AW: SOAP webservices using WS-Security

Rudolf Bargholz rudolf at
Sat Apr 9 06:44:51 UTC 2022

Hi Miguel,

I would use soapui ( to generate the request and test the response. When you get everything working in SoapUI you can view the raw HTTP request and responses inside of SoapUI to determine what exactly needs to be done in Omnis. If this is then not easy in Omnis you can use cURL to send the request, and call cURL from Omnis. Using this workflow you can test outside of Omnis in a tool where you know for sure that it supports WS-Security based on a certificate, and then reverse engineer in Omnis.


Rudolf Bargholz

-----Ursprüngliche Nachricht-----
Von: omnisdev-en <omnisdev-en-bounces at> Im Auftrag von Miguel Garcia
Gesendet: Freitag, 8. April 2022 21:18
An: OmnisDev List - English <omnisdev-en at>
Betreff: SOAP webservices using WS-Security

Dear All.

We have to build an application through OMNIS to send information to the Regional Administration. We have to comunicate the information through SOAP webservices using WS-Security based on a certificate.

We know how to use a SOAP webservice building a "Web Service Object" 
using the WIZARD tool. But in this case then WIZARD only allows HTTP basic authentication.

Also we now how to use SOAP webservice building the xml message and sending it via HTTP POST method.

We have tested the service importing de WSDL file into SOAPUI and we know what the content of de xml message should be. But we don't know how to get the DigestValue or the Signature value.

We have tried to apply SHA-1 to the reference that we have to sign encode it to base64 but the DigestValue is not correct.

Its possible build this in OMNIS?

Some ideas?

Best Regards

PD :

Example of the message send by SOAPUI :

<?xml version="1.0"?>
wsu:Id="X509-. . . .  . . PUBLIC PART OF THE CERTIFICATE

             <ds:Signature xmlns:ds="" 
                     <ds:CanonicalizationMethod Algorithm="">
                         <ec:InclusiveNamespaces xmlns:ec="" PrefixList="soapenv vtc"/>
                     <ds:SignatureMethod Algorithm=""/>
                             <ds:Transform Algorithm="">
                                 <ec:InclusiveNamespaces xmlns:ec="" PrefixList="vtc"/>
                         <ds:DigestMethod Algorithm=""/>
                 <ds:KeyInfo Id="KI-B824CA2BDE6ED7965D164924150559643">
                     <wsse:SecurityTokenReference wsu:Id="STR-B824CA2BDE6ED7965D164924150559644">
                         <wsse:Reference URI="#X509-B824CA2BDE6ED7965D164924150559642" 
             <header fecha="2022-04-05T20:00:00" version="1.0" 
                 <vtcconsulta idservicio="253000"/>

We have applied SHA1 to soapenv:Body section and after encode the result in to base64 but the result is not a correct digest.
*Miguel Garcia Segui
DPTO Informatica
971 65 71 73 Ext. 2044*

Manage your list subscriptions at Start a new message -> mailto:omnisdev-en at 

More information about the omnisdev-en mailing list