10 years ago
UsernameNoPasswordToken in WSSE Header
Hi,
I'm using soapUI 5.0
in my soap requests I need to provide a security header containing a username token without password:
But in the WS-Security Configurations (project view) I can't find that option.
Choosing Username element, I can only select from [PasswordText; PasswordDigest; PasswordDigest Ext] and not omit the password entry.
I thought about removing the password token after the creation of the security header, but unfortunately I also need a wsse-signature over the whole usernametoken, so this is not an option, because the digest would not match anymore.
If I could somehow modify the UsernameToken after it's creation but before the signature is calculated, that would be an option. But I don't see, how to achieve that. In the moment I don't see any other way than implementing the creation of the whole security header in groovy , but before doing that I wanted to ask here, if someone has a better idea.
I'm using soapUI 5.0
in my soap requests I need to provide a security header containing a username token without password:
</ds:KeyInfo>
</ds:Signature>
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>someusername</wsse:Username>
</wsse:UsernameToken>
But in the WS-Security Configurations (project view) I can't find that option.
Choosing Username element, I can only select from [PasswordText; PasswordDigest; PasswordDigest Ext] and not omit the password entry.
I thought about removing the password token after the creation of the security header, but unfortunately I also need a wsse-signature over the whole usernametoken, so this is not an option, because the digest would not match anymore.
If I could somehow modify the UsernameToken after it's creation but before the signature is calculated, that would be an option. But I don't see, how to achieve that. In the moment I don't see any other way than implementing the creation of the whole security header in groovy , but before doing that I wanted to ask here, if someone has a better idea.