SOAP request with username and password authentication in SoapUI

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I am trying to make a SOAP request in SoapUI, which needs authentication with username and password. I let SoapUI generate a test based on a wsdl file and try to call the service. I followed the steps on the SoapUI website to use authentication( https://www.soapui.org/soap-and-wsdl/authenticating-soap-requests.html ), but I can't get it to work. I am new to SOAP, so I'm probably missing something basic. I got a username and a password for the service, so I'm guessing this is a basic authentication. But when I try to make a request, I always get a PolicyViolationException, which states that "Required policies have not been provided: { http://docs.oasis-open.org/ns/opencsa/sca/200912 }clientAuthentication".

Here is, how the request and answer look like (I obscured the service link and changed the username). I also added the user into my project and WS-Security settings.

Either in wsdl or in documentation the service provider must have provided the information, what type of authentication mechanism is required to call the given service. – Red Boy Apr 5, 2019 at 10:35 In the wsdl I can only find definitions for the body and in the documentation there it says that the header needs a UsernameToken with Username and Password fields. There are also example queries, which looks like on my last picture. – mKay Apr 5, 2019 at 10:50 And that means what? As I said I am new to SOAP and SoapUI. So how should I be able to send a request? Which settings do I need or should I be able to send a request without any settings and just manually changing the rewuest with username and password? – mKay Apr 5, 2019 at 11:02

I can't add comment yet so I'm writing as answer. To me it seems like some namespaces missing. Try to make request as follows by changing nonce, created fields. sample-token can be anything you want. If the service that you're trying to call wants password as plain text then namespace in the code sample will be enough. Also I suggest you to check documentation in this link .

<soap:Header>
    <Security
        xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken wsu:Id="sample-token"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>user</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
            <wsse:Nonce>some-base64</wsse:Nonce>
            <wsu:Created>yyyy-MM-ddThh:mm:ssZ</wsu:Created>
        </wsse:UsernameToken>
    </Security>
</soap:Header>
        Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.