SOAP UI WS Security and Signing - Yash-777/Axis1x_Soap GitHub Wiki
The HTTPS protocol provides a protected connection between a client and the server by using a security layer (TLS/SSL).
The client requests a certificate from the server to verify the server’s identity. The server in its turn may also request a certificate from the client. In SoapUI, you can specify a certificate for outgoing requests.
WS-Security Configurations
Security Configurations: Keystores and Certifications and Incoming and Outgoing WS-Security Configuration
To Use the Client Certificate for One Request. Double-click the project node. Open the WS-Security Configuration tab and switch to the Keystores tab.
You can use the Keystores tab to add keystores to your WS-Security configuration. Keystores store your user credentials.
Outgoing WSS configurations are used to process outgoing messages, for example, to encrypt them, add signatures to them, and so on.
Signature : Signs outgoing message content. Specify which Keystore to use and the desired alias/password
Encryption : Encrypts outgoing message content. Specify which Keystore to use and the desired alias/password
<!-- Request header with Outgoing WS-Security Configurations Must-Understand checkbox to False -->
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<!-- ... -->
</wsse:Security>
</soapenv:Header>
<!-- Response -->
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<AddResponse xmlns="http://tempuri.org/">
<AddResult>7</AddResult>
</AddResponse>
</soap:Body>
</soap:Envelope>
<!-- ===== --- ===== -->
<!-- Request header with Outgoing WS-Security Configurations Must-Understand checkbox to true -->
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soapenv:mustUnderstand="1">
<!-- ... -->
</wsse:Security>
</soapenv:Header>
<!-- Response -->
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:MustUnderstand</faultcode>
<faultstring>System.Web.Services.Protocols.SoapHeaderException: SOAP header Security was not understood.
at System.Web.Services.Protocols.SoapHeaderHandling.SetHeaderMembers(SoapHeaderCollection headers, Object target, SoapHeaderMapping[] mappings, SoapHeaderDirection direction, Boolean client)
at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
at System.Web.Services.Protocols.WebServiceHandler.Invoke()
at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>NOTE: Before Sending Request add these handlers to the Request. How To Authenticate SOAP Requests in SoapUI
To manage authorizations in the request:
Open the XML editor for the needed request. Open the Auth panel.
In the Authorization drop-down list, select Add New Authorization. In the subsequent Add Authorization dialog, select an authorization type. as Basic. Form their select the Outgoing/Incoming WSS.
Outgoing WSS - Specifies the project-level outgoing WS-Security configuration to use in this request.
Incoming WSS - Specifies the project-level incoming WS-Security configuration to use for incoming responses
Signature:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-AF3B6A2B749280D39E160095955274819">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#id-AF3B6A2B749280D39E160095955274818">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="tem" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>IlzHIB5//XiXN0bh+ljbKIr9S2k36BNPJMAYcqLdZPw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...Cert Sign Vlaue...</ds:SignatureValue>
<ds:KeyInfo Id="KI-AF3B6A2B749280D39E160095955274816">
<wsse:SecurityTokenReference wsu:Id="STR-AF3B6A2B749280D39E160095955274817">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Baeldung,L=Casablanca,ST=Morocco,C=MA</ds:X509IssuerName>
<ds:X509SerialNumber>18148897422378544578</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action>http://tempuri.org/Add</wsa:Action>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-AF3B6A2B749280D39E160095955274818">
<tem:Add>
<tem:intA>3</tem:intA>
<tem:intB>4</tem:intB>
</tem:Add>
</soapenv:Body>
</soapenv:Envelope>Signature and Encryption:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-5B6D9E45AF48116D22160095916496613">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#id-5B6D9E45AF48116D22160095916496512">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="tem" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>mQZeRz5iT2G9TBSVWqS3vqGKyUAHWHqUuZPINwvDtU8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...Cert Sign Vlaue...</ds:SignatureValue>
<ds:KeyInfo Id="KI-5B6D9E45AF48116D22160095916496510">
<wsse:SecurityTokenReference wsu:Id="STR-5B6D9E45AF48116D22160095916496511">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Baeldung,L=Casablanca,ST=Morocco,C=MA</ds:X509IssuerName>
<ds:X509SerialNumber>18148897422378544578</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-5B6D9E45AF48116D2216009591649537">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Baeldung,L=Casablanca,ST=Morocco,C=MA</ds:X509IssuerName>
<ds:X509SerialNumber>18148897422378544578</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>...Chiper Value...</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-5B6D9E45AF48116D2216009591649568" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
<wsa:Action>http://tempuri.org/Add</wsa:Action>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-5B6D9E45AF48116D22160095916496512">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-5B6D9E45AF48116D2216009591649568" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#EK-5B6D9E45AF48116D2216009591649537" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>...</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>Timestamp Entries: TimeStamp with
Time to Live: 30000.
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-AF3B6A2B749280D39E160096084313540">
<wsu:Created>2020-09-24T15:20:43.134Z</wsu:Created>
<wsu:Expires>2020-09-28T02:40:43.134Z</wsu:Expires>
</wsu:Timestamp>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-AF3B6A2B749280D39E160096084309139">
<!-- ... -->
</ds:Signature>
</wsse:Security>Username Entries
