Reputation: 3598
Constructing SOAP Security Header for wsse:UserToken
I'm trying to manually construct a SOAP request to an Address Validation webservice that requires a SOAP <Security> header to be set. But I can't seem to get it right. The technology stack I'm using (Salesforce) necessitates me forming the XML myself.
From the WSDL:
<s0:Policy s1:Id="derm.service.common.esb.wspolicy.UNT.1">
<wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy">
<wssp:SupportedTokens>
<wssp:SecurityToken TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssusername-token-profile-1.0#UsernameToken">
<wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-usernametoken-profile-1.0#PasswordText" />
</wssp:SecurityToken>
</wssp:SupportedTokens>
</wssp:Identity>
</s0:Policy>
Full WSDL: http://pastebin.com/Z5VswYNF
From the documentation linked from the WSDL (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf) I retrieved this example:
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>REDACTED_PLAINTEXT_USERNAME</wsse:Username>
<wsse:Password>REDACTED_PLAINTEXT_PASSWORD</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Replacing the values with the Username / Password I've been supplied and firing off the sample request from the documentation doesn't work.
Sample request with Security header:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soap="information.qld.gov.au/service/Addressing/ValidationService/2/soap">
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>REDACTED_PLAINTEXT_USERNAME</wsse:Username>
<wsse:Password>REDACTED_PLAINTEXT_PASSWORD</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<soap:ParseValidAddress>
<soap:addressString>867 Main Street Woolloongabba Queensland</soap:addressString>
<soap:postcodeOption>Include</soap:postcodeOption>
<soap:meshblockOption>Exclude</soap:meshblockOption>
</soap:ParseValidAddress>
</soapenv:Body>
</soapenv:Envelope>
Everything I try gets a generic error message
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Client</faultcode>
<faultstring>The requested operation was rejected. Please consult with your administrator.Your support ID is: REDACTED_SUPPORT_ID</faultstring>
<detail/>
</soap:Fault>
</soap:Body>
</soap:Envelope>
I've also tried the following from elsewhere on stackexchange:
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:SOAP-ENV="SOAP-ENV">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>oneview</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">oneview123</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
What am I doing wrong?
Upvotes: 0
Views: 4053
Answers (1)
Reputation:
I am missing the wsse namespace specification in your SOAP message. You can find it in the link from your text: "From the documentation linked from the WSDL (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf)" The value is http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Upvotes: 0
Related Questions
- SOAP vs REST (differences)
- Why is char[] preferred over String for passwords?
- How to pass "Null" (a real surname!) to a SOAP web service in ActionScript 3
- SOAP security, client authentication problem
- Savon gem shows (unknown keyword: :message)
- Axis2 generating wsu:Id="SecurityToken-..." in request header
- Generating SOAP Headers in MVC C#
- Possible to consume badly formed Fault Messages?
- How to get the source of request from Web Service?