Layer 7 API Management

Expand all | Collapse all

Pass through of SOAP Security Headers

Jump to Best Answer
  • 1.  Pass through of SOAP Security Headers

    Posted 09-03-2019 10:59 AM

    Hi there,

    I'm configuring a Webservice where the API Gateway works only as a reverse proxy. The request however, will contain a "wsc:SecurityContextToken" in the Soap header. For some reason, the API Gateway blocks the requests right away, since the context can't be resolved.

    My question is, how can we receive the requests (including the security header) and pass it to the back-end server, without checking the provided security token?

    The Requests looks like this:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
       <soapenv:Header>
          <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
             <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                <wsc:Identifier>MyContext:HERE_IS_THE_TOKEN</wsc:Identifier>
             </wsc:SecurityContextToken>
          </Security>
       </soapenv:Header>
       <soapenv:Body>
          <taa:getQuote >
             <taa:Request>
                <nachricht:BiPROVersion>2.6.1.1.1</nachricht:BiPROVersion>
             </taa:Request>
          </taa:getQuote>
       </soapenv:Body>
    </soapenv:Envelope>


    Thank's a lot in advance

    Kind regards
    Dominique



  • 2.  RE: Pass through of SOAP Security Headers
    Best Answer

    Posted 09-05-2019 01:05 PM
    Hi.

    In the routing assertion, in Other tab, select Don't modify the request Security header.
    It may solve your issue.



    ------------------------------
    Sr. Consultant Services
    HCL Enterprise Studio
    ------------------------------