SSL Certificate verification missing
Hi Community, I've been trying to get SoapUI 5.5. (OpenSource) to verify and reject my self-signed ssl server certificate for security reasons (self-signed, not trusted), just like other clients do. Where can I switch the behavior between test and live environment? I need the verification enabled. In my case soapui just accepts the connection and does not even notify about any security issues. I have searched the database but didn't find much information. Thanks in advance.
SOAPUI not signing/ security header empty
Hi, Ive been stressed out by this item. Ive followed through the following guide:soapui keystore + security guide, double checked everything (keystore status = OK) and created the corresponding "Outgoing WS-Security Configurations". Added Signature and Timestamp, both items fully configured. Later I added, to my Request, a Basic Auth (pre-emptive auth: Use global preference) and pointed "Outgoing WSS" to my created configuration. The service that I need to connect with is stating: "An error occurred when verifying security for the message." I do believe that the reason behind all of this is because Im not seeing a security or signature token anywhere (or they are empty). I even tried creating a Mock Service, in order to review the exact message that Im sending and its as follows (extracted from raw): <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wcf="http://wcf.dian.colombia"> <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/><wsa:Action>http://wcf.dian.colombia/IWcfDianCustomerServices/GetStatus</wsa:Action></soap:Header> <soap:Body> <wcf:GetStatus> <wcf:trackId>1d1</wcf:trackId> </wcf:GetStatus> </soap:Body> </soap:Envelope> As stated, this is almost empty. I reviewed other cases on site and they tended to go into two directions: * Incorrect or missing configuration: Im pretty sure Ive followed through every required step, I even checked multiple guides on this item. * Invalid JKS store: I tried with multiple certificates, even created one following a guide from smartbear for this purpose (right now, Im unsure which) and, as stated, all of them show Status = OK. Im terrible frustrated by this, which I do require for work, so if anyone could point me out on the correct direction... Ill really appreciate it. Thanks!Unable to access service due to WSS-Password Type
Hi all, I am fairly novice with web services, and have a come across a problem with security. I am trying to access a 3rd party web service, which I can do fine when using SOAP. I have to set up 'Basic Security' and add a Username and Password, and then finally set the WSS-Password Type = PasswordText. This resolves perfectly in SOAP, and I can call and interact with the web service with no issues. However, when we try to do this externally (I am working with a web developer) we are coming across an issue with WSS-Password Type. I am posting the following - POST /serviceadress.svc HTTP/1.1 Host:Hostname Connection: Keep-Alive User-Agent: PHP-SOAP/5.5.23 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://servicehost/method" Content-Length: 678 Authorization: Basic R0lGVFZPVUNIRVI6R0lGVFZPVUNIRVI= WSS-PasswordType: PasswordText Username:xxxxxx Password:xxxxxx Every time I add the “WSS-Password Type”, the server rejects the request: failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request I have tried different parameters in the WSS-PasswordType field but all give the same error. If I remove this parameter altogether I get a security verification message, the same as in SOAP which is correct. I think its something simple but I have been unable to resolve. Any ideas?