Username token policy with webService provider

Ram_Pachipulusu · April 27, 2016, 6:39pm

Hi Al,

I am trying to do a poc on webServices along with policies. My need is create a webService provider, add a
username token policy to it, share the WSDL to the consumer to enforce to follow the policy. I am using wM9.7 version

Created a simple flow service, created a webService provider to it and placed the ( policy file ) at
\IntegrationServer\instances\default\config\wss\policies location.
After this, opened the provider WSD in designer, clicked on policies tab, right click and selected the username token policy.

When I observed WSDL URL, I can see wp:Policy section but when I tried to consume the same in Soap, I didn’t see any sort of security related enforcement.

Below is the policy which I did use:

Username_Token.policy

<wsp:Policy wsu:Id=“Username_token” Name=“Username_token”
xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”
xmlns:wsp=“Web Services Policy Framework (WS-Policy) and Web Services Policy Attachment (WS-PolicyAttachment)”>

wsp:ExactlyOne
wsp:All
<sp:SignedSupportingTokens xmlns:sp=“Web Services Security Policy Language (WS-SecurityPolicy)”>
wsp:Policy
<sp:UsernameToken sp:IncludeToken=“WS-SecurityPolicy Token Inclusion Mechanism”>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

Please help me what did I miss ?

Thanks for your time and support.

Thanks,
RP

Tong_Wang · April 27, 2016, 10:08pm

As in consumer WSD, you also need to explicitly assign policy under the policies tab.
It won’t pick up the policy from WSDL directly.

I guess they don’t want to just support any policy coming from other systems that are embedded in the WSDL file.
HTH,

MR_as173d · April 29, 2016, 1:19pm

Yes, as part of SOAP tool as well, option exist to make to “Add WSS username token”, better try in that way.

Thanks,

Ram_Pachipulusu · April 30, 2016, 8:33am

Thank you both, I tried and its working.

Thanks,
RP

Himanshu_Nanda · May 19, 2017, 4:11pm

I added policy in consumer wsdl and provided the credentials in message level. But still i am getting below error.
Integration broker response
status code-20
MessageID -535
Meesage- user Password required for service operation

below policy file i have put in the server.

<wsp:Policy wsu:Id=“UsernameTokenSecurityPolicyPasswordRequired” Name=“Username token required”
xmlns:wsp=“Web Services Policy Framework (WS-Policy) and Web Services Policy Attachment (WS-PolicyAttachment)”
xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>
wsp:ExactlyOne
wsp:All
<wsse:SecurityToken wsp:Usage=“wsp:Required” xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”>
wsse:TokenTypewsse:UserNameToken</wsse:TokenType>

</wsse:SecurityToken>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

Please help ASAP.