cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WS-Security Authentication with a X509 certificate for Soap call

mhlamine
Contributor

We would like to configure a HTTP monitor for a SOAP request but this request has WS-Security Authentication with a X509 certificate. Does any one knows if it is possible and how to do it?

6 REPLIES 6

AntonioSousa
DynaMight Guru
DynaMight Guru

mhlamine
Contributor

Thanks @AntonioSousa ,

does dynatrace add the needed headers using that certificate?

how dynatrace uses that certificate?

do i need to add some other headers or inputs?

@mhlamine,

Now that you make that questions, I've figured out that my reply might not be your use-case. I was referring to the configuration of client-certificates, which is a different topic...

Antonio Sousa

techean
Dynatrace Pro
Dynatrace Pro

@mhlamine  answer to your second question would be it uses credential vaults to check for trusted certs. Yes it does add needed headers using certs for request.

It will be completely optional for additional header values.

KG

mhlamine
Contributor

Here is the header that must be added for WS security :

     <wsse:Security soapenv:mustUnderstand="1"
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsu:Timestamp wsu:Id="Timestamp-1"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
             <wsu:Created>${=new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date())}</wsu:Created>
         </wsu:Timestamp>
         <wsse:UsernameToken wsu:Id="UsernameToken-1"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
             <wsse:Username>USER</wsse:Username>
             <wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0#PasswordText'>PASSWORD</wsse:Password>
         </wsse:UsernameToken>
     </wsse:Security>

 

in the executions i don't see any header added by dynatrace.

 

You are referring to the WS-Security header, and not an HTTP header.

While you do have the capability of defining the request body, it might not be easy to construct the payload. I have not done it before.

You might have a better chance contacting support. They should be able to provide you with a more definitive answer regarding this specific payload.

 

Antonio Sousa