SOAP request with username and password authentication in SoapUI

1
votes

I am trying to make a SOAP request in SoapUI, which needs authentication with username and password. I let SoapUI generate a test based on a wsdl file and try to call the service. I followed the steps on the SoapUI website to use authentication(https://www.soapui.org/soap-and-wsdl/authenticating-soap-requests.html), but I can't get it to work. I am new to SOAP, so I'm probably missing something basic. I got a username and a password for the service, so I'm guessing this is a basic authentication. But when I try to make a request, I always get a PolicyViolationException, which states that "Required policies have not been provided: {http://docs.oasis-open.org/ns/opencsa/sca/200912}clientAuthentication".

Here is, how the request and answer look like (I obscured the service link and changed the username). I also added the user into my project and WS-Security settings.

SoapUI request and response

Project setting

I tried Pre-emptive authentication and "Must Understand". I also tried to change the request Header and add the security manually, but nothing seems to work and I always get the same response.

Edited Header manually

1
soapsoapuiws-security
Either in wsdl or in documentation the service provider must have provided the information, what type of authentication mechanism is required to call the given service.Red Boy
In the wsdl I can only find definitions for the body and in the documentation there it says that the header needs a UsernameToken with Username and Password fields. There are also example queries, which looks like on my last picture.mKay
OK, then most probably they need WSSecurity only.Red Boy
And that means what? As I said I am new to SOAP and SoapUI. So how should I be able to send a request? Which settings do I need or should I be able to send a request without any settings and just manually changing the rewuest with username and password?mKay

1 Answers

0
votes

I can't add comment yet so I'm writing as answer. To me it seems like some namespaces missing. Try to make request as follows by changing nonce, created fields. sample-token can be anything you want. If the service that you're trying to call wants password as plain text then namespace in the code sample will be enough. Also I suggest you to check documentation in this link.

<soap:Header>
    <Security
        xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken wsu:Id="sample-token"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>user</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
            <wsse:Nonce>some-base64</wsse:Nonce>
            <wsu:Created>yyyy-MM-ddThh:mm:ssZ</wsu:Created>
        </wsse:UsernameToken>
    </Security>
</soap:Header>