on 03-29-2016 12:43 PM
Hello experts,
We are using PI7.4 dual stack system. I have an IDoc to Webservice scenario where receiver expects Soap message in following format -
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<env:Header>
<wsse:Security env:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>{UserName}</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">{Password}</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
<env:Body>
I read many threads and discussions on SCN about WSSE, but some things are not clear to me -
1. Does SOAP adapter in PI7.4 supports wsse with user name token?
2. I selected security profile as 'Webservice security' in the channel and getting required security OASIS standard by default in the receiver aggreement. However, security procedure does not have user credentials options in agreement. It shows only 'None' , 'Sign', 'Encrypt' and 'Sign and Encrypt' options. If I select 'None' here and give user credentials in receiver channel, will that work? Is this the right way?
3. If above things don't work then Do I need to use Axis adapter setup with PI7.4 to achieve this ? If yes, please provide some blogs/ documents on Axis adapter configuration.
4. Is it possible to add additional modules like XMLAnonimyzer bean to axis adapter, as I need to change the namespace prefix in the output xml.
4. Is there any other way of configuring WSSE with user token in PI7.4 like XSLT/JAVA mapping?
Any clarification on these will be really helpful.
Thanks in advance.
Minal
Marking this as answered. As of now we have decided to go ahead with Java mapping to get the necessary WSSE details in output.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Praveen
As per the blog on AddSOAPHeaderBean module, output can be produced in below format.
<SOAP:Header>
<ns0:authenticationHdr xmlns:ns0='http://customheader.com'>
<UserName>Praveen Gujjeti</UserName>
<Password>passwordNotExposedinID</Password>
</ns0:authenticationHdr>
</SOAP:Header>
However, my requirement is to create header with some additional parameters like below -
<wsse:Security env:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">{Password}</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
How can I add these with the module ?
I tried the option on additional mapping with 'Do Not use Soap Envelope' option checked in channel. But getting Http 500 Internal server error from webservice.
Thanks
Minal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Minal,
This XSLT gave me exact result what you are looking for, if this does not work first test your web service in soap ui and see what is exact problem.
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<soap:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<soap:Header>
<wsse:Security soap:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>User</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<xsl:copy-of select="*"/>
</soap:Body>
</soap:Envelope>
</xsl:template>
</xsl:stylesheet>
Regards,
Praveen.
Hello Minal
You only need to define a namespace like
<wsse:Security env:mustUnderstand="1" xmlns:wsse="http://yourNmeSpace.com">
<wsse:UsernameToken>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">{Password}</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Thanks a lot Juan and Praveen for the information.
@Juan,
Can I use XMLAnonymizer bean after AddSOAPHeaderBean, as the namespace prefixes are different in the required output.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Minal,
Normal soap adapter does not support wsse token, you need to use soap with axis adapter to set this wsse token, you can refer this blog for how to set using axis adapter
or
Use below XSLT mapping after your message mapping.
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<soap:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>User</wsse:Username>
<wsse:Password>Password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<xsl:copy-of select="*"/>
</soap:Body>
</soap:Envelope>
</xsl:template>
</xsl:stylesheet>
Enable Do Not Use SOAP Envelope in soap receiver adapter
Regards,
Praveen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Minal
You can use this adapter module AF_Modules/AddSOAPHeaderBean, this way is easy
See this blog
http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/11/22/addsoapheaderbean-module
Regards
Juan
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.