswordDigest; PasswordDigest Ext] and not omit the password entry.
I thought about removing the password token after the creation of the security header, but unfortunately I also need a wsse-signature over the whole usernametoken, so this is not an option, because the digest would not match anymore.
If I could somehow modify the UsernameToken after it's creation but before the signature is calculated, that would be an option. But I don't see, how to achieve that. In the moment I don't see any other way than implementing the creation of the whole security header in groovy , but before doing that I wanted to ask here, if someone has a better idea.

1 Reply

  • irider's avatar
    irider
    Occasional Visitor

    Hello,

     

    Did someone help you with this problem? I have exactly the same problem.

     

    Thanks