Forum Discussion

Sachin_Sawe__Pr's avatar
Sachin_Sawe__Pr
Contributor
15 years ago

[SOLVED]SOAP Monitor with a WS requiring certificate for authentication

Hi Ole,

We want to use soap monitor to capture messages sent to a secure service (https://) that requires a client certificate to authenticate. At present we have configured soapui project to use this certificate in keystores section under security configuration of a project. So that takes care of issuing requests using this certificate. But what we want to know is how to use SOAP Monitor to capture these messages using either proxy or tunneling method and then use these in a mock service to playback.

I have looked at soap monitor documentation on soapui website but a few things are not clear for e.g. what should be entered in HTTP Tunnel keystore, HTTP password fields, set endpoint fields? Do we need to setup incoming WSS for this?

If you can point me to a more exhaustive documentation or any pointer at all shall be of great help.

Thank you,
Sachin

9 Replies

Sort By
  • Sachin_Sawe__Pr's avatar
    Sachin_Sawe__Pr
    Contributor
    15 years ago
    Hi Ole,

    Did you get a chance to look at this question. Can you please look at it sooner?

    Thanks,
    Sachin
  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    15 years ago
    Hello,

    You need to set up "HTTP Tunnel". Set tunnel's end point to service's end point, truststore, keystore should be same as  you set for project. That is since tunnel works like this: it listens and all request pointed to it points to set end point. So, you'll be pointing your request to tunnel (https://localhost: ), than it will use given certificates to redirect your requests to server and get back to you with response.

    Let me know does this helps you,
    robert
     
  • Sachin_Sawe__Pr's avatar
    Sachin_Sawe__Pr
    Contributor
    15 years ago
    The problem is when I use HTTP Tunnel, soapui hourglass keeps spinning and in the background at command prompt it asks me for jetty ssl password followed by jetty ssl keypassword. Now do I have to set up a new keystore for the monitor? I have only one keystore that my target endpoint needs and password to it. I attach this keystore to my soap request and that is how my request is authenticated by target server.

    any ideas?

    Sachin
  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    15 years ago
    hello,

    you could use that keystore for tunnel, too. tunnel is server and client at same time so it have to have one.

    robert
  • Sachin_Sawe__Pr's avatar
    Sachin_Sawe__Pr
    Contributor
    15 years ago
    I tried using that keystore for the tunnel but even then it asks me for jetty ssl password, jetty ssl keypassword at the command prompt. Can you please elaborate on the fields on soap monitor dialog box and tell me what do they expect users to enter in them?

    HTTP Tunnel Keystore
    HTTP Tunnel password
    HTTP Tunnel keypassword
    HTTP Tunnel trust store
    HTTP Tunnel trust store password
    Tunnel Client keystore
    Tunnel Client password
  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    15 years ago
    Hello,

    HTTP Tunnel Keystore, HTTP Tunnel password, HTTP Tunnel keypassword, HTTP Tunnel trust store, HTTP Tunnel trust store password are used to set up jetty running secure service, it is used by server(https). This when tunnel server side.  Tunnel Client keystore and Tunnel Client password are used by tunnel when it connects as client to end point. So, there should be two solutions set for tunnel/client same file as key store and trust store and appropriate passwords, or generate your own key store/trust store for http tunnel( you should have keytool in java distribution for this ) but for client use keystore you already have. First five must be set, last two are optional since server could choose not to authorize clients and deal with them in some manner.

    I hope I made at least a bit clear this, let me know,
    robert
  • Sachin_Sawe__Pr's avatar
    Sachin_Sawe__Pr
    Contributor
    15 years ago
    Let me see if I understand it correct based on input from you so far:

    When using soap monitor:
    1. It sounds like if I need to talk to external web service that is ssl enabled and requires certificate to authenticate, I MUST use HTTP Tunnel mode to create soap monitor and that I cannot use simple HTTP Proxy mode to create soap monitor, correct?

    2. Assuming #1 above is correct assumption, in order to now create soap monitor in HTTP Tunnel mode I do need to create my keys and password using java keytool in order that I could provide them in new soap monitor dialog using http tunnel because those fields are REQUIRED when creating soap monitor in http tunnel mode, correct?

    Please correct me or provide me with more details in case I understood it wrong. Again thank you for your prompt replies, much appreciated.

    Sachin
  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    15 years ago
    Hello,

    1.Yes.

    2.yes, if you are using https. since trough tunnel could go http also, but than you do not need keystore and truststore..

    Does this helps you?
    robert
  • Sachin_Sawe__Pr's avatar
    Sachin_Sawe__Pr
    Contributor
    15 years ago
    Thank you, Robert. I shall post more feedback if I find anything or have any questions. I appreciate your prompt response.