Skip to Content
0

SOAP HEADER - WSS Security

Nov 21, 2016 at 03:16 PM

377

avatar image

Hello Experts,

We are using PI 7.11 and got a new requirement PROXY <--> SOAP. As we need to send the data to government website they provided the details to be in the header which are to be encrypted using key symmetric and Base 64 encoded result. Please find below example Header structure :

<S:Header>

http://schemas.xmlsoap.org/ws/2002/12/secext">

<wss:UsernameToken>

<wss:Username>599999993/37</wss:Username>

<wss:Password>ikCyRV+SWfvZ5c6Q0bhrBQ==</wss:Password>

<wss:Nonce>

fkAHne7cqurxpImCfBC8EEc2vskyUyNofWi0ptIijYg4gYCxir++unzfPVPpusloEtmLkcZjf+E6T9/76tsCqdupUkxOhWtkRH5IrNwmfEW1ZGFQgYTF21iyKBRzMdsJMhhHrofYYV/YhSPdT4dlgG0tk9Z736jFuw061mP2TNqHcR/mQR0yW/AEOC6RPumqO8OAfc9/b4KFBSfbpY9HRzbD8bKiTo20n0PtamZevCSVHht4yt/Xwgd+KV70WFzyesGVMOgFRTWZyXyXBVaBrkJS8b6PojxADLcpWRnw5+YeOs3cPU2o1H/YgAam1QuEHioCT2YTdRt+9p6ARNElFg==

</wss:Nonce>

<wss:Created>>YEWoIoqIY5DOD11SeXz+0i4b/AJg1/RgNcOHOYpSxGk</wss:Created>

</wss:UsernameToken>

</wss:Security>

</S:Header>

Request you to provide your suggestion for this.

Thanks

Ravi.

10 |10000 characters needed characters left characters exceeded

Experts, can you please provide your inputs.

0

Hi Experts,

The provided WSDL does not contain any HEADER fields in it. Do we need to add it explicitly, if yes please let me know how to add the mentioned header fields in SOAP UI.

Thanks

Ravi

0

Hi Ravi,

You can right click on your XML message and choose 'Add WSS Username Token' (configure basic authentication first).

If you need more information please check the following URL:

https://www.soapui.org/soapui-projects/ws-security.html

Regards,

Andrzej

0
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Andrzej Filusz Nov 25, 2016 at 11:17 AM
1

Hi Ravi,

You have two options:

1. use an Axis adapter which supports WS Security,

2. use a SOAP adapter and check 'Do Not Use SOAP Envelope' option in you communication channel. But in this case you have to create SOAP envelope with a security header by yourself (in java mapping for example).

Best regards,

Andrzej

Show 8 Share
10 |10000 characters needed characters left characters exceeded
0

Hi,

It seems it could be an another option, but it depends on which type of password we have to use ('PasswordText' or 'PasswordDigest'). In case of 'PasswordText' type - your idea could work. In case of 'PasswordDigest' type - we would also need some piece of code which would calculate the password digest for us.

In the example above I can see 'Nonce' and 'Created' values so I guess we have PasswodDigest here.

Best regards,

Andrzej Filusz

1

Hello Andrzej Filusz,

Does the fields should be encrypted with RSA algorithm mentioned as below:

Nonce: KS: = byte array with the symmetric key 128 bits produced according to the standard AES. CRSA, KpubSA: = symmetric key encryption function with the RSA algorithm using the public key of Authentication system (KpubSA). Base64: = Encoding Base 64 of the result.

Created: AES ECB PKCS Padding Ks C = Cipher Function using the AES algorithm, Model ECB, PKCS5Padding and the symmetric key request (KS). Base64: Base64 encoding = result.

Password: This password must be encrypted using the key Symmetrical application (see Nonce field) and encoded Base64.: 64 (()), 5 Password Base C SenhaPF AES ECB PKCS Padding Ks SenhaPF: = User Password set in the field

Please let me know. These also should be converted to Base64 after encryption.

Thanks

Ravi

0

Hi Ravi,

I don't know which algorithm you should use (in your first message you wrote that you have to use a symmetric algorithm, and then you wrote about RSA, but this is an asymmetric algorithm). Well, you must read the documentation from your Web Service provider and do exactly what is written there (I assume that the above specification comes from that documentation). That's what I did when I had to connect to WS using the WS-Security. I'm sorry that I can't be more helpful.

Best regards,

Andrzej

1

Hi Andrzej,

Yes, the three fields Nonce, Created and Password are extracted as it is from document provided by Web service provider. Saying that NONCE should be a 128 bit symmetric key generated and that should be encrypted using RSA algorithm. And rest of the fields CREATED and PASSWORD should be encrypted using RSA. And after encryption all should be converted to BASE64.

Please suggest.

Thanks

Ravi.

0

Hi Ravi,

In general, as I wrote, to implement WS-Security you can use an axis adapter or write everything by yourself in your java mapping. Please check the following note: 1039369 (FAQ XI Axis Adapter) if you need more information about an axis adapter. But which approach is better in your case? Well, it depends on your requirements. I'm afraid that an axis adapter doesn't support all your requirements and you will have to write your own handler(s) to support them. I had a similar case and when I realized that an axis adapter can't meet all my requirements then I decided to implement a java mapping. Note that Base64 encoding is not a problem - you can use an external libraries like Apache Commons or a standard classes from JDK (since java 6). I'm not sure if a RSA algorithm is available in standard JDK or PI libraries. If not - you will have to use an external library.

Best regards,

Andrzej

0

Dear Andrzej,

Thank you so much for your prompt responses. As I am new to implement java code, can you please provide the java code to achieve the mentioned requirement.

Thanks in advance.

Ravi

0

Hi Ravi,

I'm sorry but I don't have a such example. Please search this and Stack Overflow forums for hints & tips.

Regards,

Andrzej

0
Ravi Kiran Dec 28, 2017 at 10:59 AM
0

Hello All,

Due to PI 7.11 version, we are unable to use JAVA code due to lower version issues which leads to failing importing of respective classes. Can you please provide an XSLT for achieving the same. Awaiting your response.

Ravi

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Hi Ravi!

And what are the problems with importing the needed classes?

The point is that you should understand that XSLT won't encrypt the data in WSS header by itself. If any additional java libraries are used for that - you would have to implement required java methods using custom class and use that class in your XSL transformation.

Regards, Evgeniy.

0

Hello Kolmakov,

As we are using JDK 1.5 Update 45 for our PI 7.11 version, when trying to import some of the class for Base64 (DatatypeConverter.printBase64Binary(buffer.toByteArray())) etc, we are getting error.

So we cannot use java here.

Ravi

0