SOAPUI not signing/ security header empty
Hi, Ive been stressed out by this item. Ive followed through the following guide:soapui keystore + security guide, double checked everything (keystore status = OK) and created the corresponding "Outgoing WS-Security Configurations". Added Signature and Timestamp, both items fully configured. Later I added, to my Request, a Basic Auth (pre-emptive auth: Use global preference) and pointed "Outgoing WSS" to my created configuration. The service that I need to connect with is stating: "An error occurred when verifying security for the message." I do believe that the reason behind all of this is because Im not seeing a security or signature token anywhere (or they are empty). I even tried creating a Mock Service, in order to review the exact message that Im sending and its as follows (extracted from raw): <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wcf="http://wcf.dian.colombia"> <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/><wsa:Action>http://wcf.dian.colombia/IWcfDianCustomerServices/GetStatus</wsa:Action></soap:Header> <soap:Body> <wcf:GetStatus> <wcf:trackId>1d1</wcf:trackId> </wcf:GetStatus> </soap:Body> </soap:Envelope> As stated, this is almost empty. I reviewed other cases on site and they tended to go into two directions: * Incorrect or missing configuration: Im pretty sure Ive followed through every required step, I even checked multiple guides on this item. * Invalid JKS store: I tried with multiple certificates, even created one following a guide from smartbear for this purpose (right now, Im unsure which) and, as stated, all of them show Status = OK. Im terrible frustrated by this, which I do require for work, so if anyone could point me out on the correct direction... Ill really appreciate it. Thanks!3.8KViews0likes1CommentSSL Certificate verification missing
Hi Community, I've been trying to get SoapUI 5.5. (OpenSource) to verify and reject my self-signed ssl server certificate for security reasons (self-signed, not trusted), just like other clients do. Where can I switch the behavior between test and live environment? I need the verification enabled. In my case soapui just accepts the connection and does not even notify about any security issues. I have searched the database but didn't find much information. Thanks in advance.3.5KViews0likes10CommentsUnable to access service due to WSS-Password Type
Hi all, I am fairly novice with web services, and have a come across a problem with security. I am trying to access a 3rd party web service, which I can do fine when using SOAP. I have to set up 'Basic Security' and add a Username and Password, and then finally set the WSS-Password Type = PasswordText. This resolves perfectly in SOAP, and I can call and interact with the web service with no issues. However, when we try to do this externally (I am working with a web developer) we are coming across an issue with WSS-Password Type. I am posting the following - POST /serviceadress.svc HTTP/1.1 Host:Hostname Connection: Keep-Alive User-Agent: PHP-SOAP/5.5.23 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://servicehost/method" Content-Length: 678 Authorization: Basic R0lGVFZPVUNIRVI6R0lGVFZPVUNIRVI= WSS-PasswordType: PasswordText Username:xxxxxx Password:xxxxxx Every time I add the “WSS-Password Type”, the server rejects the request: failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request I have tried different parameters in the WSS-PasswordType field but all give the same error. If I remove this parameter altogether I get a security verification message, the same as in SOAP which is correct. I think its something simple but I have been unable to resolve. Any ideas?1.7KViews0likes1Comment