'How to config Outgoing WS-Security in Postman?

The request works in SoapUI but as we are using Postman-Newman for Automation of this API so how to make this work in Postman.

I saw some solutions where it says to add security tag in request body but what's the username to provide there as we don't provide any user name in SoapUI.

How I config in SoapUI

  1. Select Keystores and select the certificate and add password
  2. Set "Outgoing WS-Security Configurations" attaching screenshot to show what we have to send in that. keystore, password, key identifier Type and parts

enter image description here

Postman config:

  1. Added the certificate in postman using settings as well added the password.
  2. Created a request and added the request body

in request body I tried below but I am not sure what is the username or nonce as we don't give this info in SoapUI. This returns an error The SOAP request has not been signed, or is signed incorrectly

<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsu:Timestamp wsu:Id='TS-11b7d3261c994de099eb8c431b33947b'>
<wsu:Created>2019-09-06T12:09:15.604Z</wsu:Created>
<wsu:Expires>2019-09-06T12:09:25.619Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id='UsernameToken-238be95be3bf445fb8534666a7a8693c'>
<wsse:Username>***login***</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-usernametoken-profile-1.0#PasswordDigest'>***Base64 (SHA-1 (nonce + created + password) )***</wsse:Password>
<wsse:Nonce EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soapmessage-security-1.0#Base64Binary'>***Base64 nonce***</wsse:Nonce>
<wsu:Created>2019-09-06T12:09:15.604Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>

Also tried below and here I get soap fault

    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken>
            <wsse:Username>XXXXX</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXXX</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>

Also tried below solution but not sure what username to provide here as we only provide Password in SoapUI and not UserName

        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <wsse:Username>Whattogivehere</wsse:Username>
                <wsse:Password>******</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
postman


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions