Nonce causing invalid username token
The application I am integrating the webservice into generates a wsse security header containing a ‘Nonce’ attribute. As far as I’m aware, this is a standard element of wsse security.
It appears that the API refuses requests that contain Nonce in the UsernameToken. In order to work around this, I would have to create and implement a custom WSE policy assertion. This is not an issue in SOAP UI as one can fully customize the SOAP envelope, however I imagine this is quite restrictive for users attempting API integration in their applications.
Is there something you can do your side to prevent the webservice from rejecting requests with a superfluous nonce element?
Regards,
Oliver
Best Answer
-
I have taken matters into my own hands and gone the custom policy assertion route.
0
Answers
-
Hello @oliver.sherlock,
could you provide the HTTP data for your request and the XML that you are trying to create?
Best Regards
Kamil
0 -
Hi Kamil, Sure.
XML REQUEST:
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soap:Header><wsa:Action></wsa:Action><wsa:MessageID>urn:uuid:f707583f-5b4e-4dda-a2e9-abd673faf2d7</wsa:MessageID><wsa:ReplyTo><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo><wsa:To>https://screeningpilot.accelus.com/pilot-v1/screener</wsa:To><wsse:Security soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-eb600678-920a-4e4d-aa3e-77a6a636e4e2"><wsu:Created>2017-06-21T08:05:19Z</wsu:Created><wsu:Expires>2017-06-21T08:10:19Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-19"><wsse:Username>gazprom.api@gazprom-energy.com</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">accelus</wsse:Password><wsse:Nonce>Rr/9Oda3S6HYccRBPhzDeA==</wsse:Nonce><wsu:Created>2017-06-21T08:05:19Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><screen xmlns="http://screening.complinet.com/"><screenRequest xmlns=""><assigneeIdentifier>cnu_so_257</assigneeIdentifier><customId1>?</customId1><customId2>?</customId2><groupIdentifier>cng_so_177</groupIdentifier><name>Test</name><nameType>VESSEL</nameType></screenRequest></screen></soap:Body></soap:Envelope>
XML RESPONSE:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurityToken</faultcode><faultstring>An invalid security token was provided (An error happened processing a Username Token)</faultstring></soap:Fault></soap:Body></soap:Envelope>
0 -
Worth noting that using SOAP UI I replicated the XML request but removed the nonce token, resulting in a successful response.
0
Categories
- All Categories
- 6 AHS
- 37 Alpha
- 161 App Studio
- 4 Block Chain
- 4 Bot Platform
- 16 Connected Risk APIs
- 47 Data Fusion
- 30 Data Model Discovery
- 608 Datastream
- 1.3K DSS
- 577 Eikon COM
- 4.9K Eikon Data APIs
- 7 Electronic Trading
- Generic FIX
- 7 Local Bank Node API
- Trading API
- 2.7K Elektron
- 1.3K EMA
- 236 ETA
- 519 WebSocket API
- 33 FX Venues
- 10 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 20 Messenger Bot
- 2 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 59 Open Calais
- 264 Open PermID
- 39 Entity Search
- 2 Org ID
- PAM
- PAM - Logging
- 8.4K Private Comments
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 20 RDMS
- 1.4K Refinitiv Data Platform
- 367 Refinitiv Data Platform Libraries
- 3 Refinitiv Due Diligence
- LSEG Due Diligence Portal API
- 3 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.1K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 10 World-Check Customer Risk Screener
- 990 World-Check One
- 44 World-Check One Zero Footprint
- 45 Side by Side Integration API
- Test Space
- 3 Thomson One Smart
- 1.2K TR Internal
- Global Hackathon 2015
- 2 Specialists Who Code
- 10 TR Knowledge Graph
- 150 Transactions
- 142 REDI API
- 1.7K TREP APIs
- 4 CAT
- 21 DACS Station
- 117 Open DACS
- 1.1K RFA
- 103 UPA
- 172 TREP Infrastructure
- 224 TRKD
- 886 TRTH
- 5 Velocity Analytics
- 5 Wealth Management Web Services
- 59 Workspace SDK
- 9 Element Framework
- 5 Grid
- 13 World-Check Data File
- Yield Book Analytics
- 46 中文论坛