SoapUI and Security #6

Now the request message has to be configured.

Open the request in question and go to the Aut tab. This is shown when you view the XML.

Authorisation Type
Global HTTP Settings is the one i went for.

Username, Password, Domain
You know these already!

Outgoing WSS, Incoming WSS
Select the Outging WSS you created some time ago.

SoapUI and Security #6

SoapUI and Security #5

For now the last one. It is about Timestamp.

Time To Live
Fill in the length the request is valid. 60000 should be more than enough.

Millisecond Precision
If you must.

That is it for now. I am stuck and cannot sent request to the webservice. If I have found anything I will share it. But first I need my weekend!

SoapUI and Security #5

SoapUI and Security #4

A section about Encryption.

Keystore, Alias, Password
Just like the previos step. Select the Keystore, with the keystore name and the password you entered when creating the Keystore.

Key Identifier Type
I choose the Thumbprint SHA1 Identifier.

Embedded Key Name, Embedded Key Password
You may leave as you found them, empty!

Symmetric Encodig Algorithm
Select the one with aes256 at the end.

Key Encryption Algorithm
For me the rs-oaep-mgf1p was the choice of the day.

Create Encryption Key
Select it or enable it. Just the way you like it.

Now something interesting. It depends on what de webservice expects. My request, yours probably too, exists of two parts, a header and a body. It is SOAP ofcourse. The header is encoded for some reason, it contains a unique message ID. So press that + button and fill in the 4 fields. In my request no HTML ID parameter is given, so this one stay empty. The name is filled with the elements name the specified Namespace is entered next. Encoding is done of the complete Element and not the Content.

SoapUI and Security #4

SoapUI and Security #3

This section is for the Signature settings.

Keystore, Alias, Password
Here select the Keystore, with the keystore name and the password you entered when creating the Keystore.

Key Identifier Type
Several options are listed here, choose wisely! But for now we will use X509 Certificate. For reminder, I have not succeeded to sent a request successfully to the webserver. If I do someday, this message will be removed.

Signature Algorithm, Signature Canonicalization, Digest Algorithm
Leave them in their state.

Use Single Certificate
Not selected

The element in the header is signed. Here the Name is mentioned with the related Namespace. Also the Element is encoded not the content.

SoapUI and Security #3

SoapUI and Security #2

In the previous message I tried to setup a keystore. Now I will try to configure SoapUI.

First I am going to connect the Keystore to SoapUI. After the properties of the project are openend, go to the Keystore tab, which is located under the WS-Security Configurations tab. It should look like below, but without the keystore ofcourse:

Keystore settings

Press the + in the top left corner and go to the location where your keystore is saved. Select the keystore and enter your password. The status should be OK, like on the screenshot above.

Second is to attach the certificate to SoapUI. You can do this in the preferences. Open the SSL Settings and browse to the certificate. Enter a password if needed. Press Ok and restart SoapUI. The restart was nescessary in older versions of SoapUI, I think it is better to do this here too.

For this open the Project Properties page again in SoapUI. Open the WS-Security Configurations tab and go to the Outgoing tab.

Now press the + button to add an Outgoing configuration. You may choose a name of your liking.

In this 3 items have to be added, Signature, Encryption and Timestamp. These will are explained in the following posts.

SoapUI and Security #2

SoapUI and Security #1

While I am trying to figure out how to connect to a Webserver, I will list my findings here. For me this is the first time, it is done in the way mentioned later. That means there will be mistakes in the stuff shown here. So if anyone reads this and has some suggestions for improvement, please let me know!!!

The Webserver has double security. First is to gain access with a X.509 certificate. Second is the use of WSS with Kerberos to encrypt parts of the message sent.

Setting up

The first thing was to create a Keystore. I have exported the Certificate from the webservice using Firefox. Followed the steps mention in the reference and created the keystore with following commands:

keytool -genkeypair -keyalg RSA -alias [MyKeyStoreName] -keystore [MyKeyStore] -storepass [MyPassword] -keysize 2048

keytool -import -alias [MyCertificateName] -file [MyCertificate] -keystore [MyKeyStore]

SoapUI and Security #1