Solved: SOAP Authentication to the webservice on proxy sid...

Report Inappropriate Content · 03-01-2018 08:02 AM

Hi there,

I'm Matthieu DELMAS, and this is my first post on Apigee questions. Yeeah 🙂

So i'm blocking on something that might be very simple..

What am i doing?

As the title of question says, i want to create an API proxy on a SOAP service. And this works fine "basically".

But now i have to split some part of SOAP "envelope", to handle security between Apigee and the Webservice directly in Apigee (not from the client-side).
What i need, is get the Body part of SOAP message provided by the client request (with postman setup) AND the Header part directly in some apigee policy that the client dont have to pass it each request because Apigee is doing it alone.

The solution seems to be the AssignMessage component using <Add>. it works with http headers, but not with the <Header>...</Header> of the SOAP envelope..

More interesting thing is, i can use <Set> to set the entire SOAP envelope, but again, not my point here...
What am i seeing?

As expected, the request doesn't contains the <Header>...</Header>, even after apigee AssigneMessage policy it's the same ..

Client (Postman) printscreen:

Apigee AssignMessage printscreen:

Apigee trace printscreen :

You can see here that it added my http header Matthieu-DETECTION with the <Add> of AssignMessage component, but there is no <Header>...<Header> in SOAP envelope..
What are you expecting to see?

What i finally want is, that because of <Add> of the AssignMessage (or other) component, the <soapenv:Header>...</soapenv:Header> added in the SOAP envelope like this :
<soapenv:Envelope>
<soapenv:Header></soapenv:Header> // Added by Apigee on each request for this proxy
<soapenv:Body></soapenv:Header> // provided by client initiale request
</soapenv:Envelope>

Ok, i hope you have enougth infos, just ask if not.

Thanks for helping me there !

Matthieu

ps: i love Apigee 🙂

Report Inappropriate Content

Okay my bad. I found a simple solution :

I going to try improving "form parameters" to a simple JSON . Nvm, Hope this can help someone ^^

Matt

View solution in original post

Report Inappropriate Content

Okay my bad. I found a simple solution :

I going to try improving "form parameters" to a simple JSON . Nvm, Hope this can help someone ^^

Matt

DChiesa

Yess - correct. The AssignMEssage Add/Headers section can be used to add HTTP Headers, but cannot be used to add SOAP Headers.

Use the Set/Payload section to set a SOAP message, including headers.

If you have a SOAP payload and want to modify it, to inject SOAP Headers, you won't be able to do that cleanly with AssignMessage. In that case, you may need to use the XSLT policy, or one of the custom Java policies that inserts headers.

ex1: wssec-signing https://github.com/DinoChiesa/ApigeeEdge-Java-WsSec-Signature

ex2: Edit-Xml-Node https://github.com/DinoChiesa/ApigeeEdge-Java-Add-Xml-Node

Report Inappropriate Content

Now i have it improved for my purpose : having a proxy apigee for SOAP WS that get simple JSON in body in request and use this body to feed SOAP body, but handling SOAP header in the proxy ! so cool 🙂

for curious hackers :

I (very simply) extract JSON body :

and use theses variables in the AssigneMessage :

Important point is order of the policies in the PreFlow of Proxy Endpoints :

Ok with this, we can now send JSON body to feed the SOAP body, and handle the SOAP header in the AssignMessage policy, with this usecase it's to create a Yousign signature initialiization (just for curious).

My next step is to do same for REST to SOAP to REST proxy kind 🙂 hope this can help someone
Matt

SOAP Authentication to the webservice on proxy side