WSSE Policy Example for usernameToken

Josef_Schachinger · October 26, 2013, 10:05pm

Hello

I found http://tech.forums.softwareag.com/techjforum/rss/topicPosts/32342.page an example which we extend for using it for WS Security Username Tokens only.

Our requirement was to implement it for the web service provided by Austrian Government https://www.erb.gv.at/index.jsp?p=info_channel_ws.

Find attached the implementation of the policies file which we use.
You can simply upload the file Username_Token_Only.policy to IS_HOME/config/wss/policies

IS will load the policy with following confirmation:
[ISS.0141.0106I] Updated WS-Policy file Username_Token_Only.policy with policy ID UsernameTokenOnly.

Refresh your IS Connection on Designer to find it in the Policies Tab. Add it and define auth/message/user and auth/message/pass. This params will be used as wsse:Username and wsse:Password

The outcome will be like following:

Check more detail in 8-2-SP1_Web_Services_Developers_Guide.pdf

Username_Token_Only.zip (585 Bytes)

Stanislav_Tvaruzek · January 13, 2016, 5:00pm

Thanks Josef for posting the example. You pointed me in the right direction.

However, I could not import the policy and it took me some time to figure it out as the policy files are pretty new to me. Then I modify existing policy Username_Signature.policy and remove all other stuff ale kept only the SignedSupportingTokens section and changed ID and name and I was able to import it and now I am finally able to invoke my webservice :lol:

Your typo in the policy file was

wspolicy

instead of

<wsp:Policy>

.

Here is my policy file. Hope it helps and saves some time other developers dealing with the WS madness


<wsp:Policy wsu:Id="Username_Token" Name="Username and Token"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

  <wsp:ExactlyOne>
    <wsp:All>

      <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:Policy>
          <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
        </wsp:Policy>
      </sp:SignedSupportingTokens>

    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

zeuvak · October 18, 2019, 7:44am

Hi experts!

I need a policy that returns me this:
"
soapenv:Header
<wsse:Security soapenv:mustUnderstand=“0” xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>
<wsse:UsernameToken wsu:Id=“UsernameToken-1”>
wsse:UsernameAdminhpexstream</wsse:Username>
<wsse:Password Type=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText”>Oasis2030!</wsse:Password>
<wsse:Nonce EncodingType=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>9XbhOoet06M5XXD83sgM7Q==</wsse:Nonce>
wsu:Created2015-07-21T08:23:30.207Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header> "

Can you point me in the right direction??

thanks in advance!!!