SoapUI WS-Security Token

kakridge picture kakridge · May 13, 2014 · Viewed 7.9k times · Source

I'd like to make a call against a web service that uses WS-Security with SoapUI. No luck so far with SoapUI tutorials. Would love any advice.

Answer

kakridge picture kakridge · May 15, 2014

Went back and reviewed SoapUI's documentation and did not have an issue the second time. Not sure what I missed. I think I probably missed the timestamp required by the web service.

In SoapUI, I added an Outgoing WS-Security Configuration, with name, username, password and I checked Must Understand.

I then had to add a Timestamp and Username WSS entry to the WSS configuration. THe timestamp was 10000 MS. The username entry had username, password, Add Nonce checked and Add Created checked. Password Type was set to PasswordText. I then went into the specific request and added a Basic Authorization (Auth tab at the bottom of request) and just selected Outgoing WSS as the name of the configuration I made. Some sample application (VB.NET) code looks like this:

Dim client As New clientService
client.Url = getUrl()
Dim userToken As New UsernameToken(Username, Password, Tokens.PasswordOption.SendPlainText)
Dim requestContext As SoapContext = client.RequestSoapContext
requestContext.Security.Timestamp.TtlInSeconds = 60
requestContext.Security.Tokens.Add(userToken)
client.fooBar()

I do not require signing, encryption, etc though, so needs will vary based on those options. I will note that I do call this service over SSL though.