Topic
  • 11 replies
  • Latest Post - ‏2013-09-24T15:45:50Z by peachy
SystemAdmin
SystemAdmin
1250 Posts

Pinned topic WS-Security

‏2010-06-25T16:43:14Z |
We have a requirement to add WS-Security headers in a webservice request. How does Cast Iron support this?
A sample orchestration if someone can provide will be really helpful.
Updated on 2012-11-27T10:52:50Z at 2012-11-27T10:52:50Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    1250 Posts

    WSSE Headers

    ‏2010-06-26T01:27:13Z  
    Cast Iron will send the header if it is part of the SOAP message. The schema for the header should be included WSDL obtained from the web service provider. (Not all providers who support WS-SE provide a WSDL that reflects the headers.) SOAP headers are optional input parameters in the Invoke Service activity; select Map->Show Optional Parameters for the Studio menu (or right click on the Input Parameters to bring up a context menu to select Show Optional Parameters). Once the optional paramters are visible, the fields may be populated as usual (map onto or define default value).
     
  • SystemAdmin
    SystemAdmin
    1250 Posts

    Sample orchestration

    ‏2010-06-29T06:21:08Z  
    Thanks for your reply. Do you have a sample orchestration that I can get.
     
  • user2000
    user2000
    3 Posts

    Re: WS-Security

    ‏2011-09-29T17:16:31Z  
    In the instance where a wsdl does not describe soap security headers and it is required to add these to the header when a web service is invoked, what are the steps to have this added? I can't find a comparable tip in the web console and although I have imported the oasis web service security xsd into studio I am still in an integration desert.
  • SystemAdmin
    SystemAdmin
    1250 Posts

    Re: WS-Security

    ‏2011-09-30T15:36:27Z  
    • user2000
    • ‏2011-09-29T17:16:31Z
    In the instance where a wsdl does not describe soap security headers and it is required to add these to the header when a web service is invoked, what are the steps to have this added? I can't find a comparable tip in the web console and although I have imported the oasis web service security xsd into studio I am still in an integration desert.
    Hi,
    Did you have a look at Web Services Security Policy http://en.wikipedia.org/wiki/WS-SecurityPolicy ? Usually this is used when describing web services protection.

    Regards,
  • user2000
    user2000
    3 Posts

    Re: WS-Security

    ‏2011-10-04T16:25:51Z  
    Hi,
    Did you have a look at Web Services Security Policy http://en.wikipedia.org/wiki/WS-SecurityPolicy ? Usually this is used when describing web services protection.

    Regards,
    Yes, I've gotten the XSD for the oasis security into the project, used by the web service I'm requesting. But building the headers with these is problematic. For example getting the Password to be a sibling of the Username in the UsernameToken node I have not found a way in either the Map Variables or the Write XML with applying a number of string functions also. Where the UsernameToken has an 'any' node it doesn't appear in the mappable area or throws an error "One or more cannot contain data."
  • AnthonyinPortland
    AnthonyinPortland
    7 Posts

    Re: WS-Security

    ‏2011-11-09T00:08:49Z  
    • user2000
    • ‏2011-10-04T16:25:51Z
    Yes, I've gotten the XSD for the oasis security into the project, used by the web service I'm requesting. But building the headers with these is problematic. For example getting the Password to be a sibling of the Username in the UsernameToken node I have not found a way in either the Map Variables or the Write XML with applying a number of string functions also. Where the UsernameToken has an 'any' node it doesn't appear in the mappable area or throws an error "One or more cannot contain data."
    I need to implement WS-Security as well, but I'm new to Cast Iron. I see that the security header is created with username and password and type attribute just using my WSDL, but it is not properly composing the header. I also don't see that WS-Security is mentioned in the WSDL, so I'm not entirely sure how it knows to add these in the first place (?)

    Is there a way within Cast Iron to tell the security header to set Must Understand attribute, Nonce, or Created nodes?

    In Java, I would use the wss4j library, but I don't have a good sense of how Cast Iron Studio is handling its web services under the covers.

    Any clues as to how to get this to work would be helpful. I'm sure it could be done manually somehow, but it would be nice to leverage pre-existing libraries.
  • SystemAdmin
    SystemAdmin
    1250 Posts

    Re: WS-Security

    ‏2011-11-09T08:23:46Z  
    I need to implement WS-Security as well, but I'm new to Cast Iron. I see that the security header is created with username and password and type attribute just using my WSDL, but it is not properly composing the header. I also don't see that WS-Security is mentioned in the WSDL, so I'm not entirely sure how it knows to add these in the first place (?)

    Is there a way within Cast Iron to tell the security header to set Must Understand attribute, Nonce, or Created nodes?

    In Java, I would use the wss4j library, but I don't have a good sense of how Cast Iron Studio is handling its web services under the covers.

    Any clues as to how to get this to work would be helpful. I'm sure it could be done manually somehow, but it would be nice to leverage pre-existing libraries.
    Hi,

    WS-Security is not part of the WSDL since you need to use WS-Security Policy in order to add security mechanism to you Web Services WSDL (refer to WS-Security Policy standard).
    To add the Must Understand attribute, Nonce, or Created nodes, I would guess that a stylesheet would be easy to build.

    Regards,
    Magali
  • AnthonyinPortland
    AnthonyinPortland
    7 Posts

    Re: WS-Security

    ‏2011-11-18T19:12:21Z  
    Hi,

    WS-Security is not part of the WSDL since you need to use WS-Security Policy in order to add security mechanism to you Web Services WSDL (refer to WS-Security Policy standard).
    To add the Must Understand attribute, Nonce, or Created nodes, I would guess that a stylesheet would be easy to build.

    Regards,
    Magali
    I was actually able to get this working with the help of our consultant. I tried pulling in the OASIS schemas, but that didn't quite work, so we ended up using those as the basis for creating our own to drop in the XML Schemas directory.

    We created a SoapHeader (import OASIS Schemas and modify for Cast Iron format) and SoapHeader.meta file so that we had the WSS schema available in Cast Iron UI.

    From there we could use Map Variables to enter the Created and Nonce values using a custom JavaScript function and the other values could be defined using variables.

    We mapped the UsernameToken input from above to the the UsernameToken in the "To Activity" and now it's sending that correctly in the header.

    This feels like it's a hack for WSS, but it's working and reusable. Importing the OASIS schemas directly didn't work, but I think if I had more familiarity with Cast Iron, I may have been able to do it in a more standard fashion. It could just be how CI handles schema importation, but I'm not sure.
  • SystemAdmin
    SystemAdmin
    1250 Posts

    Re: WS-Security

    ‏2012-11-27T10:52:50Z  
    I was actually able to get this working with the help of our consultant. I tried pulling in the OASIS schemas, but that didn't quite work, so we ended up using those as the basis for creating our own to drop in the XML Schemas directory.

    We created a SoapHeader (import OASIS Schemas and modify for Cast Iron format) and SoapHeader.meta file so that we had the WSS schema available in Cast Iron UI.

    From there we could use Map Variables to enter the Created and Nonce values using a custom JavaScript function and the other values could be defined using variables.

    We mapped the UsernameToken input from above to the the UsernameToken in the "To Activity" and now it's sending that correctly in the header.

    This feels like it's a hack for WSS, but it's working and reusable. Importing the OASIS schemas directly didn't work, but I think if I had more familiarity with Cast Iron, I may have been able to do it in a more standard fashion. It could just be how CI handles schema importation, but I'm not sure.
    Hi,
    We have similar requirement to send WS-security authentication implementation in Castiron.
    Could you please help me out in this in downloading the oasis xsd etc.
    let me know if you need more info.
    thanks.
  • ekoehn
    ekoehn
    1 Post

    Re: WS-Security

    ‏2013-09-23T17:36:47Z  
    I was actually able to get this working with the help of our consultant. I tried pulling in the OASIS schemas, but that didn't quite work, so we ended up using those as the basis for creating our own to drop in the XML Schemas directory.

    We created a SoapHeader (import OASIS Schemas and modify for Cast Iron format) and SoapHeader.meta file so that we had the WSS schema available in Cast Iron UI.

    From there we could use Map Variables to enter the Created and Nonce values using a custom JavaScript function and the other values could be defined using variables.

    We mapped the UsernameToken input from above to the the UsernameToken in the "To Activity" and now it's sending that correctly in the header.

    This feels like it's a hack for WSS, but it's working and reusable. Importing the OASIS schemas directly didn't work, but I think if I had more familiarity with Cast Iron, I may have been able to do it in a more standard fashion. It could just be how CI handles schema importation, but I'm not sure.

    Hi,

    We also have similar requirements to pass a Security element in the soap header. In our case, even after tweaking the WSDL to explicitly declare the header definition (works in SoapUI), Cast Iron still does not show the definition and we are not able to substitute different types (other than simple types). See attached screen shot. AnthonyinPortland or others, would you be willing to share a WSDL example  that actually enables the {optional}header node in the Web Services Invoke Service (Map Inputs) so that it has a definition.

    Thanks,

    Eddie

  • peachy
    peachy
    58 Posts

    Re: WS-Security

    ‏2013-09-24T15:45:50Z  
    • ekoehn
    • ‏2013-09-23T17:36:47Z

    Hi,

    We also have similar requirements to pass a Security element in the soap header. In our case, even after tweaking the WSDL to explicitly declare the header definition (works in SoapUI), Cast Iron still does not show the definition and we are not able to substitute different types (other than simple types). See attached screen shot. AnthonyinPortland or others, would you be willing to share a WSDL example  that actually enables the {optional}header node in the Web Services Invoke Service (Map Inputs) so that it has a definition.

    Thanks,

    Eddie

    In Studio versions 6.1.0.9 and later, I see the headers (with structure for specifying the Security header).

    Since there is a structure that can now be populated, it may be assigned values through any mapping construct. Also, since there is now an exposed node, it may be possible to send other header structures using copyof.

    I am not sure if the headers node is structured for projects with Invoke Service activities that were created under earlier versions and then opened in a version that presents the Security header.

     

     

    Attachments