Hi.
In the routing assertion, in
Other tab, select Don't modify the request Security header.
It may solve your issue.
------------------------------
Sr. Consultant Services
HCL Enterprise Studio
------------------------------
Original Message:
Sent: 09-03-2019 10:39 AM
From: Dominique Blanc
Subject: Pass through of SOAP Security Headers
Hi there,
I'm configuring a Webservice where the API Gateway works only as a reverse proxy. The request however, will contain a "wsc:SecurityContextToken" in the Soap header. For some reason, the API Gateway blocks the requests right away, since the context can't be resolved.
My question is, how can we receive the requests (including the security header) and pass it to the back-end server, without checking the provided security token?
The Requests looks like this:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsc:Identifier>MyContext:HERE_IS_THE_TOKEN</wsc:Identifier> </wsc:SecurityContextToken> </Security> </soapenv:Header> <soapenv:Body> <taa:getQuote > <taa:Request> <nachricht:BiPROVersion>2.6.1.1.1</nachricht:BiPROVersion> </taa:Request> </taa:getQuote> </soapenv:Body></soapenv:Envelope>
Thank's a lot in advance
Kind regards
Dominique