How to create Security Scenario

Hi experts,

I am setiing up a script for testing web service that uses WS-Trust. But I cannot setup Security Scenario based on information from Security Token Request. Do you have any detailed guide for setup Security Scenario?

I did check VuGen Help Center but it cannot help.

Thanks in advanced

"SOAPEnvelope="
"<s:Envelope xmlns:s=\"">www.w3.org/.../soap-envelope\" xmlns:a=\"">www.w3.org/.../addressing\" xmlns:u=\""">docs.oasis-open.org/.../oasis-200401-wss-wssecurity-utility-1.0.xsd\">"
    "<s:Header>"
        "<a:Action s:mustUnderstand=\"1\">">docs.oasis-open.org/.../a:Action>"
        "<a:MessageID>urn:uuid:a18deaa7-f5ae-4b1f-b1a0-e0cbf64acaac</a:MessageID>"
        "<a:ReplyTo>"
            "<a:Address>">www.w3.org/.../a:Address>"
        "</a:ReplyTo>"
        "<a:To s:mustUnderstand=\"1\">">STS_URL/.../a:To>"
       "<o:Security s:mustUnderstand=\"1\" xmlns:o=\""">docs.oasis-open.org/.../oasis-200401-wss-wssecurity-secext-1.0.xsd\">"
            "<u:Timestamp u:Id=\"_0\">"
                "<u:Created>2019-03-28T10:01:52.403Z</u:Created>"
                "<u:Expires>2019-03-28T10:06:52.403Z</u:Expires>"
            "</u:Timestamp>"
            "<o:UsernameToken u:Id=\"uuid-fdb8eaa3-7de0-4fd2-89b8-e650e206fe16-1\">"
                "<o:Username>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</o:Username>"
                "<o:Password Type=\""">docs.oasis-open.org/.../oasis-200401-wss-username-token-profile-1.0
            "</o:UsernameToken>"
        "</o:Security>"
    "</s:Header>"
    "<s:Body>"
        "<trust:RequestSecurityToken xmlns:trust=\""">docs.oasis-open.org/.../200512\">"
            "<trust:RequestType>">docs.oasis-open.org/.../trust:RequestType>"
            "<wsp:AppliesTo xmlns:wsp=\""">schemas.xmlsoap.org/.../policy\">"
                "<EndpointReference xmlns=\""">www.w3.org/.../addressing\">"
                    "<Address>">WS_URL/.../Address>"
                "</EndpointReference>"
            "</wsp:AppliesTo>"
            "<trust:Entropy>"
                "<trust:BinarySecret u:Id=\"uuid-1a36f8e0-a8bd-43f4-a5f9-9e0e45297522-2\" Type=\"docs.oasis-open.org/.../trust:BinarySecret>"
            "</trust:Entropy>"
            "<trust:KeyType>">docs.oasis-open.org/.../trust:KeyType>"
            "<trust:KeySize>256</trust:KeySize>"
            "<trust:KeyWrapAlgorithm>">www.w3.org/.../xmlenc
            "<trust:EncryptWith>">www.w3.org/.../xmlenc
            "<trust:SignWith>">www.w3.org/.../xmldsig
            "<trust:CanonicalizationAlgorithm>">www.w3.org/.../xml-exc-c14n
            "<trust:EncryptionAlgorithm>">www.w3.org/.../xmlenc
            "<trust:SecondaryParameters>"
                "&#xD;"
                "<trust:KeyType>">docs.oasis-open.org/.../trust:KeyType>"
                "&#xD;"
                "<trust:KeySize>256</trust:KeySize>"
                "&#xD;"
                "<trust:Claims Dialect=\""">schemas.xmlsoap.org/.../identity\">"
                    "&#xD;"
                    "<wsid:ClaimType Uri=\"">schemas.xmlsoap.org/.../name\" Optional=\"true\" xmlns:wsid=\""">schemas.xmlsoap.org/.../identity\">&
                    "</wsid:ClaimType>"
                    "&#xD;"
                "</trust:Claims>"
                "&#xD;"
            "</trust:SecondaryParameters>"
            "<trust:ComputedKeyAlgorithm>">docs.oasis-open.org/.../trust:ComputedKeyAlgorithm>"
        "</trust:RequestSecurityToken>"
    "</s:Body>"
"</s:Envelope>"
  • Hi

    You can open "View"-"Step Toolbox".

    Then search "web_service_set_security".

    When you click to add this API, it will popup a dialog.

    Then you can select the type of security tokens.

    For more deatils, you can search "web_service_set_security" in help file.

     

    Regards,

    Wei-Wei Zhang

  • Sorry for late reply.

    As you can see in the request, the security token comes from the Security Token Service (STS). So that using web_sevice_set_security is not enough. I did try using Security Scenario Editor but always got error:

    Action.c(4): Error: InvokeMethod failure: External component has thrown an exception..
    Action.c(4): Error stack trace: at Mercury.LR.LrWsNetClient.ResultArgExtractor.CreateXmlArgsDoc()
    at Mercury.LR.LrWsNetClient.ResultArgExtractor.ExtractArgAsXml(String sArgPath, ArgumentExtractionType extractionType)
    at Mercury.LR.LrWsNetClient.ResultArgExtractor.ExtractArg(String sArgPath, Boolean IsSaveResultArgumentsAsIs, ArgumentExtractionType extractionType)
    at Mercury.LR.LrWsNetClient.ProxyCreator.ExtractArg(String sArgPath, ArgumentExtractionType extractionType)
    at Mercury.LR.LrWsNetClient.NetReplay.ExtractResultArg(String sArgPath, ArgumentExtractionType extractionType, Array& barrArgValue)
    Action.c(4): Error: ExtractResultArg failure: Object reference not set to an instance of an object..
    Action.c(4): Error: Web service call "ComputeResponse_102" execution failed