• 3 replies
  • Latest Post - ‏2013-06-17T19:56:57Z by Chris.Z
56 Posts

Pinned topic Transform Basic Auth creds into WS-Security header

‏2013-06-12T18:44:55Z |
We need to transform basic auth credentials into a WS-Security header. The front end of DataPower is sending us the request with basic auth,  and we need to authenticate those credentials, then strip them off and add a Soap WS-Security header with the same credentials.  Just need some guidance on how to accomplish this, and how to decrypt the hash    
from basic auth. 
  • ShyamSiddoji
    13 Posts

    Re: Transform Basic Auth creds into WS-Security header


    Hi Chris,

    the simple way to accomplish this by using AAA action.

    Once Authentication and Authorization completes, you can select "Add WS-Security UsernameToken =ON" In post processing  of AAA action.

    So Basic auth credentials will be converted into WS - credentials for next action.




  • Chris.Z
    56 Posts

    Re: Transform Basic Auth creds into WS-Security header


    So I am trying to test this.  Not working.  Maybe I am doing something wrong.  I turn on the probe to see the steps.  I can see the "basic hashtag" for basic auth.  I click the next icon to see the next step if it addd the ws-security tag, and the message content is now "NULL".  I can't see anything.  I am sending a soap message via SoapUI.

    EDIT:  So it appears to always be NULL right after AAA.  SO ignore that.  I was able to see the message in the step after that!  But, nothing was changed in the message.  No soapheader with ws-security, or anything regarding ws-security added.  And I verified that the "Add WS-security" was ON, and I changed DIGEST to TEXT.

    Updated on 2013-06-13T14:00:24Z at 2013-06-13T14:00:24Z by Chris.Z
  • Chris.Z
    56 Posts

    Re: Transform Basic Auth creds into WS-Security header


    So we opened a PMR too, and they mentioned using AAA, but that it will not add the soapheader, u have to create an XSL file to do that.  So instead, we just created an XSL file to do the whole thing.  So for anyone who sees this topic, we convert Basic Auth HTTP header into WS-Security Soap header with this transformation file:

    <xsl:template match="/">
    <!--Capture the encoded user token:-->
    <xsl:variable name="BasicAuth" select="dp:request-header('Authorization')"/>
            <xsl:variable name="usertoken" select="substring-after($BasicAuth,'Basic ')"/>
            <xsl:variable name="decodedvalue" select="dp:decode($usertoken, 'base-64')"/>
            <xsl:variable name="username" select="substring-before($decodedvalue,':')"/>
            <xsl:variable name="password" select="substring-after($decodedvalue,':')"/>
    <dp:remove-http-request-header name="Authorization"/>
     <soapenv:Envelope xmlns:soapenv="">
          <wsse:Security soapenv:mustUnderstand="0"
                   <xsl:value-of select="$username" />
                <wsse:Password Type="">
                   <xsl:value-of select="$password" />
       <xsl:copy-of select="/soapenv:Envelope/soapenv:Body"/>