MQSeries.net :: View topic - WS Security Username token issue in IIB

MQSeries.net

Tech Exchange

Education

Certifications

Library

Info Center

SupportPacs

FAQÂ Â

Usergroups

RSS Feed - WebSphere MQ Support

RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » WS Security Username token issue in IIB

WS Security Username token issue in IIB

« View previous topic :: View next topic »

Author

Message

rpvenkata

Posted: Tue Apr 15, 2014 12:22 pm Post subject: WS Security Username token issue in IIB

Newbie

Joined: 18 Mar 2014
Posts: 3

Hello,

Iam trying to hit an external web service over https with Username token using IIB, 9.0.0.1 on Windows.

The following is my flow :

MqInput node --> Compute node --> SOAPRequest Sub-flow

I referred to the below url and tried the suggested code at the end of the thread.

http://www.mqseries.net/phpBB2/viewtopic.php?t=47524&postdays=0&postorder=asc&start=15

But getting the following error.

invalid username or password

Able to get good response through SoapUI using the same credentials.
The following is the ESQL code I tried apart from the code from above link:

Code:

   DECLARE bsvc NAMESPACE 'urn:com.sffd/abcd';-- Iam using the correct namespace here while testing
   DECLARE wsse NAMESPACE 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd';

   DECLARE soapenv NAMESPACE 'http://schemas.xmlsoap.org/soap/envelope/';
DECLARE soapenc NAMESPACE 'http://schemas.xmlsoap.org/soap/encoding/';

   Set OutputRoot.SOAP.soapenv:Envelope.soapenv:Header.wsse:Security.wsse:UsernameToken.wsse:Username = 'xxxxx'; -- Iam using the correct username here
   Set OutputRoot.SOAP.soapenv:Envelope.soapenv:Header.wsse:Security.wsse:UsernameToken.wsse:Password = 'xxxxx'; --Iam using the correct password here while testing.

   SET OutputRoot.SOAP.Body.abcd:Get_abcd_Request = '';

The username has '@' and the password has '!' characters. Not sure if that would cause any issues while passing the same using the security header.

The following is the successful request msg using SoapUI :

Code:

<soapenv:Envelope xmlns:bsvc="urn:com.sffd/abcd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-2"><wsse:Username>xxxxx</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">fdgfdgfgdsffdfsfsf=</wsse:Nonce><wsu:Created>2014-04-15T00:36:16.105Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header>
<soapenv:Body>
<abcd:Get_abcd_Request/>
</soapenv:Body>
</soapenv:Envelope>

The following is from the trace file before making the call (manually masked out username and password)

Code:

(0x01000000:Folder):SOAP = ( ['SOAP' : 0x2b0057b0]
(0x01000000:Folder)http://schemas.xmlsoap.org/soap/envelope/:Envelope = (
(0x01000000:Folder)http://schemas.xmlsoap.org/soap/envelope/:Header = (
(0x01000000:Folder)http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:Security = (
(0x01000000:Folder)http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:UsernameToken = (
(0x03000000:PCDataField)http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:Username = 'xxxxx' (CHARACTER)
(0x03000000:PCDataField)http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:Password = 'xxxxx' (CHARACTER)
)
)
)
)
(0x01000000:Folder):Body = (
(0x03000000:PCDataField)urn:com.dfdf/bsvc:Get_abcd_Request = '' (CHARACTER)
(
(0x03000102:NamespaceDecl)xmlns:ns = 'urn:com.fdfd/abcd' (CHARACTER)
)
)
)

I also couldn't find a way to do this with the PolicySet/Security profile.

Can someone please advice on how to pass the username token ?

rpvenkata

Posted: Tue Apr 15, 2014 5:21 pm Post subject:

Newbie

Joined: 18 Mar 2014
Posts: 3

The following ESQL code(after SOAPEnvelope node) fixed it :

Code:

DECLARE wsse NAMESPACE 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd';
   DECLARE bsvc NAMESPACE 'urn:com.dfdf/abcd';

   Set OutputRoot.SOAP.Header.wsse:Security.wsse:UsernameToken.wsse:Username = 'xxxxx';
   Set OutputRoot.SOAP.Header.wsse:Security.wsse:UsernameToken.wsse:Password = 'xxxxx';

   SET OutputRoot.SOAP.Body.abcd:Get_dfdf_Request.(XMLNSC.NamespaceDecl)xmlns:"ns" = 'urn:com.dfdf/abcd';
   SET OutputRoot.SOAP.Body.bsvc:Get_dfdf_Request = '';

I plan on using UDP to provide username and password.

Please do let me know if there is efficient way of doing this, instead of coding the credentials in esql.
PolicySet or Security Profiles ?

Vitor

Posted: Wed Apr 16, 2014 4:36 am Post subject:

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

rpvenkata wrote:

Please do let me know if there is efficient way of doing this, instead of coding the credentials in esql.

This.
_________________
Honesty is the best policy.
Insanity is the best defence.

Display posts from previous:

Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » WS Security Username token issue in IIB

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Protected by Anti-Spam ACP