You need to sign in to do that
Don't have an account?
Rene Hernandez
Apex Soap call authentication problem
Has anyone encountered an issue with wsse authentication for soap calls in apex? We have made sure that the password digest and credentials are correct.
authentication works in SoapUi, but fails from our apex class.
Ideas would be great as we are pulling our hair trying.
authentication works in SoapUi, but fails from our apex class.
Ideas would be great as we are pulling our hair trying.
problem on Syntax or format of the SOAP request
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-5FC79CA1C1AD86A37D1446828793286134">
<wsu:Created>2015-11-06T16:53:13.286Z</wsu:Created>
<wsu:Expires>2015-11-06T16:54:13.286Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-5FC79CA1C1AD86A37D1446828790507133">
<wsse:Username>aritziaso:rhernandez</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">brdMvC/v5AYKOCw9UPxtlD+JzPg=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3O+y2ndmH878pCfjSAOccg==</wsse:Nonce>
<wsu:Created>2015-11-06T16:53:10.507Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
==================================
See the above request..the problem is in Security header for password digest. We calculate the password digest... through below methods in apex code:
String x=nonce+datetimestamp+'pwd';
Blob hash = Crypto.generateDigest('SHA1', Blob.valueOf(x));
String digest= EncodingUtil.base64Encode(hash);
This password digest is not matching with password digest calculated in SOAP. it this gets matched..issue will get solved.
You can have an idea of this security protocal oat below link:
http://www.herongyang.com/Web-Services/WS-Security-Username-Token-Profile.html
I would take a close look at your crypto and base64 encoding with a fine tooth comb and you'll likely find the culprit (eventually :)). Along the way, I would compare that what you have in Salesforce matches verbatim with what you're using in SoapUI (you can fake the dates if you need to)
password digest is caculated.
I also agree that createddate could be the culprit so I tried both with and without milliseconds.
What I finally figured out was that Salesforce was not generating correct password digest. I took nonce and created date from soap ui request and tried calculating password digest in anonymous apex with those 3 lines of code I posted in last reply. But the password digest calculated in apex did not match the Soap ui passwore digest.
This only seems to be the issue. If we can somehow calculate the same password digest as in Soap ui..this issue will be solved!
Thanks in Advance