cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAP HEADER - WSS Security

former_member309357
Participant

on ‎11-21-2016 3:16 PM

0 Kudos

Hello Experts,

We are using PI 7.11 and got a new requirement PROXY <--> SOAP. As we need to send the data to government website they provided the details to be in the header which are to be encrypted using key symmetric and Base 64 encoded result. Please find below example Header structure :

<S:Header>

<wss:Security xmlns:wss="http://schemas.xmlsoap.org/ws/2002/12/secext">

<wss:UsernameToken>

<wss:Username>599999993/37</wss:Username>

<wss:Password>ikCyRV+SWfvZ5c6Q0bhrBQ==</wss:Password>

<wss:Nonce>

fkAHne7cqurxpImCfBC8EEc2vskyUyNofWi0ptIijYg4gYCxir++unzfPVPpusloEtmLkcZjf+E6T9/76tsCqdupUkxOhWtkRH5IrNwmfEW1ZGFQgYTF21iyKBRzMdsJMhhHrofYYV/YhSPdT4dlgG0tk9Z736jFuw061mP2TNqHcR/mQR0yW/AEOC6RPumqO8OAfc9/b4KFBSfbpY9HRzbD8bKiTo20n0PtamZevCSVHht4yt/Xwgd+KV70WFzyesGVMOgFRTWZyXyXBVaBrkJS8b6PojxADLcpWRnw5+YeOs3cPU2o1H/YgAam1QuEHioCT2YTdRt+9p6ARNElFg==

</wss:Nonce>

<wss:Created>>YEWoIoqIY5DOD11SeXz+0i4b/AJg1/RgNcOHOYpSxGk</wss:Created>

</wss:UsernameToken>

</wss:Security>

</S:Header>

Request you to provide your suggestion for this.

Thanks

Ravi.

Show replies
Show replies
former_member309357
Participant
‎11-22-2016 10:07 AM
0 Kudos

Experts, can you please provide your inputs.

former_member309357
Participant
‎04-28-2017 1:04 PM
0 Kudos

Hi Experts,

The provided WSDL does not contain any HEADER fields in it. Do we need to add it explicitly, if yes please let me know how to add the mentioned header fields in SOAP UI.

Thanks

Ravi

Andrzej_Filusz
Contributor
‎04-28-2017 3:08 PM
0 Kudos

Hi Ravi,

You can right click on your XML message and choose 'Add WSS Username Token' (configure basic authentication first).

If you need more information please check the following URL:

https://www.soapui.org/soapui-projects/ws-security.html

Regards,

Andrzej

Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Andrzej_Filusz
Contributor
‎11-25-2016 11:17 AM

Hi Ravi,

You have two options:

1. use an Axis adapter which supports WS Security,

2. use a SOAP adapter and check 'Do Not Use SOAP Envelope' option in you communication channel. But in this case you have to create SOAP envelope with a security header by yourself (in java mapping for example).

Best regards,

Andrzej

Show replies
Show replies
manoj_khavatkopp
Active Contributor
‎11-25-2016 11:24 AM
0 Kudos

How about AddSoapHeaderBean

https://blogs.sap.com/2013/11/22/addsoapheaderbean-module/

Andrzej_Filusz
Contributor
‎11-25-2016 5:28 PM

Hi,

It seems it could be an another option, but it depends on which type of password we have to use ('PasswordText' or 'PasswordDigest'). In case of 'PasswordText' type - your idea could work. In case of 'PasswordDigest' type - we would also need some piece of code which would calculate the password digest for us.

In the example above I can see 'Nonce' and 'Created' values so I guess we have PasswodDigest here.

Best regards,

Andrzej Filusz

former_member309357
Participant
‎11-29-2016 3:41 PM
0 Kudos

Hello Andrzej Filusz,

Does the fields should be encrypted with RSA algorithm mentioned as below:

Nonce: KS: = byte array with the symmetric key 128 bits produced according to the standard AES. CRSA, KpubSA: = symmetric key encryption function with the RSA algorithm using the public key of Authentication system (KpubSA). Base64: = Encoding Base 64 of the result.

Created: AES ECB PKCS Padding Ks C = Cipher Function using the AES algorithm, Model ECB, PKCS5Padding and the symmetric key request (KS). Base64: Base64 encoding = result.

Password: This password must be encrypted using the key Symmetrical application (see Nonce field) and encoded Base64.: 64 (()), 5 Password Base C SenhaPF AES ECB PKCS Padding Ks SenhaPF: = User Password set in the field

Please let me know. These also should be converted to Base64 after encryption.

Thanks

Ravi

Andrzej_Filusz
Contributor
‎11-30-2016 8:07 PM

Hi Ravi,

I don't know which algorithm you should use (in your first message you wrote that you have to use a symmetric algorithm, and then you wrote about RSA, but this is an asymmetric algorithm). Well, you must read the documentation from your Web Service provider and do exactly what is written there (I assume that the above specification comes from that documentation). That's what I did when I had to connect to WS using the WS-Security. I'm sorry that I can't be more helpful.

Best regards,

Andrzej

former_member309357
Participant
‎12-02-2016 10:33 AM
0 Kudos

Hi Andrzej,

Yes, the three fields Nonce, Created and Password are extracted as it is from document provided by Web service provider. Saying that NONCE should be a 128 bit symmetric key generated and that should be encrypted using RSA algorithm. And rest of the fields CREATED and PASSWORD should be encrypted using RSA. And after encryption all should be converted to BASE64.

Please suggest.

Thanks

Ravi.

Andrzej_Filusz
Contributor
‎12-02-2016 11:18 AM
0 Kudos

Hi Ravi,

In general, as I wrote, to implement WS-Security you can use an axis adapter or write everything by yourself in your java mapping. Please check the following note: 1039369 (FAQ XI Axis Adapter) if you need more information about an axis adapter. But which approach is better in your case? Well, it depends on your requirements. I'm afraid that an axis adapter doesn't support all your requirements and you will have to write your own handler(s) to support them. I had a similar case and when I realized that an axis adapter can't meet all my requirements then I decided to implement a java mapping. Note that Base64 encoding is not a problem - you can use an external libraries like Apache Commons or a standard classes from JDK (since java 6). I'm not sure if a RSA algorithm is available in standard JDK or PI libraries. If not - you will have to use an external library.

Best regards,

Andrzej

former_member309357
Participant
‎12-12-2016 11:24 AM
0 Kudos

Dear Andrzej,

Thank you so much for your prompt responses. As I am new to implement java code, can you please provide the java code to achieve the mentioned requirement.

Thanks in advance.

Ravi

Andrzej_Filusz
Contributor
‎12-13-2016 2:02 PM
0 Kudos

Hi Ravi,

I'm sorry but I don't have a such example. Please search this and Stack Overflow forums for hints & tips.

Regards,

Andrzej

former_member309357
Participant
‎12-28-2017 10:59 AM
0 Kudos

Hello All,

Due to PI 7.11 version, we are unable to use JAVA code due to lower version issues which leads to failing importing of respective classes. Can you please provide an XSLT for achieving the same. Awaiting your response.

Ravi

Show replies
Show replies
former_member190293
Active Contributor
‎12-28-2017 11:17 AM
0 Kudos

Hi Ravi!

And what are the problems with importing the needed classes?

The point is that you should understand that XSLT won't encrypt the data in WSS header by itself. If any additional java libraries are used for that - you would have to implement required java methods using custom class and use that class in your XSL transformation.

Regards, Evgeniy.

former_member309357
Participant
‎05-30-2018 2:44 PM
0 Kudos

Hello Kolmakov,

As we are using JDK 1.5 Update 45 for our PI 7.11 version, when trying to import some of the class for Base64 (DatatypeConverter.printBase64Binary(buffer.toByteArray())) etc, we are getting error.

So we cannot use java here.

Ravi

Ask a Question