Layer 7 API Management

Expand all | Collapse all

Pass through of SOAP Security Headers

Jump to Best Answer
  • 1.  Pass through of SOAP Security Headers

    Posted 14 days ago

    Hi there,

    I'm configuring a Webservice where the API Gateway works only as a reverse proxy. The request however, will contain a "wsc:SecurityContextToken" in the Soap header. For some reason, the API Gateway blocks the requests right away, since the context can't be resolved.

    My question is, how can we receive the requests (including the security header) and pass it to the back-end server, without checking the provided security token? 

    The Requests looks like this:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
       <soapenv:Header>
          <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
             <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                <wsc:Identifier>MyContext:HERE_IS_THE_TOKEN</wsc:Identifier>
             </wsc:SecurityContextToken>
          </Security>
       </soapenv:Header>
       <soapenv:Body>
          <taa:getQuote >
             <taa:Request>
                <nachricht:BiPROVersion>2.6.1.1.1</nachricht:BiPROVersion>
             </taa:Request>
          </taa:getQuote>
       </soapenv:Body>
    </soapenv:Envelope>


    Thank's a lot in advance

    Kind regards
    Dominique



  • 2.  RE: Pass through of SOAP Security Headers
    Best Answer

    Posted 12 days ago
    Hi.

    In the routing assertion, in Other tab, select Don't modify the request Security header. 
    It may solve your issue.



    ------------------------------
    Sr. Consultant Services
    HCL Enterprise Studio
    ------------------------------