Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UsernameToken & Timestamp #3

Closed
anthonygauthier opened this issue Jun 8, 2017 · 2 comments
Closed

UsernameToken & Timestamp #3

anthonygauthier opened this issue Jun 8, 2017 · 2 comments

Comments

@anthonygauthier
Copy link

anthonygauthier commented Jun 8, 2017
edited

Hi,

In my SoapUI project, I have a "Username" and "Timestamp" configurations as part of my WS-Security Configurations. I was wondering if there was any way of reproducing these two configs with your plugin.

Do I need to add a certain native sampler, config, pre-processor, etc ? Or do I simply need to add the XML directly into my raw body request?

I do have Timestamp and UsernameToken with their correct namespaces in my "Parts to Sign"

Thanks a lot
@tilln
Copy link
Owner

tilln commented Jun 8, 2017

Hi,

I hope I understand correctly what you mean by "two configs". SoapUI can define multiple Outgoing WS-Security Configurations of which you can pick one at test runtime, whereas this plugin just defines one config that always applies.

If you simply want two elements included in the signature, you would (as you guessed already) simply add the XML directly into your raw body, e.g.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Timestamp>
                <wsu:Created>${created}</wsu:Created>
                <wsu:Expires>${expires}</wsu:Expires>
            </wsu:Timestamp>
            <wsse:UsernameToken>
                <wsse:Username>${username}</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">${password}</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>
        <your_content_here/>
    </soapenv:Body>
</soapenv:Envelope>

Then in your "Parts to Sign" list all elements to be included (just as in SoapUI), e.g.

Name Namespace Encode
UsernameToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Timestamp http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd

The plugin just picks up the raw request (with variables replaced etc.) and adds the signature, however, you'll have to provide all elements you want in there as it won't generate anything for you but the signature.

HTH

@anthonygauthier
Copy link
Author

anthonygauthier commented Jun 9, 2017
edited

Hi,

Thank you for your detailed response. I will test it out today, but if I correctly understand what you're saying, the plugin will pick up any elements of the signature already present in my raw body request and add/modify the rest of the signature to it?

Thanks again,

EDIT : That's exactly what it does - awesome! Thank you! Issue is fixed!

@tilln tilln closed this as completed Jun 11, 2017
@sandervanwanrooy sandervanwanrooy mentioned this issue Mar 29, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anthonygauthier @tilln