Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
11 replies Latest Post - ‏2013-09-24T15:45:50Z by peachy
SystemAdmin
SystemAdmin
1250 Posts
ACCEPTED ANSWER

Pinned topic WS-Security

‏2010-06-25T16:43:14Z |
We have a requirement to add WS-Security headers in a webservice request. How does Cast Iron support this?
A sample orchestration if someone can provide will be really helpful.
Updated on 2012-11-27T10:52:50Z at 2012-11-27T10:52:50Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    1250 Posts
    ACCEPTED ANSWER

    WSSE Headers

    ‏2010-06-26T01:27:13Z  in response to SystemAdmin
    Cast Iron will send the header if it is part of the SOAP message. The schema for the header should be included WSDL obtained from the web service provider. (Not all providers who support WS-SE provide a WSDL that reflects the headers.) SOAP headers are optional input parameters in the Invoke Service activity; select Map->Show Optional Parameters for the Studio menu (or right click on the Input Parameters to bring up a context menu to select Show Optional Parameters). Once the optional paramters are visible, the fields may be populated as usual (map onto or define default value).
     
  • SystemAdmin
    SystemAdmin
    1250 Posts
    ACCEPTED ANSWER

    Sample orchestration

    ‏2010-06-29T06:21:08Z  in response to SystemAdmin
    Thanks for your reply. Do you have a sample orchestration that I can get.
     
  • user2000
    user2000
    3 Posts
    ACCEPTED ANSWER

    Re: WS-Security

    ‏2011-09-29T17:16:31Z  in response to SystemAdmin
    In the instance where a wsdl does not describe soap security headers and it is required to add these to the header when a web service is invoked, what are the steps to have this added? I can't find a comparable tip in the web console and although I have imported the oasis web service security xsd into studio I am still in an integration desert.
    • SystemAdmin
      SystemAdmin
      1250 Posts
      ACCEPTED ANSWER

      Re: WS-Security

      ‏2011-09-30T15:36:27Z  in response to user2000
      Hi,
      Did you have a look at Web Services Security Policy http://en.wikipedia.org/wiki/WS-SecurityPolicy ? Usually this is used when describing web services protection.

      Regards,
      • user2000
        user2000
        3 Posts
        ACCEPTED ANSWER

        Re: WS-Security

        ‏2011-10-04T16:25:51Z  in response to SystemAdmin
        Yes, I've gotten the XSD for the oasis security into the project, used by the web service I'm requesting. But building the headers with these is problematic. For example getting the Password to be a sibling of the Username in the UsernameToken node I have not found a way in either the Map Variables or the Write XML with applying a number of string functions also. Where the UsernameToken has an 'any' node it doesn't appear in the mappable area or throws an error "One or more cannot contain data."
        • AnthonyinPortland
          AnthonyinPortland
          7 Posts
          ACCEPTED ANSWER

          Re: WS-Security

          ‏2011-11-09T00:08:49Z  in response to user2000
          I need to implement WS-Security as well, but I'm new to Cast Iron. I see that the security header is created with username and password and type attribute just using my WSDL, but it is not properly composing the header. I also don't see that WS-Security is mentioned in the WSDL, so I'm not entirely sure how it knows to add these in the first place (?)

          Is there a way within Cast Iron to tell the security header to set Must Understand attribute, Nonce, or Created nodes?

          In Java, I would use the wss4j library, but I don't have a good sense of how Cast Iron Studio is handling its web services under the covers.

          Any clues as to how to get this to work would be helpful. I'm sure it could be done manually somehow, but it would be nice to leverage pre-existing libraries.
          • SystemAdmin
            SystemAdmin
            1250 Posts
            ACCEPTED ANSWER

            Re: WS-Security

            ‏2011-11-09T08:23:46Z  in response to AnthonyinPortland
            Hi,

            WS-Security is not part of the WSDL since you need to use WS-Security Policy in order to add security mechanism to you Web Services WSDL (refer to WS-Security Policy standard).
            To add the Must Understand attribute, Nonce, or Created nodes, I would guess that a stylesheet would be easy to build.

            Regards,
            Magali
            • AnthonyinPortland
              AnthonyinPortland
              7 Posts
              ACCEPTED ANSWER

              Re: WS-Security

              ‏2011-11-18T19:12:21Z  in response to SystemAdmin
              I was actually able to get this working with the help of our consultant. I tried pulling in the OASIS schemas, but that didn't quite work, so we ended up using those as the basis for creating our own to drop in the XML Schemas directory.

              We created a SoapHeader (import OASIS Schemas and modify for Cast Iron format) and SoapHeader.meta file so that we had the WSS schema available in Cast Iron UI.

              From there we could use Map Variables to enter the Created and Nonce values using a custom JavaScript function and the other values could be defined using variables.

              We mapped the UsernameToken input from above to the the UsernameToken in the "To Activity" and now it's sending that correctly in the header.

              This feels like it's a hack for WSS, but it's working and reusable. Importing the OASIS schemas directly didn't work, but I think if I had more familiarity with Cast Iron, I may have been able to do it in a more standard fashion. It could just be how CI handles schema importation, but I'm not sure.
              • SystemAdmin
                SystemAdmin
                1250 Posts
                ACCEPTED ANSWER

                Re: WS-Security

                ‏2012-11-27T10:52:50Z  in response to AnthonyinPortland
                Hi,
                We have similar requirement to send WS-security authentication implementation in Castiron.
                Could you please help me out in this in downloading the oasis xsd etc.
                let me know if you need more info.
                thanks.
              • ekoehn
                ekoehn
                1 Post
                ACCEPTED ANSWER

                Re: WS-Security

                ‏2013-09-23T17:36:47Z  in response to AnthonyinPortland

                Hi,

                We also have similar requirements to pass a Security element in the soap header. In our case, even after tweaking the WSDL to explicitly declare the header definition (works in SoapUI), Cast Iron still does not show the definition and we are not able to substitute different types (other than simple types). See attached screen shot. AnthonyinPortland or others, would you be willing to share a WSDL example  that actually enables the {optional}header node in the Web Services Invoke Service (Map Inputs) so that it has a definition.

                Thanks,

                Eddie

                • peachy
                  peachy
                  57 Posts
                  ACCEPTED ANSWER

                  Re: WS-Security

                  ‏2013-09-24T15:45:50Z  in response to ekoehn

                  In Studio versions 6.1.0.9 and later, I see the headers (with structure for specifying the Security header).

                  Since there is a structure that can now be populated, it may be assigned values through any mapping construct. Also, since there is now an exposed node, it may be possible to send other header structures using copyof.

                  I am not sure if the headers node is structured for projects with Invoke Service activities that were created under earlier versions and then opened in a version that presents the Security header.

                   

                   

                  Attachments