SOAP webservices using WS-Security
Miguel Garcia
miguel.garcia at roig.com
Fri Apr 8 19:17:38 UTC 2022
Dear All.
We have to build an application through OMNIS to send information to the
Regional Administration. We have to comunicate the information through
SOAP webservices using WS-Security based on a certificate.
We know how to use a SOAP webservice building a "Web Service Object"
using the WIZARD tool. But in this case then WIZARD only allows HTTP
basic authentication.
Also we now how to use SOAP webservice building the xml message and
sending it via HTTP POST method.
We have tested the service importing de WSDL file into SOAPUI and we
know what the content of de xml message should be. But we don't know how
to get the DigestValue or the Signature value.
We have tried to apply SHA-1 to the reference that we have to sign
encode it to base64 but the DigestValue is not correct.
Its possible build this in OMNIS?
Some ideas?
Best Regards
PD :
Example of the message send by SOAPUI :
<?xml version="1.0"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:vtc="http://mfom.com/vtc">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-. . . . . . PUBLIC PART OF THE CERTIFICATE
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-B824CA2BDE6ED7965D164924150564746">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv
vtc"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#id-B824CA2BDE6ED7965D164924150559745">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="vtc"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>4QUunSZKyMcVC0pVu/wtX60wL78=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NsqRHa6XuRsfYJ+clfWJPMlFTEC2Cx7yv0HDmGoEkZM9r9LGnqEjzWVUxlBnptYWRwJvuZAyH4PQ
4hBu8XbZc6/rWL1urU0x4ygJdsriRdNLRconHErAb84ljzyd8g0K4dI/wJTlMqZoOW4YrfVMaWW3
DW0+64X+siH2bssMhODJKU8k5AJ2G4egvxsv0rK4WzSIpTrkAiOCud+3QI0Cb0ZMVbJ7hGtxxds1
2jUyDojGYGfU9LjulnR/j6LPghnA1M3EkHK6fpPGosmK8zWNw9bJ1mOxCJvxx3NrvWRTPx/9x3Q9
DPypeNbWX8VWsRLavZxbpY+DxgvlSKrhV9Ey/w==</ds:SignatureValue>
<ds:KeyInfo Id="KI-B824CA2BDE6ED7965D164924150559643">
<wsse:SecurityTokenReference
wsu:Id="STR-B824CA2BDE6ED7965D164924150559644">
<wsse:Reference
URI="#X509-B824CA2BDE6ED7965D164924150559642"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-B824CA2BDE6ED7965D164924150559745">
<vtc:qconsultavtc>
<header fecha="2022-04-05T20:00:00" version="1.0"
versionsender="1.0"/>
<body>
<vtcconsulta idservicio="253000"/>
</body>
</vtc:qconsultavtc>
</soapenv:Body>
</soapenv:Envelope>
We have applied SHA1 to soapenv:Body section and after encode the result
in to base64 but the result is not a correct digest.
--
*Miguel Garcia Segui
DPTO Informatica
971 65 71 73 Ext. 2044*
More information about the omnisdev-en
mailing list