locked
WSSE Header RRS feed

  • Question

  • We need to call a third party protected web service.

    We are given client certificate and service sertificate.

    We are also given SOAP project for testing, when we looked the request going thru SOAP UI below is the request.

    Please let me know how to generate the below mentioned SOAP WSSE header with SIgnature.

    Also let me know how to populate WSU:Id in Body section.


    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
       <soapenv:Header>
          <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
             <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-F19924B351E7FDE3231427269397851151">MIIEyjCCA7KgAwIBAgIQXodcM31m+Xe2HixCpvZlujANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHENvbW1vbndlYWx0aCBvZiBQZW5uc3lsdmFuaWExHzAdBgNVBAsTFkZPUiBURVNUIFBVUlBPU0VTIE9OTFkxNzA1BgNVBAMTLkNvbW1vbndlYWx0aCBvZiBQZW5uc3lsdmFuaWEgSk5FVCBURVNUIENBIC0gRzIwHhcNMTUwMTE2MDAwMDAwWhcNMTcwMTE1MjM1OTU5WjCB3jElMCMGA1UEChQcQ29tbW9ud2VhbHRoIG9mIFBlbm5zeWx2YW5pYTEoMCYGA1UECxQfUGVubnN5bHZhbmlhIEp1c3RpY2UgTmV0d29yayBHMjEpMCcGCgmSJomT8ixkAQEUGWFsbGVjb2tpZHMudGVzdHdlYnNlcnZpY2UxIjAgBgNVBAMTGWFsbGVjb2tpZHMgdGVzdHdlYnNlcnZpY2UxPDA6BgkqhkiG9w0BCQEWLWFsbGVjb2tpZHMudGVzdHdlYnNlcnZpY2VAam8uam5ldC5zdGF0ZS5wYS51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhTVEw0dk7kR+OX2Dzfg7yXyMBfp+bJSvlF6F9IVuiUimKEwr2BxJ+QSWsU89BCLCGBHCT6fMpipsU1fGH/4lU18RpQ1ljlFSRRmL7lg2+RQ66l/aZCAegdBOIO/TM8T7GoVHHTiIqyFpSsDO/TvAPM9oqsuabY9b+ogn/gr4xN8a8/SbkARUjVa+25vpwXwapg6iIaZkhF29+nwIT7Kqm6sEopG+siZ3OxFb0lg0EnF3gp0iQI5uL8ZF7YB54FXZqmsTnUPGThJuVy0nWwPMaswNAYRQahf5RvV18hLuY2YRneJoZ+q8b3yb+K2LnxZt23GgH1HojAkew/AOLYVYMCAwEAAaOB0TCBzjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vam5ldGNybC50ZXN0LmpuZXQuc3RhdGUucGEudXMvZzIvTGF0ZXN0Q1JMLmNybDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0dHA6Ly9waWxvdC1vY3NwLnZlcmlzaWduLmNvbTARBglghkgBhvhCAQEEBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQARVDfU/0oZzsmFcMj8UWrxRjNs662IGTXvVAF4CdT1VZDzLMRRxzBYAUzPQw8WfafVYKNBQLaUd/uXS/Xm01FHfPNDTlcKJ6S4aniXHSe1cS+qQN6PFBd6bvt8Rl9aSDH3au482OWjs1G1al6RCoVRLIl8lWAb+mNeFbG05mvM/VOkCl8O3uVPQN2kwX7EvtL/ELEDnogbyJ/2jS87M+0JX8+erooaM5kM/3iYRMXppzliCJupJ6SRUTLBpfB85UR1tqZ0FJxDbXdiJYcYsc+azDIvnF085iIXRBXvk12CB4QemCZclc0MzFDU29Er8QsCJzVLwD+LsKjLz8NJyFib</wsse:BinarySecurityToken>
             <ds:Signature Id="SIG-F19924B351E7FDE3231427269397852154" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                      <ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                   </ds:CanonicalizationMethod>
                   <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                   <ds:Reference URI="#TS-F19924B351E7FDE3231427269397844150">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="wsse soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>FkehLtly63/1daPDvdf/i4LnffE11=</ds:DigestValue>
                   </ds:Reference>
                   <ds:Reference URI="#id-F19924B351E7FDE3231427210891203138">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>P3LWA6EM4JU2WcQ7wF1wR254o4011=</ds:DigestValue>
                   </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>yDKYUGnrNup34WZD2wn1MaZ9M2kl+LqJ1y6Mp+oczQR08XJOhM7wXMfkdisKKAGC+dlzxrYLtolw
    nfJmQ2+ISyZesrUMaGz8fGUjR/H1ehSvVxAYG/WBmk+r5LAlucUdZDLJ/yMST1X/dHr7ioHSTe+s
    sbblTC9sHPUMKhqFWEfCFv8opXzAvDqbCPScePq2xgMkALySi4YEEb0HilJ1o67BA6k3rS+/Ss3Bdd
    H5C/9xjYvMgbppRMgeucWoLDnvI54sJ5s3KEuUP2kSt8FaD4H6n/cT+XLbOx+7WlCnZzQltFBqji
    nktFOi5KomsxQnTirol5KtcFop0KM1GA13vWIg==</ds:SignatureValue>
                <ds:KeyInfo Id="KI-F19924B351E7FDE3231427269397851152">
                   <wsse:SecurityTokenReference wsu:Id="STR-F19924B351E7FDE3231427269397851153">
                      <wsse:Reference URI="#X509-F19924B351E7FDE3231427269397851151" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                   </wsse:SecurityTokenReference>
                </ds:KeyInfo>
             </ds:Signature>
             <wsu:Timestamp wsu:Id="TS-F19924B351E7FDE3231427269397844150">
                <wsu:Created>2015-03-25T07:43:17.844Z</wsu:Created>
                <wsu:Expires>2015-03-25T16:03:17.844Z</wsu:Expires>
             </wsu:Timestamp>
          </wsse:Security>
       </soapenv:Header>
       <soapenv:Body wsu:Id="id-F19924B351E7FDE3231427210891203138" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        </soapenv:Body>
    </soapenv:Envelope>

    • Edited by Nagesh P Wednesday, March 25, 2015 8:19 AM
    Wednesday, March 25, 2015 8:16 AM

All replies

  • Hi Nagesh,

    You can write a custom pipeline component for this and add custom header to the SOAP header and promote.

    Refer: Adding WSS security header for SOAP message

    You can refer to the discussion below:

    WSSE security header in WCF client request

    add wsee:security header to WCF client request

    Rachit


    Please mark as answer or vote as helpful if my reply does


    Monday, March 30, 2015 5:34 PM
    Moderator
  • As per my understanding you should be able to consume it simply using "Consume WCF Service", this will generate schemas, binding files and one orchestration file.

    Later you can use the binding file for configuring your request response port by importing in admin console.

    By using schemas generated you should be able to create request response. Give it a try and let us know if you face any specific issue.


    Thanks,
    Prashant
    ----------------------------------------
    Please mark this post accordingly if it answers your query or is helpful.

    Monday, March 30, 2015 5:42 PM
  • It is not generating WSSE header in SOAP Header
    Saturday, April 4, 2015 3:47 AM
  • Hi Nagesh

    Can you please provide the SOAP message being generated if you use the Adapter generated artifacts?

    Thanks

    Arindam

    Saturday, April 4, 2015 5:57 AM
    Moderator
  • We are bale to test in .NET wcf service.

    ProtectionLevel.Sign is adding WSSE signature to SOAP header.

    Any thoughts on how to implement in BizTalk?

    Saturday, April 4, 2015 6:26 AM
  • It is not showing wsse header in soap eader
    Saturday, April 4, 2015 7:03 AM