Jump to content
  • Mapping WS-Security UsernameToken credentials dynamically in TIBCO ActiveMatrix BusinessWorks™ 5


    Kurian Kuruvilla

    When the WS-Security UsernameToken-based Authentication option is selected in an outbound security policy that is attached to a SOAP Request Reply activity, TIBCO ActiveMatrix BusinessWorks™ 5 (BW) uses credentials retrieved from an Identity shared resource. It is a common requirement to be able to map username and password dynamically. This article explains how to achieve this in BW.

    Prerequisite

    The concrete WSDL for the service is imported into the project and SOAP Request Reply activity is configured with the same.

    Configuration steps -

    1. Import the schema from the following locations to the project.

    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
    https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd

    2. Add the following import to the concrete WSDL.

    <wsdl:import location = "oasis-200401-wss-wssecurity-secext-1.0.xsd" namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>

    TC_DynUT_Import.thumb.jpg.6a9ea2fcb93ed6d45c217e9ae2167a6a.jpg

    3. Add the following namespace binding to the WSDL definitions element.

    xmlns:wsse = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

    TC_DynUT_NSBinding.thumb.jpg.2c5146cdbef66ce825df87e840aced43.jpg

    4. Add a message element as follows.

    <wsdl:message name = "Security">
    <wsdl:part element = "wsse:Security" name = "Security"/>
    </wsdl:message>

    TC_DynUT_Message.thumb.jpg.579349f3481b4fb5a2944feef092d402.jpg

    5. Add a header to the operation input referring to the message defined in the previous step,

    <wsdl:operation name = "GetBooks">
    	<soap:operation soapAction = "/Service/QueryBooksByAuthor" style = "document"/>
    	<wsdl:input>
    		<soap:body parts = "author" use = "literal"/>
    		<soap:header message = "tns:Security" part = "Security" use = "literal"/>
    	</wsdl:input>
    	<wsdl:output>
    		<soap:body parts = "message" use = "literal"/>
    	</wsdl:output>
    </wsdl:operation>

    TC_DynUT_Header.thumb.jpg.85217bf8d5158bc51f2c4ecff33a0099.jpg

    6. The WS-Security header should now be available in the SOAP Request Reply activity input.

    TC_DynUT_InputSecurity1.thumb.jpg.59f98187d53e733b3092e2aff8b23ac1.jpg

    7. Select the ‘any element’ under the ‘Security’ element and click the ‘Edit Statement’ button. Then select ‘UsernameToken’ from the schema http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd.

    TC_DynUT_InputSecurity2.thumb.jpg.6d14d911bef39f7ee0416f9e0d06f88a.jpg

    8. Select the ‘any element’ under the ‘UsernameToken’ element and click the ‘Edit Statement’ button. Then select Password from the schema http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd.

    TC_DynUT_InputSecurity3.thumb.jpg.0fefc49dd7ccc029b34585b30dc08b3d.jpg

    9. It should now be possible to map username and password dynamically.

    TC_DynUT_InputSecurity4.thumb.jpg.0507d04ce54cc48c2d00865728e21045.jpg

    A sample project is available here.


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...