I am going to do load test on SOAP API and involves operations like AES Encryption. Can we perform the load test by using Jmeter. If yes, How we can overcome issue. Thanks
You can use jmeter-wssecurity plugin for signing/encrypting messages using various AES algorithm implementations
Install WS Security for SOAP plugin using JMeter Plugins Manager
Once you do this and restart JMeter you should be able to add SOAP Message Encrypter pre-processor and specify desired encryption settings there like algorithm, which message parts to encrypt, whether to encrypt attachments, etc.
More information: Running SOAP WS-Security Load Tests in JMeter
Related
I am using Apex (Force.com) to send HTTP requests to a server that is hosted on AWS. How can I know if the server I am sending the HTTP request is using a valid certificate and my request will be encrypted before being sent out? I know I'd be able to look for the lock icon on the browser but since this is a RESTful API callout, I'm not sure how to do that. I found one similar question here and the answer seems to be PHP specific.
Message Analyzer Tool would help you here and this tool will track all communication including encryption.
Please install Message Analyzer tool in your client OR server environment and track the message.
Please check this link - https://technet.microsoft.com/en-us/library/dn727244.aspx
Regards
Abdul
We are using OTRS, which receive mail through external mail provider via IMAPS.
Mail provider is going to stop supporting mail clients which use unsafe SHA-1 signing algorithm. To continue using this mail provider we must be sure that our OTRS uses exactly SHA-256 algorithm to sign certificates during IMAPS session.
How could I check, what signing algorithm is used for IMAPS? Where can i find configs for this?
OTRS: 4.0.13
OS: CentOS 7.1
we would like to test our secure websocket (i.e wss) end point. I am looking for easy tool to test the endpoint. is there browser plugin available for wss protocol?
I used "Simple WebSocket Client" chrome plugin to test wss endpoint. If your websocket is using self signed certificate, you to need add that certificate as a trusted certificated in your browser.
I followed below steps to add the self signed in my chrome browser.
suppose your websocket url is "wss://host1:port1/testSocket" . Then type urls as https:// host1:port1/testSocket
and trust the certificate.
AutobahnTestsuite is an automated WebSocket protocol test suite that supports WSS. It is used by most WebSocket implementors to test their implementations for compliance and interoperability.
Disclosure: I am original author of the testsuite.
I've run into this issue often enough that I finally created my own barebones GUI for testing websockets. It's called Socket Wrench, it supports
multiple concurrent connections to servers (with all responses and connections displayed in the same view),
comprehensive message history to enable easy re-use of messages, and
custom headers for the initial connection request.
It's available for Mac OS X, Windows and Linux and you can get it from here.
What's the appropriate way to extend a Balana-OpenAZ based PEP to send XACML3 decision requests to a remote WSO2 Identity Server PDP?
You want to send XACML decision request from PEP to Identity Server PDP. Still Identity Server only supports SOAP based web service API, Thrift based API and WS-XACML. Therefore i guess, best way to start is using SOAP based web service API. You can find sample java based client from here to write a extension for Balana-OpenAZ PEP.
I'm currently writing a iphone app which will consume WCF services over a secure connection (SSL/https). I have managed to consume this service while testing locally via http.
Now we want to make sure the service is secure, so we've set up a UAT server with a properly signed certificate to run our tests.
We are using a custom binding, coupled with security mode TransportWithMessageCredentials which requires a username/password in the ClientCredentials property.
Generated the proxy using SISvcUtil.exe
When I try to call this secure service from the iPhone, I get a rather lovely generic error of:
Exception in async operation: System.Net.WebException: There was an error on processing web request: Status code 500(internal server error)
(Here is a pastebin of full exception ).
I've tried implicitly accepting the certificate using:
ServicePointManager.ServerCertificateValidationCallBack = (sender, cert, chain, ssl) => true;
but this just returns the same 500 error.
The same code works great on a windows machine but not on the iphone. Has anyone else come across this problem and/or know of a solution to it?
This could be a bug in monotouch, it may not have full implementation of generated proxy using SISvcUtil.exe, did you try generating a mac app and test it on mac?
Does monotouch have any documented example with support on WCF proxy? If they dont have then probably it may not work, monotouch does not provide a .NET runtime, instead it actually compiles everything to native ios binary. So if WCF proxy is not correctly transformed, it will not work.
So it would seem that at the time of writing, Monotouch doesn't support WCF very well (it currently has a barebones implementation).
Due to this, and the need for decent security around our webservice, we've decided to go down a different route; validating the user via username+password over a secure, encrypted SSL connection everytime the web service is called. We use Silverlight 3.0 SiSUtil.exe to generate the bindings for the webservice rather than include it as a web reference in the project.
Generally when getting Internal Server errors I've found the cause to be a problem with the HTTP headers being sent in the request. I don't really use WCF on MonoTouch so I'm not sure about the implementation.