IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

WS Security in IS 6.5 - UsernameToken

  • 1.  WS Security in IS 6.5 - UsernameToken

    Posted Thu February 05, 2009 08:37 PM

    Hi,

    I am looking to add the UsernameToken header into a soap message that I will be posting to an external service. I am currently using IS 6.5. I understand that I need to use the addHeaderEntry service, but it is looking for a XML node that is namespaced. Is there some type of sample xsd for the Security element that I can bring in and use? Currently I have created a document with the root node “Security” and a complex type of “UsernameToken” This complex type contains “Username” and “Password” elements. Would I create this document and then convert it to an XML node and use that as the input to addHeaderEntry?

    Any advice regarding wM best practices for implementing WS security in 6.5 would be great!
    Thanks,
    Sara


    #webMethods
    #soa
    #API-Management


  • 2.  RE: WS Security in IS 6.5 - UsernameToken

    Posted Thu February 05, 2009 08:58 PM

    I believe WS-Security facility not supported in IS6.5. But it will be supported on 7.1 and above.

    [URL]https://advantage.webmethods.com/advantage?targChanId=kb_home&oid=1614316489[/URL]

    HTH,
    RMG


    #webMethods
    #API-Management
    #soa


  • 3.  RE: WS Security in IS 6.5 - UsernameToken

    Posted Fri February 06, 2009 04:00 PM

    Because a WS-Security token is just an XML document stored inside the header of a soap message, you can easily support this in IS versions prior to 7.1.

    Build a utility service to return a soap envelope containing a ws-security token or simply to return a valid token as an IS node or XML string.

    1. Design a document type that matches the WS-Security token you need to include (start with username token since its simple).
    2. Use a map step to populate the variables in a doc type (typically username, password, creation timestamp and nonce)
    3. If needed, Add code to create the password digest using the very specific algorithm called out in the WS-Security Basic Profile documentation (typically involves base64-encoding and creation of a sha-1 digest)
    4. Convert the doc type instance to an XML string taking care to use namespace prefixes associated with the correct namespaces in nsDecls parameter
    5. Convert the XML string to a node
    6. Add the node to your soap request header using the built-in service for this

    A tool like SoapUI will auto-magically add a variety of ws-security tokens to test cases giving you a good example to follow. Download the free version of SoapUI 2.5 and read up on the help for WS-Security outbound configurations.

    Mark


    #webMethods
    #API-Management
    #soa


Related Content