| Author |
Message
|
| meekings |
 Posted: Wed Feb 06, 2013 9:16 am Post subject: WS-Security in SOAP Request node |
 |
|
Voyager
Joined: 28 Jun 2001
Posts: 86
Location: UK, South West
|
I can access a web service successfully from soapUI, providing security info via the Aut tab, with Authorisation type Preemptive, and username and password set.
When I put the following message through a SOAP Request node:
| Code: |
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-29">MyUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">abc123</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
... |
I get an "unauthorized" response. What is soapUI doing that I'm not? This is the early stages of development of a flow that will ultimately use policy sets.
_________________
Brian Meekings
Information Design, Inc. |
|
| Back to top |
|
 |
| lancelotlinc |
| Posted: Wed Feb 06, 2013 9:21 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
|
| Back to top |
|
|
| meekings |
| Posted: Wed Feb 06, 2013 9:37 am Post subject: |
|
|
Voyager
Joined: 28 Jun 2001
Posts: 86
Location: UK, South West
|
Same values as for soapUI. I wondered if it might have something to do with the "Preemptive" authorization, which I don't know how to emulate in broker.
_________________
Brian Meekings
Information Design, Inc. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Wed Feb 06, 2013 9:41 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Feb 06, 2013 10:07 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| lancelotlinc wrote: |
Take a look at this:
| Code: |
| OutputRoot.SOAP.Header.wsse:Security.wsse:UsernameToken.wsse:Password |
|
Which, according to
http://www.mqseries.net/phpBB2/viewtopic.php?t=62150&start=0&postdays=0&postorder=asc&highlight=
IS DOING IT THE HARD WAY.
Please always use the built-in mechanisms in Broker - Security Profiles, in conjunction with Policy Sets and Policy Bindings, to perform Identity, Authorization, Authentication, Mapping and other security functions.
If you roll your own, the system is only as secure as your own personal expertise, and does not leverage the vast experience of IBM.
Also, if you construct a system to hold all passwords in a single location, then none of those passwords matter any more, the only passwords that matter are the passwords that are used to access the system that holds passwords. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Wed Feb 06, 2013 10:13 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
He said he was mocking up a proof-of-concept.
Other things he can try are :
| Code: |
OutputRoot.Properties.IdentitySourceType = 'usernameAndPassword';
OutputRoot.Properties.IdentitySourceToken = 'xyz_user';
OutputRoot.Properties.IdentitySourcePassword = 'xyz_pwd'; |
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| meekings |
| Posted: Thu Feb 07, 2013 9:59 am Post subject: |
|
|
Voyager
Joined: 28 Jun 2001
Posts: 86
Location: UK, South West
|
Thanks, lancelotlinc - that did the trick, once I'd figured out that I also needed Default Propagation for the Security Profile.
Onward and upward, to implement security properly - before I send mqjeff off on another tirade ...
_________________
Brian Meekings
Information Design, Inc. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Feb 07, 2013 10:21 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| meekings wrote: |
Thanks, lancelotlinc - that did the trick, once I'd figured out that I also needed Default Propagation for the Security Profile.
Onward and upward, to implement security properly - before I send mqjeff off on another tirade ... |
No need to wait. I'm happy to provide tirades to respected colleagues on request. |
|
| Back to top |
|
|
|
|
