Scripting problem with federated security logon (ADFS) and encrypted/encoded WCF calls
I am trying to record and replay a WPF application using WCF calls in VuGen version 11.52.
The application is using a federated security model implemented via Microsoft ADFS.
After logon the WCF communication is encrypted via server certificates (message based security) and is encoded with MTOM.
My VuGen scripting problem can be divided into 2 sub problems.
- Encrypted data communication.
I have the following code from the developers. They are setting a few properties in the c# .net code like this:
var adfsBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
adfsBinding.Security.Message.EstablishSecurityContext = false;
adfsBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var channelFactory = new WSTrustChannelFactory(adfsBinding, _resourceProviderEndpointAdress);
channelFactory.TrustVersion = TrustVersion.WSTrust13;
channelFactory.Credentials.SupportInteractive = false;
channelFactory.Credentials.UseIdentityConfiguration = true;
var requestSecurityToken = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Bearer);
requestSecurityToken.AppliesTo = _relyingPartyIdentifier;
My problem is that the second server request in my script has a DigestValue and a SignedValue that I can’t correlate.
It seems like the request is signed by the client, but the developer doesn’t know exactly what happens internally in the WCF framework.
Have any of you out there tried to script something like the above, and did you succeed scripting it?
In VuGen in “Manage Services” under the “Protocol and Security” tab I can set a lot of different settings regarding security. I can for example see that one of the options is “WCF – WSFederationHTTPBinding”, but I really don’t know how to set the options. I have tried to read the chapter about “Web Services – Security” in the user’s guide to LoadRunner but it mostly states the possible options for each field, and not how to figure out how you should set the options.
Is there a guide to setting these options?
Encrypted data communication
When logon is done I can’t see the real content of the “data communication”, because it is encrypted. I can see the XML tag names, but all data is encrypted with a server certificate and then encoded via MTOM. Can VuGen help me decrypting and decoding this kind of WCF request?
I have looked at the Data Format Extention, but again I can’t figure out how to set the options.
A part of the WCF request looks like this:
...<e:EncryptedData Id=\"_3\" Type=\"http://www.w3.org/2001/04/xmlenc#Content\" xmlns:e=\"http://www.w3.org/2001/04/xmlenc#\"><e:EncryptionMethod "
"Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"/><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><o:SecurityTokenReference xmlns:o=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><o:Reference ValueType=\"http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk\" URI=\"#_1\"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>iwiv5D98GhyQQ9vu25ts3h3zEGGsU0cfqIenkI4LUup0Xc5MxrDLehtPP4mv2ybT8x41qt+qx3+"
"BcV4ks4Lgm26J0LkhUa0bYIyVPFqjY1hVYJGmucBtMqmpLA4beMw4C76Sr7NNQD4sXIgEaU3Tsg==</e:CipherValue></e:CipherData></e:EncryptedData></s:Body></s:Envelope>\r\n--uuid:ef636835-787a-473a-ab4b-c7b03e28bc21+id=75\r\nContent-ID: <http://tempuri.org/1/635151027239211385>\r\nContent-Transfer-Encoding: binary\r\nContent-Type: application/octet-stream\r\n\r\n\\xD8\\xEE\\xD6x\\xFC\\xA3y\\xBD\\x9Dm^\\xF6vq8\\x95\\xD7\\x08\\xA5\\xBF\\x84\\x80\\xF0&!q!f9\\xB5\\xC5]\\xAD=\\xE1\\xC4;~\\x198q="
So if you are skilled in handling this kind of requests I would like to hear from you.
If you know where to find documentation on how to script these issues I would also like to hear from you.
Thank you in advance.