| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WS-authentication using HTTPINputHeader vs SOAPHeader |
« View previous topic :: View next topic » |
| Author |
Message
|
| vickas |
 Posted: Fri Jul 25, 2014 9:30 am Post subject: WS-authentication using HTTPINputHeader vs SOAPHeader |
 |
|
Centurion
Joined: 18 Aug 2013
Posts: 126
|
Hie All ,
I am able to implement the web service authentication & authorization using HTTP nodes in several ways.
I have created the security profile(LDAP) & configured to the final bar and chose default propagation on the security tab of HTTP INPUT node and hit the service provider using NETTOOL ( checked the authentication tab - provided the uname n pwd ) & it worked perfectly.
the other way , i chose username + password (provided the Xpath of the uname n pwd ) on the security tab of HTTP INPUT node and hit the service provider using NETTOOL . & worked perfectly.
and then i wanted to implement it using SOAP nodes as well ,
i used the same security profile and hit the serviceprovider using SOAPUI fillling in the details of AUTH tab & it worked perfectly .
In all above scenerios , one thing commonly noticed is , encoded uname n pwd are being populated in HTTPInputHeader before i hit the service.
now, when i tried to implement Ws-security by including the authentication details in SOAP Headers , it Didnt work ??
How do i achieve this ?
and is implementing authentication using InputHttpHeader & SoapHeader the same ?? which is more preferable ?? what is the diff ?? |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Fri Jul 25, 2014 9:39 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Enable the default WSSEC10 Provider profile on the flow. |
|
| Back to top |
|
|
| vickas |
| Posted: Wed Jul 30, 2014 12:33 am Post subject: |
|
|
Centurion
Joined: 18 Aug 2013
Posts: 126
|
@MQjeff , ThAnx for your inputs .
yea , I chose the existing WSS10Default while trying out the above mentioned scenerio - it didnt work with SOAP nodes.
I have authenticated web services flows by populating uname n pwd (base64encoded) in HTTPINputHeader and validating against the External Security Provider (LDAP). but couldnt acheive it by populating uname n pwd in SOAP Request Message (i.e in SOAP Header sectn)
Is implementing authentication using InputHttpHeader & SoapHeader the same ?? which is more preferable ?? what is the diff ?? |
|
| Back to top |
|
|
| martinb |
| Posted: Wed Jul 30, 2014 1:49 am Post subject: |
|
|
Master
Joined: 09 Nov 2006
Posts: 210
Location: UK
|
SOAP over HTTP can be authenticated in several ways,
- HTTP BasicAuth - for which you only set an appropriate Security profile on SOAPInput node
- WS-Security Username token profile - for which you set both Security profile and Policy Set and Bindings (eg default WSSEC10) on SOAP node
There is no single answer to which is preferable - it depends on your security architecture, existing applications etc etc..
vickas When you say
| Quote: |
| when i tried to implement WS-Security by including the authentication details in SOAP Headers , it Didnt work ?? |
If you want help you need to elaborate - the product does support this and documents how to achieve it, if you have hit a specific issue give details of what you configured and what exactly went wrong
Thanks |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
