Jump to content
The TIBCO Platform is a real-time, composable data platform that will bring together an evolving set of your TIBCO solutions - and it's available now! See more information here

  • Mapping WS-Security UsernameToken credentials dynamically in TIBCO ActiveMatrix BusinessWorks™ 5

    Kurian Kuruvilla

    By Kurian Kuruvilla

     Share

    When the WS-Security UsernameToken-based Authentication option is selected in an outbound security policy that is attached to a SOAP Request Reply activity, TIBCO ActiveMatrix BusinessWorks™ 5 (BW) uses credentials retrieved from an Identity shared resource. It is a common requirement to be able to map username and password dynamically. This article explains how to achieve this in BW.

    Prerequisite

    The concrete WSDL for the service is imported into the project and SOAP Request Reply activity is configured with the same.

    Configuration steps -

    1. Import the schema from the following locations to the project. 

    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd

    2. Add the following import to the concrete WSDL. 

    <wsdl:import location = "oasis-200401-wss-wssecurity-secext-1.0.xsd" namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>

    TC_DynUT_Import.thumb.jpg.6a9ea2fcb93ed6d45c217e9ae2167a6a.jpg

    3. Add the following namespace binding to the WSDL definitions element. 

    xmlns:wsse = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

    TC_DynUT_NSBinding.thumb.jpg.2c5146cdbef66ce825df87e840aced43.jpg

    4. Add a message element as follows. 

    <wsdl:message name = "Security">
<wsdl:part element = "wsse:Security" name = "Security"/>
</wsdl:message>

    TC_DynUT_Message.thumb.jpg.579349f3481b4fb5a2944feef092d402.jpg

    5. Add a header to the operation input referring to the message defined in the previous step, 

    <wsdl:operation name = "GetBooks">
	<soap:operation soapAction = "/Service/QueryBooksByAuthor" style = "document"/>
	<wsdl:input>
		<soap:body parts = "author" use = "literal"/>
		<soap:header message = "tns:Security" part = "Security" use = "literal"/>
	</wsdl:input>
	<wsdl:output>
		<soap:body parts = "message" use = "literal"/>
	</wsdl:output>
</wsdl:operation>

    TC_DynUT_Header.thumb.jpg.85217bf8d5158bc51f2c4ecff33a0099.jpg

    6. The WS-Security header should now be available in the SOAP Request Reply activity input.

    TC_DynUT_InputSecurity1.thumb.jpg.59f98187d53e733b3092e2aff8b23ac1.jpg

    7. Select the ‘any element’ under the ‘Security’ element and click the ‘Edit Statement’ button. Then select ‘UsernameToken’ from the schema http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd.

    TC_DynUT_InputSecurity2.thumb.jpg.6d14d911bef39f7ee0416f9e0d06f88a.jpg

    8. Select the ‘any element’ under the ‘UsernameToken’ element and click the ‘Edit Statement’ button. Then select Password from the schema http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd.

    TC_DynUT_InputSecurity3.thumb.jpg.0fefc49dd7ccc029b34585b30dc08b3d.jpg

    9. It should now be possible to map username and password dynamically.

    TC_DynUT_InputSecurity4.thumb.jpg.0507d04ce54cc48c2d00865728e21045.jpg

    A sample project is available here.

    • Like 1
     Share
    Go to articles

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

© 2024 Cloud Software Group, Inc. All rights reserved.
×
×
  • Create New...