Archive for the ‘WSSE’ category

WSSE Security Header Authentication with ColdFusion

July 20th, 2010

I recently had a project that required interaction with a web service using wsse authentication. The example given by the vendor failed to authenticate as well as the wsse online documentation.

Unfortunately there is very little info I could find on using ColdFusion with wsse authentication and the error messages were less than helpful.

After many days of trial and error I finally got it to work, hopefully this will save someone the headache.

Creating the Header:

<CFFUNCTION NAME=”getSecurityHeader”>

<cfset myUsername = #uname# />
<cfset myPassword = #passwd# />
<cfset dtNow = Now() />
<cfset dtGMT = DateAdd(”s”,GetTimeZoneInfo().UTCTotalOffset,dtNow) />
<cfset myDate = “#DateFormat(dtGMT,”yyyy-mm-dd”)#” & “T” & “#timeformat(dtGMT,”HH:mm:ss”)#” & “Z”>

<cfscript>
myNonce = createUUID();
myObj = createObject(”webservice”,this.checkInstantConsumer.DropPath);

headerElement = createObject(”java”,”org.apache.axis.message.SOAPHeaderElement”);

headerElement.init(”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”, “wsse:Security”);

headerElement.addChildElement(”wsse:UsernameToken”);

headerElement.getFirstChild().addChildElement(”wsse:Username”).setValue(myUsername);

mypass = headerElement.getFirstChild().addChildElement(”wsse:Password”);
mypass.setValue(myPassword);
//mypass.setAttribute(”Type”, “PasswordText”);

headerElement.getFirstChild().addChildElement(”wsse:Nonce”).setValue(
ToBase64(Hash(myNonce, “SHA”)) );

myCreated = headerElement.getFirstChild().addChildElement(”wsu:Created”);
myCreated.setValue(myDate);
myCreated.setAttribute(”xmlns:wsu”,”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”);

headerElement.setMustUnderstand(1);
headerElement.setActor(”");

myObj.setHeader(headerElement);

securityheader = headerElement.tostring();
</cfscript>

<CFRETURN securityheader />
</CFFUNCTION>

Using the Created Header:

<!— Get wsse Security Header —>
<cfscript>
securityHeader=getSecurityHeader();
</cfscript>
<cfoutput>
<!— Crreate SOAP Request —>
<cfsavecontent variable=”request.thisrequest”><?xml version=”1.0″ encoding=”utf-8″?>
<soap:Envelope xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema” xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/”>
<soap:Header>
#securityHeader#
</soap:Header>
<soap:Body>
<Method xmlns=”https://www.site.com/Method/”>
<Element1>#Element1Value#</Element1>
<Element2>#Element2Value#</Element2>
</Method>
</soap:Body>
</soap:Envelope>
</cfsavecontent>

No comments »

Posted in Coldfusion, WSSE