cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAP Axis Sender adapter using WSSE username token and password for authentication

Go to solution
Former Member

on ‎08-29-2016 2:13 PM

0 Kudos

Hi All,

We have a scenario where third party can send the PI credentials (for authentication purpose) in SOAP header only and therefore we are using SOAP Axis adapter and have asked third party to send credentials in wsse tag in SOAP Header.

We have configured the SOAP Axis sender channel as mentioned in below blog:


After setting up the channel in PI, we tried to test the below SOAP payload using SOAP UI, but it failed to authenticate, if we do not provide username & Password in SOAP UI property parameters but if we provide the PI system credentials in SOAP UI Property parameters, request gets successfully processed and if we look at the Raw data in SOAP UI, we see it still does the basic authentication.


We have couple of queries here: a) SOAP UI does not process the request without basic authentication?

                                                b) Passing the system credentials in SOAP Header in wsse tag can allow SOAP request to authenticate and

                                                   process the message in PI using SOAP Axis?




<soapenv:Envelope xmlns:a="http://O.com/a/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">


<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">


<wsse:UsernameToken wsu:Id="UsernameToken-43D654B0670E95574414724695219612">


<wsse:Username>******</wsse:Username>


<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">*****</wsse:Password>


<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">9UYRW12******</wsse:Nonce>


<wsu:Created>2016-08-29T11:18:41.961Z</wsu:Created>


</wsse:UsernameToken>


</wsse:Security>


</soapenv:Header>


   <soapenv:Body>


      <a:SAP_Execute_Input>


         <a:CustomHeaderContext>

Audit log for successful message:

Thanks for your response.

Regards,

AJ

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member204100
Active Participant
‎08-31-2016 12:28 PM
0 Kudos

Hi AJ,

to your questions:

a) everything depends on the axis servlet's settings in NWA on the PI side.You will need to setup the login stack you require which will be evaluated each time a request message comes to PI.

Since you are going to use UsernamToken authentication, please read the point 31 from Sender Adapter General section of the AXIS FAQ note:

1039369

b) to this please also read the points 32 and 33 from this note.

As you can see there it is possible to

"retrieve the user credential from the message (i.e., either from the HTTP Authorization header or the WS-Security SOAP header, respectively) and set it to the message context"

Best Regards,

Viktor

Show replies
Show replies
Former Member
‎09-07-2016 9:05 AM
0 Kudos

Thanks Victor!!

Removing BasicAuthentocationLoginModule and adding WSSE Username token worked perfectly fine.

Regards,

AJ

Answers (0)

Ask a Question