-
Notifications
You must be signed in to change notification settings - Fork 839
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No support for WSSE authorization type #2762
Comments
Please add it also into stand alone Postman apps (Win, Mac, ...). |
Same issue.. new to Postman and was disappointed not to find WWSE as an option. I'm going to try emulating with manual headers and I'll let you know how it goes. |
Has this been addressed? |
No
…On Tue, Apr 10, 2018, 11:11 AM Jason Safaiyeh ***@***.***> wrote:
Has this been addressed?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2762 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB07i1wwSMBsrRxmcISTHrvvhl_NdlFsks5tnPXUgaJpZM4MNjam>
.
|
sooooooo you're just going to close the issue? Does this mean that it's not going to be addressed? |
For the moment you can copy this full script:
Assuming that you already created the variables That works for me as workaround after trying without success to make a Pre Request script with the CryptoJS that is embedded in Postman. |
This may be useful to someone. I'm connecting to a WCF SOAP service and was running into this error when trying to cut out the headers: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
<a:RelatesTo>{{guid}}</a:RelatesTo>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="en-US">An error occurred when verifying security for the message.</s:Text>
</s:Reason>
</s:Fault>
</s:Body>
</s:Envelope> In my case, I got around the issue by setting the following in the soap:Header section of my request body:
My prerequest contains: var moment = require('moment');
var now = moment().toISOString()
var exp = moment().add(5, 'minutes').toISOString();
pm.environment.set('currentTime', now);
pm.environment.set('newTime', exp); |
ive also created a wsse-header generating pre-request script which uses sha512 with multiple iterations for postman |
@munkiepus thanks for the script and idea with pre-request hook. it solved my issue. unfortunately original code wasn't working for me, so I wrote my own version: https://gist.github.com/everm1nd/1f0eee4df9d6369da9e0fad3d7529044 |
Hey. I found a solution, just put this on request body soapenv:Header |
@YashPethe That is only a partial solution and does not encompass all the security features that a service might require, such as timestamps, nonces, and more. Also that XML is malformed and wouldn't be accepted, as some of the tags are missing brackets or are mismatched. |
My automated API testing involves working with APIs which use an authorization method called WSSE.
The authentication happens using below parameters:
X-WSSE: UsernameToken Username="", PasswordDigest=" ", Nonce=" ", Created=" "
I didnt find a way in Postman that can help me do this.
Any help is greatly appreciated.
Thanks.
The text was updated successfully, but these errors were encountered: