This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to add wsse security header to soap request

Posted on 07-01-2020 07:38 AM
santhoshmalluru
New Member
Reply posted on --/--/---- --:-- AM

@Dino,

Someone using apigee proxy, they are sending request in soap format without security header. Need to add security header like below and hit proxy endpoint with soap input request along with security token in header.

Target endpoint will authenticate the request based on the SOAP Security header

<soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="111" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-459">
            <wsse:Username>username</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
Solved Solved
1 5 18K
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I can think of two ways to do it.

  1. use the XSLT policy. The advantages here: great flexibility in what you can do. And the XSLT policy is built-in to Apigee. Disadvantage: you need to write XSLT. (I'll leave that to you as an exercise for the reader)
  2. Use the Edit-XML-Node callout. Advantage: no XSLT. Disadvantage: It relies on an external JAR file. (There's even an example in the README for this callout that shows this)

View solution in original post

Jump to Solution
5 REPLIES 5