Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

WS-Security for SOAP Requests

Hi,

Does apigee support WS-Security for SOAP requests ? I have created a pass thru SOAP request and need to authenticate the request using WS-Security standards.

Can anyone help on this ?

Apigee Edge will authenticate the request based on the SOAP Security header

 <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="111" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-459">
            <wsse:Username>username</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>

Username and password are passed in the header. Is there an out of the box approach to validate the soap security header without extracting the credentials ?

Or an out of the box approach to process the security header ?

Thanks

0 7 2,636
7 REPLIES 7