IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

WSSE Policy Example for usernameToken

  • 1.  WSSE Policy Example for usernameToken

    Posted Sat October 26, 2013 06:06 PM

    Hello

    I found http://tech.forums.softwareag.com/techjforum/rss/topicPosts/32342.page an example which we extend for using it for WS Security Username Tokens only.

    Our requirement was to implement it for the web service provided by Austrian Government https://www.erb.gv.at/index.jsp?p=info_channel_ws.

    Find attached the implementation of the policies file which we use.
    You can simply upload the file Username_Token_Only.policy to IS_HOME/config/wss/policies

    IS will load the policy with following confirmation:
    [ISS.0141.0106I] Updated WS-Policy file Username_Token_Only.policy with policy ID UsernameTokenOnly.

    Refresh your IS Connection on Designer to find it in the Policies Tab. Add it and define auth/message/user and auth/message/pass. This params will be used as wsse:Username and wsse:Password

    The outcome will be like following:

    Check more detail in 8-2-SP1_Web_Services_Developers_Guide.pdf

    Username_Token_Only.zip (585 Bytes)


    #webMethods
    #Integration-Server-and-ESB


  • 2.  RE: WSSE Policy Example for usernameToken

    Posted Wed January 13, 2016 12:00 PM

    Thanks Josef for posting the example. You pointed me in the right direction.

    However, I could not import the policy and it took me some time to figure it out as the policy files are pretty new to me. Then I modify existing policy Username_Signature.policy and remove all other stuff ale kept only the SignedSupportingTokens section and changed ID and name and I was able to import it and now I am finally able to invoke my webservice :lol:

    Your typo in the policy file was

    wspolicy

    instead of

    <wsp:Policy>

    .

    Here is my policy file. Hope it helps and saves some time other developers dealing with the WS madness :wink:

    
<wsp:Policy wsu:Id="Username_Token" Name="Username and Token"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

<wsp:ExactlyOne>
<wsp:All>

<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>

</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

    #webMethods
    #Integration-Server-and-ESB


  • 3.  RE: WSSE Policy Example for usernameToken

    Posted Fri October 18, 2019 03:44 AM

    Hi experts!

    I need a policy that returns me this:
    "
    soapenv:Header
    <wsse:Security soapenv:mustUnderstand=“0” xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>
    <wsse:UsernameToken wsu:Id=“UsernameToken-1”>
    wsse:UsernameAdminhpexstream</wsse:Username>
    <wsse:Password Type=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText”>Oasis2030!</wsse:Password>
    <wsse:Nonce EncodingType=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>9XbhOoet06M5XXD83sgM7Q==</wsse:Nonce>
    wsu:Created2015-07-21T08:23:30.207Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header> "

    Can you point me in the right direction??

    thanks in advance!!!


    #Integration-Server-and-ESB
    #webMethods


Related Content