We need to transform basic auth credentials into a WS-Security header. The front end of DataPower is sending us the request with basic auth, and we need to authenticate those credentials, then strip them off and add a Soap WS-Security header with the same credentials. Just need some guidance on how to accomplish this, and how to decrypt the hash from basic auth.
Pinned topic Transform Basic Auth creds into WS-Security header
ShyamSiddoji 270003VYR613 Posts
Re: Transform Basic Auth creds into WS-Security header2013-06-12T23:01:23ZThis is the accepted answer. This is the accepted answer.
the simple way to accomplish this by using AAA action.
Once Authentication and Authorization completes, you can select "Add WS-Security UsernameToken =ON" In post processing of AAA action.
So Basic auth credentials will be converted into WS - credentials for next action.
Re: Transform Basic Auth creds into WS-Security header2013-06-13T13:44:39ZThis is the accepted answer. This is the accepted answer.
So I am trying to test this. Not working. Maybe I am doing something wrong. I turn on the probe to see the steps. I can see the "basic hashtag" for basic auth. I click the next icon to see the next step if it addd the ws-security tag, and the message content is now "NULL". I can't see anything. I am sending a soap message via SoapUI.
EDIT: So it appears to always be NULL right after AAA. SO ignore that. I was able to see the message in the step after that! But, nothing was changed in the message. No soapheader with ws-security, or anything regarding ws-security added. And I verified that the "Add WS-security" was ON, and I changed DIGEST to TEXT.Updated on 2013-06-13T14:00:24Z at 2013-06-13T14:00:24Z by Chris.Z
Re: Transform Basic Auth creds into WS-Security header2013-06-17T19:56:57ZThis is the accepted answer. This is the accepted answer.
So we opened a PMR too, and they mentioned using AAA, but that it will not add the soapheader, u have to create an XSL file to do that. So instead, we just created an XSL file to do the whole thing. So for anyone who sees this topic, we convert Basic Auth HTTP header into WS-Security Soap header with this transformation file:<xsl:template match="/"><!--Capture the encoded user token:--><xsl:variable name="BasicAuth" select="dp:request-header('Authorization')"/><xsl:variable name="usertoken" select="substring-after($BasicAuth,'Basic ')"/><xsl:variable name="decodedvalue" select="dp:decode($usertoken, 'base-64')"/><xsl:variable name="username" select="substring-before($decodedvalue,':')"/><xsl:variable name="password" select="substring-after($decodedvalue,':')"/><dp:remove-http-request-header name="Authorization"/><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><wsse:Security soapenv:mustUnderstand="0"xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xsd="http://www.w3.org/2001/XMLSchema"xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken><wsse:Username><xsl:value-of select="$username" /></wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"><xsl:value-of select="$password" /></wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header><xsl:copy-of select="/soapenv:Envelope/soapenv:Body"/></soapenv:Envelope></xsl:template></xsl:stylesheet>