WS Security in IS 6.5 - UsernameToken XSD needed

Hello,

I am looking to add a Username Token into the Soap message in IS 6.5 and I will be calling external webservice (SSL ) I know Webmethods WS Security is currenly not supported in WM 65. I am created a work around inorder to pass this block.

I am using addHeaderEntry service and I created a document then did XMLStringToDocument then DocumentToNode and passing that node to addHeaderEntry service. I also added nsDecls field in documentToXMLString service.
Below is my resulting XML I created

<wsse:Security
xmlns:wsse=“http://schemas.xmlsoap.org/ws/2002/07/secext”>
wsse:UsernameToken
wsse:UsernameUser1</wsse:Username>
wsse:PasswordPassw0rd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>

I am getting following error at addHeaderEntry service.

An error occurred while tracing
com.wm.app.b2b.server.ServiceException: [ISS.0088.9143] Invalid Header Entry. SOAP Header Entries must have a namespace name

Attached is my docuement created for the WS-Security block
I would like to know if my XSD is not correct , if so then how should I need to define it ,
of if any one sample XSD for the WS Security block.

Regards,
wmDoc.jpg

Here’s a sample token created by SoapUI 2.5.1

Clear text password (PasswordText)

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-4391369" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>testuser</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">passw0rd1</wsse:Password>
        <wsse:Nonce>MdwCUoMI/9a6QSZr+Heutg==</wsse:Nonce>
        <wsu:Created>2009-02-06T21:24:37.265Z</wsu:Created>
    </wsse:UsernameToken>
</wsse:Security>

Hashed password (PasswordDigest)

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-14296592" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>testuser</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">lZhfnJFTn/pAB5z9VgZyqjLGpr4=</wsse:Password>
        <wsse:Nonce>0IG8ZzeVuTffpY4iXG7TwA==</wsse:Nonce>
        <wsu:Created>2009-02-06T21:29:07.841Z</wsu:Created>
    </wsse:UsernameToken>
</wsse:Security>

  

You don’t really need the wsu:Id, the Nonce can be any unique base64-encoded value.

Mark

Thanks Mark !

I tried above(XML) inputs to xmlStringToXMLNode and given node input to addHeaderEntry still got the same Error
com.wm.app.b2b.server.ServiceException: [ISS.0088.9143] Invalid Header Entry. SOAP Header Entries must have a namespace name

I think I would need XSD or some thing to import that document type into WM, If there is no XSD then what would be alternative approach ?

Thanks Again.

Before you converted to did you specified nsDecls in the documentToXMLString step (to add namespace) into the xmldata??

HTH,
RMg

You did read the “sticky” posts in this forum didn’t you. There are good examples there.

Example doc type for WS-Security UsernameToken

Map step showing how nsDecls is to be populated

Thanks Carlson and Rmg!

Sorry I was not able to respond. As as work around I was able to create XML that attach that to SOAPHeader and that Works !!

<wsse:Security xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>
wsu:Timestamp/
<wsse:UsernameToken >
wsse:Username%auth/user%</wsse:Username>
<wsse:Password Type=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText”>%auth/pass%</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>

I am still trying to create webemthods document that has ‘Type’ attibute for password token. I know I can create XSD and import into webmethods. But Is there inbuilt webmethods tool to create such attibutes.

Have a closer look at the document type in this post. The “@wsse:Type” allows you to set the password type to one of the supported values described in the WS-Security spec.

M