Layer7 API Management

  • Private Community
 View Only

  • 1.  Pass through of SOAP Security Headers

    Posted Sep 03, 2019 10:59 AM

    Hi there,

    I'm configuring a Webservice where the API Gateway works only as a reverse proxy. The request however, will contain a "wsc:SecurityContextToken" in the Soap header. For some reason, the API Gateway blocks the requests right away, since the context can't be resolved.

    My question is, how can we receive the requests (including the security header) and pass it to the back-end server, without checking the provided security token? 

    The Requests looks like this:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsc:Identifier>MyContext:HERE_IS_THE_TOKEN</wsc:Identifier>
         </wsc:SecurityContextToken>
      </Security>
   </soapenv:Header>
   <soapenv:Body>
      <taa:getQuote >
         <taa:Request>
            <nachricht:BiPROVersion>2.6.1.1.1</nachricht:BiPROVersion>
         </taa:Request>
      </taa:getQuote>
   </soapenv:Body>
</soapenv:Envelope>


    Thank's a lot in advance

    Kind regards
    Dominique



  • 2.  RE: Pass through of SOAP Security Headers
    Best Answer

    Posted Sep 05, 2019 01:05 PM
    Hi.

    In the routing assertion, in Other tab, select Don't modify the request Security header. 
    It may solve your issue.



    ------------------------------
    Sr. Consultant Services
    HCL Enterprise Studio
    ------------------------------

    Original Message