STS request with certificate authentication in SoapUI -


i have requestsecuritytoken request certificate signature , timestamp soapui security token use in other requests, have problem implement correctly.

here correct request, different application, same certificate:

<o:security s:mustunderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">     <u:timestamp u:id="_0">         <u:created>2016-10-24t14:35:54.851z</u:created>         <u:expires>2016-10-24t14:40:54.851z</u:expires>     </u:timestamp>     <o:binarysecuritytoken u:id="uuid-e5fff67c-e3ce-4c63-86da-9661adfd6e0c-2" valuetype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#x509v3" encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary">...miifgtccbgmgawibagikoepzb(shortened)...</o:binarysecuritytoken>     <signature xmlns="http://www.w3.org/2000/09/xmldsig#">         <signedinfo>             <canonicalizationmethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>             <signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>             <reference uri="#_0">                 <transforms>                     <transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>                 </transforms>                 <digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>                 <digestvalue>tslkdnu0lj5sb1p75wgvjd7lmhc=</digestvalue>             </reference>             <reference uri="#_1">                 <transforms>                     <transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>                 </transforms>                 <digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>                 <digestvalue>4qwjs9rcbzb1b3dcr37qnujgsl4=</digestvalue>             </reference>         </signedinfo>         <signaturevalue>...gmaxzaf8hhj44/m0q(shortened)...</signaturevalue>         <keyinfo>             <o:securitytokenreference>                 <o:reference uri="#uuid-e5fff67c-e3ce-4c63-86da-9661adfd6e0c-2"/>             </o:securitytokenreference>         </keyinfo>     </signature> </o:security>

in soapui, in wss config add keystore certificate , made outgoing configuration, make timestmap , signature. in signature, configure binary security token, choose keystore, alias , password. have experimented methods, closer result correct 1 this:

<wsse:security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">     <u:timestamp u:id="ts-6eb3e416e924850aa51477473502423447">         <u:created>2016-10-26t09:18:22.423z</u:created>         <u:expires>2016-10-26t09:23:22.423z</u:expires>     </u:timestamp>     <wsse:binarysecuritytoken encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary" valuetype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#x509v3" u:id="x509-6eb3e416e924850aa51477473502407442">...ccbgmgawibagikoep(shortened)..." xmlns:ds="http://www.w3.org/2000/09/xmldsig#">         <ds:signedinfo>             <ds:canonicalizationmethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>             <ds:signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>             <ds:reference uri="#id-6eb3e416e924850aa51477473502408445">                 <ds:transforms>                     <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>                 </ds:transforms>                 <ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>                 <ds:digestvalue>ylz7mgranksz3pypbsxte3fovcc=</ds:digestvalue>             </ds:reference>         </ds:signedinfo>         <ds:signaturevalue>...pwhlphxineyugocm+tsz9ucg(shortened)...</ds:signaturevalue>         <ds:keyinfo id="ki-6eb3e416e924850aa51477473502407443">             <wsse:securitytokenreference u:id="str-6eb3e416e924850aa51477473502407444">                 <wsse:reference uri="#x509-6eb3e416e924850aa51477473502407442" valuetype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#x509v3"/>             </wsse:securitytokenreference>         </ds:keyinfo>     </ds:signature> </wsse:security>

on request, have response error message

an error occurred when verifying security message.

one of differences see, in correct request there 2 references different uri, in soapui request, can't figure out, how simulate correct request in soapui. glad recommendation, maybe had similar problem.

from default soapui signs soap-body element. can add each other element "parts:" configuration.

add following (id, name, namespace, encode) in parts table:

first entry sign timestamp content

second entry sign body content

and soapui sign timestamp and body element.

remark: timestamp needs added before "signature" in list of wss-entries.


-

Comments

Post a Comment

Popular posts from this blog

python - How to insert QWidgets in the middle of a Layout? -

Image
i'm using qt framework build graphical user interface. use qgridlayout position qwidgets neatly. gui looks this: my application regularly adds new widgets gui @ runtime. these new widgets not added @ end of qlayout, somewhere in middle. the procedure bit cumbersome. applied on figure above, need take out widg_c , widg_d , ... qgridlayout. next, add widg_x and widg_y , , put other widgets again. how remove widgets qgridlayout: for in reversed(range(mygridlayout.count())): self.itemat(i).widget().setparent(none) ### as long you're dealing small amount of widgets, procedure not disaster. in application display lot of small widgets - perhaps 50 or more! application freezes second while procedure ongoing, annoying user. there way insert widgets somewhere in qlayout, without need take out other widgets? edit: apparently solution qvboxlayout simple. use function insertwidget(..) instead of addwidget(..) . docs can found link: http://doc.qt.io/qt-5/qboxlayou
Read more

python - serve multiple gunicorn django instances under nginx ubuntu -

i need serve 2 webs apps (django) on gunicorn under different domain names using nginx on ubuntu. started using tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04 it worked fine 1 using that. tried same thing second gives me 502 gateway second domain. tried following tutorial: http://michal.karzynski.pl/blog/2013/10/29/serving-multiple-django-applications-with-nginx-gunicorn-supervisor/ i'm @ part run gunicorn start script: sudo bin/gunicorn_start i response: starting webuildblack root traceback (most recent call last): file "/home/devin/webuildblack/bin/gunicorn", line 7, in <module> gunicorn.app.wsgiapp import run importerror: no module named 'gunicorn.app'; 'gunicorn' not package you have named program gunicorn.py gunicorn -package. rename file , remove gunicorn.pyc file.
Read more

module - Prestashop displayPaymentReturn hook url -

i new prestashop developer , trying create paymentmodule. have got show payment method can not proceed purchase because not know hot works. does know should redirect run hooddisplaypaymentreturn method? i happy if explain me complete navigation map make purchase. anyway, can find relation between hooks , pages? when have new module payment rely on simplest provided prestashop: bankwire. inside can find 3 hooks. hookpayment: public function hookpayment($params) { if (!$this->active) return; if (!$this->checkcurrency($params['cart'])) return; $this->smarty->assign(array( 'this_path' => $this->_path, 'this_path_bw' => $this->_path, 'this_path_ssl' => tools::getshopdomainssl(true, true).__ps_base_uri__.'modules/'.$this->name.'/' )); return $this->display(__file__, 'payment.tpl'); } hookdisplaypaymenteu: public fun
Read more