i'd like to remove "Timestamp" tag from SOAP headers and send Security headers like this:
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>Username</wsse:Username>
<wsse:Password>Password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
I use WSO2 esb. Proxy service with policy.
Remove the <sp:IncludeTimeStamp> tag inside Policy xml and open and save the proxy service that uses this policy. Then only the proxy will load the changed policy xml and the change will get reflected in the proxy.
Related
I have a business scenario where I have to invoke a client SOAP service that uses additional SOAP header parameters using Oracle SOA Suite 12c. When I test the web service independently via SOAP UI it shows below schema as input-
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:com="http://xmlns.client.org/Schema/Common/1.0/Common.xsd" xmlns:user="http://xmlns.uppcl.org/Schema/UserAccess/2.0/UserAccess.xsd">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.demo-open.org/wss/2004/01/demo-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.demo-open.org/wss/2004/01/demo-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>DemoUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Demo#123</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<com:TransactionReference>
<com:SourceSystemId>TXNSYSID</com:SourceSystemId>
<com:TxID>0403216376127836</com:TxID>
<!--Optional:-->
<com:BusinessID>DTUIQS</com:BusinessID>
</com:TransactionReference>
</soapenv:Header>
<soapenv:Body>
<user:CheckUserRequest>
<user:UserId>USER_ID</user:UserId>
</user:CheckUserRequest>
As we can see additional header elements wsse:Security > UsernameToken > Username/Password , TransactionReference > SourceSystemId / TxID / BusinessID as XML node.
Further, I configured the SOAP adapter in my SOA composite but it has only one input argument UserId. Now I am not able to figure out how can I pass additional headers (username/password, SourceSystemId / TxID / BusinessID ) in SOA Header for target web service invocation in my SOA composite.
add this snippet to omitt default wsa tags
<binding.ws> <property name="oracle.soa.ws.outbound.omitWSA" type="xs:boolean" many="false" override="may">true</property> </binding.ws>
I referred to the below link to generate a SAML token from SOAP UI. But there is no service exposed in IS to validate a SAML token.
http://charithaka.blogspot.ae/2013/07/broker-trust-relationships-with-wso2.html
SAML Sample request in SOAP UI
RST Request
{Service.url}/services/wso2carbon-sts
{Service.url}/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint/
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
<wsu:Created>2014-12-17T11:59:30.226Z</wsu:Created>
<wsu:Expires>2014-12-17T11:59:30.226Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:To>https://localhost:9443/services/wso2carbon-sts</wsa:To>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:MessageID>urn:uuid:258de3bc-c053-4b41-93d5-5d292a896b3a</wsa:MessageID>
<wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/Bearer</wst:KeyType>
<wst:Claims xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/02/trust" wsp:Dialect="http://wso2.org/claims">
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/emailaddress"></wsid:ClaimType>
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/givenname"></wsid:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>
Also used sts client from
https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/sts/sts-client
Validate token which is given in WSO2 IS -> Tools -> Validate SAML Request, does not seem to work for the use case in hand, when providing the generated RSTR(Response for Security Token Request).
Is there any difference between the sts client and the link provided above?
Looking for a way to validate SAML token via SOAP service(SOAP UI)?
Sample Client provided with WSO2IS 5.0.0 will call to a service (echo) secured with sts. So it validate the sts token internal before access the service but there it does not provide a separate API to validate the token.
And in the WSO2 IS -> Tools -> Validate SAML Request
It only validate the SAML logout request and login requests not the SAML assertion only.
But in IS 5.1.0 (from next release onwards) wso2carbon-sts API will provide a validation service
I wish to write custom policy .How would i start .
I couldn't find any blogs about that .
My issue is my client has been fixed header request for authentication.So The Username-token authentication scenario is perfect for me .But client unable to send the Proper format request as per the Scenario needed .
Its sending username password in some other format
<soapenv:Header>
<pr:authentication soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0" xmlns:pr="http://webservices.im.com/ProxyService">
<pr:user>mwp</pr:user>
<pr:password>MWp003</pr:password>
</pr:authentication>
</soapenv:Header>
But its not working in wso2 ESB Username-token scenario.Expecting input Header is like this
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-4">
<wsu:Created>2014-06-02T07:15:21Z</wsu:Created>
<wsu:Expires>2014-06-02T08:38:41Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-3">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">byWKVY4stEATvTqaoNMswQ==</wsse:Nonce>
<wsu:Created>2014-06-02T07:15:21.304Z</wsu:Created>
</wsse:UsernameToken>
</wsse: >
</soapenv:Header
So what is the solution for this how would achieve this.
Thanks in advance.
ESB uses WS-Security specification to secure Web services. Therefore, client need to send messages according to that specification. But in your case, It seems to be your client sending user/password in custom SOAP headers. Then these can not be validated by ESB. There can be two solutions.
You need to modify your client to compliant with WS-Security spec.
You can write some custom handler (axis2 handler) to read custom headers in your message and validate user/password against the user store.
Basically WS-Security messages are also validated by a axis2 handler called Apache Rampart.
I apologize in advance if this post feels too long. But 1) this is my first post ever and 2) I have really been over the river and through the woods trying to figure this out.
The Add Service Reference feature in Visual Studio 2012 produces a proxy that (apparently) generates invalid SOAP messages. I suspect it has to do with serialization or how the proxy types are decorated but I cannot seem to figure it out. Help is much appreciated.
Detail 1. My environment is Visual Studio 2012 and I have created a .NET 4.5 class library with a service reference to https://sandbox-api.bancbox.com/v1/BBXPort?wsdl. I'm attempting to call the getClient() function; which is defined here. (http://www.bancbox.com/api/view/45)
The code looks like this:
public void GetClient()
{
// create an instance of the service reference proxy class
var bbx=newBBXClient();
bbx.ChannelFactory.Endpoint.Behaviors.Remove<System.ServiceModel.Description.ClientCredentials>();
bbx.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials());
bbx.ClientCredentials.UserName.UserName="MY_USERNAME";
bbx.ClientCredentials.UserName.Password="MY_PASSWORD";
var customerId=newid {
subscriberReferenceId="44XX33YY"
};
var request=newgetClientRequest {
subscriberId=MY_SUBSCRIBER_ID,
clientId=customerId
};
var response=bbx.getClient(request);
}
Detail 2. I have made many successful calls into the web service via SoapUI. The successful SoapUI-produced SOAP messages look like this
<soapenv:Envelope xmlns:sch="schema.bancbox.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-11">
<wsse:Username>MY_USERNAME</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">MY_PASSWORD</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">tRLo6AlRKl+/rULiKq6A6g==</wsse:Nonce>
<wsu:Created>2013-02-22T18:32:02.204Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<sch:getClient>
<getClientRequest>
<subscriberId>MY_SUBSCRIBER_ID</subscriberId>
<clientId>
<!--Optional:-->
<subscriberReferenceId>44XX33YY</subscriberReferenceId>
</clientId>
</getClientRequest>
</sch:getClient>
</soapenv:Body>
</soapenv:Envelope>
Detail 3. Per Fiddler, my failed SOAP messages look like this
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPozcAgEH0QhJHloqMBWUf3mAAAAAA5wy3enJkDUGU8IaMUCFyEjzfL+1Uez1HhAvEeFpJ+30ACQAA</VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-6e1c9f81-0651-41f7-b659-26b191bf7e13-1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<o:Username>MY_USERNAME</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">MY_PASSWORD</o:Password>
<o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">hGggJkxurSkHQ3MKoeBK6AmEHNs=</o:Nonce>
<u:Created>2013-02-23T11:24:47.663Z</u:Created>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<getClient xmlns="schema.bancbox.com">
<getClientRequest xmlns="">
<subscriberId>MY_SUBSCRIBER_ID</subscriberId>
<clientId>
<subscriberReferenceId>XX55YY22</subscriberReferenceId>
</clientId>
</getClientRequest>
</getClient>
</s:Body>
</s:Envelope>
The SOAP message above is produced when running the GetClient() method. GetClient throws the following Exception.
System.ServiceModel.FaultException
Unmarshalling Error: cvc-elt.4.2: Cannot resolve 'getClientRequest' to a type definition for element 'getClientRequest'.
When I replay the same failing message using SoapUI, I get the following response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Client</faultcode>
<faultstring>Unmarshalling Error: cvc-elt.4.2: Cannot resolve 'getClientRequest' to a type definition for element 'getClientRequest'. </faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
Detail 4. Based on my research, this indicates that the server on the other end is Apache CXS. It's choking on my SOAP request. So I started playing around with my SOAP message and submitting it via SoapUI.
The first glaring distance in the successful message and my fail message are these lines
SUCCESS
<sch:getClient>
<getClientRequest>
FAIL
<getClient xmlns="schema.bancbox.com">
<getClientRequest xmlns="">
So the first thing that I did was make my getClientRequest tag identical to the successful one.
<getClient xmlns="schema.bancbox.com">
<getClientRequest>
This produced the following response.
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>Found element {schema.bancbox.com}getClientRequest but could not find matching RPC/Literal part</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
The next thing that I did is change the way the getClient tag is assigned a schema.
BEFORE
<getClient xmlns="schema.bancbox.com">
AFTER
<s:Envelope xmlns:bb="schema.bancbox.com" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
. . .
<bb:getClient>
<getClientRequest>
. . .
</bb:getClient>
The resultant SOAP message looks like this and it is successful.
<s:Envelope xmlns:bb="schema.bancbox.com" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPozcAgEH0QhJHloqMBWUf3mAAAAAA5wy3enJkDUGU8IaMUCFyEjzfL+1Uez1HhAvEeFpJ+30ACQAA</VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-6e1c9f81-0651-41f7-b659-26b191bf7e13-1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<o:Username>MY_USERNAME</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">MY_PASSWORD</o:Password>
<o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">hGggJkxurSkHQ3MKoeBK6AmEHNs=</o:Nonce>
<u:Created>2013-02-23T11:24:47.663Z</u:Created>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<bb:getClient>
<getClientRequest>
<subscriberId>MY_SUBSCRIBER_ID</subscriberId>
<clientId>
<subscriberReferenceId>XX55YY22</subscriberReferenceId>
</clientId>
</getClientRequest>
</bb:getClient>
</s:Body>
</s:Envelope>
So the million dollar questions are WHY and HOW.
*WHY does the .NET proxy class serialize the SOAP message the way it does?
*HOW do I fix it? How can I may my proxy serialize into the SOAP message above? How can I force the serializer to define shorthand for the message namespace in the Envelop and then use the shorthand in the message tag?
FYI, to even get to this point I had to get past a number of WCF WSE issues and ended up implementing the solution so generously provided on Rich Stahls blog. I would post the link but apparently I don't have enough rep.
From I understand, the SOAP message that WCF produces is syntactically correct. However, Java CXF web services are very rigid with regards to the SOAP messages that they will accept.
The solution to specific problem setting aliases for xml namespace definitions in the Operation node of the SOAP messages produced by WCF proxies involves implementing a Custom Message Inspector is detailed here: Force WCF to create an xml namespace alias in client proxy.
This has completely resolved my issue.
I have to create a form where I want to send customer id to CRMOD and and should get customer address…customer contacts.
I did but when i click on Run Query button it gives me error:
The SOAP response indicates that an error occurred on the server:
Server
SBL-ODU-01006Internal Error: Session is not available. Aborting.
How to avoid this.How can i pass my Siebel Credentials.How can i see the SOAP request tht MS Infopath is sending????
PLZ HELPy
The error is because you either don't have an active session, or you didn't include the credentials in the soap request header.
I am not sure how you do that in MS Infopath, but this is how SOAPUI adds it.
<soapenv:Envelope xmlns:acc="urn:/crmondemand/xml/account" xmlns:ns="urn:crmondemand/ws/account/10/2004" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>USERNAME</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">ICC4Ho6oURr/yaJI9uN/+Q==</wsse:Nonce>
<wsu:Created>2013-04-11T22:07:18.772Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ns:AccountWS_AccountQueryPage_Input>
<acc:ListOfAccount>
<acc:Account>
.....
</acc:Account>
</acc:ListOfAccount>
</ns:AccountWS_AccountQueryPage_Input>
</soapenv:Body>
</soapenv:Envelope>