Forum Discussion

cube00's avatar
cube00
New Contributor
12 years ago

Changing the SoapUI 4.5 BinarySecurityToken ValueType

How do you get soapUI 4.5 to send a binary X509 security token as ValueType #X509v3. Currently it is sending as ValueType #X509PKIPathv1.

Both types are in the same spec document (p. 8 ) so I assume there must be a way to switch between them.

For example

<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1">


should become

<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
  • nmrao's avatar
    nmrao
    Champion Level 3
    Just curious in case if you tried setting the soap header in the request itself with the required value and whether it worked?
  • cube00's avatar
    cube00
    New Contributor
    Hi Rao,

    One way I tried was to right click on the SOAP request and select Outgoing WSS > Apply. I then tried to change the SOAP code as you suggested but the actual SOAP sent in the "http log" is shows SoapUI just forcing the value back to X509PKIPathv1. Was there another way I should try to make this change?
  • nmrao's avatar
    nmrao
    Champion Level 3
    Ok. Saw some other case related to Must Understand property by one of our community member where it is not allowing to change with intended value. Looks this similar as both are under WS Security.


    Do not have much inputs at the moment.

    Please see if changing namespace as given below example helps? Looks you are using different namespace

    Note :xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext"

    Sample from http://schemas.xmlsoap.org/specs/ws-sec ... curity.htm
    <?xml version="1.0" encoding="utf-8"?>
    <S:Envelope xmlns:S="http://www.w3.org/2001/12/soap-envelope"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext"
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
    <S:Header>
    <m:path xmlns:m="http://schemas.xmlsoap.org/rp">
    <m:action>http://fabrikam123.com/getQuote</m:action>
    <m:to>http://fabrikam123.com/stocks</m:to>
    <m:from>mailto:johnsmith@fabrikam123.com</m:from>
    <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>
    </m:path>
    <wsse:Security>
    <wsse:BinarySecurityToken
    ValueType="wsse:X509v3"
    EncodingType="wsse:Base64Binary"
    Id="X509Token">
    MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i...
    </wsse:BinarySecurityToken>
    <ds:Signature>
    <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm=
    "http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm=
    "http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <ds:Reference>
    <ds:Transforms>
    <ds:Transform Algorithm=
    "http://...#RoutingTransform"/>
    <ds:Transform Algorithm=
    "http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </ds:Transforms>
    <ds:DigestMethod Algorithm=
    "http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>EULddytSo1...</ds:DigestValue>
    </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>
    BL8jdfToEb1l/vXcMZNNjPOV...
    </ds:SignatureValue>
    <ds:KeyInfo>
    <wsse:SecurityTokenReference>
    <wsse:Reference URI="#X509Token"/>
    </wsse:SecurityTokenReference>
    </ds:KeyInfo>
    </ds:Signature>
    </wsse:Security>
    </S:Header>
    <S:Body>
    <tru:StockSymbol xmlns:tru="http://fabrikam123.com/payloads">
    QQQ
    </tru:StockSymbol>
    </S:Body>
    </S:Envelope>
  • cube00's avatar
    cube00
    New Contributor
    Hi Rao,

    Turned 'must understand' off and changed the name space and now looks like (based on the http log) SoapUI is sending two sets of wsse:Security tags. Same error on the server side that it doesn't accept X509PKIPathv1

    Thanks.
  • nmrao's avatar
    nmrao
    Champion Level 3
    Hmm..do not have much input as one may does not seem to have control over it.
  • cube00's avatar
    cube00
    New Contributor
    Thanks anyway for your help Rao. Looks like it's time to start saving up for a pro licence to get access to support. Shame they don't offer per incident pricing.