Question

SOAP with certificate authentication

1

For a SOAP webservice we need to use, certificate based authentication needs to be implemented. To get this done I have taken the following steps: Uploaded the certificate authority certificate of the external webservice in the Mendix cloud sprintr. This should allow the cloud to trust the certificate of the external service Uploaded the PKS certificate in the cloud environment and under the details tab I have added the webservices that it should use in the form module.webservicename Restarted the application so the changes can be made Now I get the following error back when calling the service: xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity <s:value>s:Sender</s:value> An error occurred when verifying security for the message A search on google only gets me that it could be a problem with server time. But I do not know how I can test/verify this in the Mendix cloud. The error does not specify any extra information on what when wrong with sercurity verification. Does anyone have suggestions on how to get more debug information or what the issue could be?

asked 2016-02-17

Ralph Lenssen

4 answers

Jasper van der Hoek · Answer 1 · 2016-02-19

As mentioned by Jouke in the comments of your question, a PKS certificate can only be used if you have an https connection. A http connection will never access the key store since http does not require a certificate.

To get a better idea of which end of the connection gives the error you can enable Trace logging for the Webservice. That way in the log you can see all steps the platform takes and at what point you are getting the error.

It really depends on what type of encryption or security your customer is using. However based on the error message you are getting (wsse security), and the fact that you are talking about encrypted communication via http, I would guess that you are using wsse encrpyted messages.

That means that in the wsse header you'd send the public key from your pks file, and in the response of the service instead of a body you will find a <xenc:encrypteddata> element which holds the encrypted version of the body.
Unfortunately the platform doesn't have native support for this wsse security version yet. If this is what your customer is using you will have to write a Java action to call the service and decrypt the response.

To save you from having to do to much Java programming you could decrypt the message, store it in a FileDocument, and use XML file import to evaluate the response further.

Ralph Lenssen · Answer 2 · 2016-02-22

I am indeed having to make some java actions for getting this webservice to work. It is a WCF interface that makes use of wsHTTPBinding. For other people facing this type of integration, I am currently starting with investigating:

Metro WS inrichten (blog)

Axis2 auto-generate in Eclipse (helpfile)

Forumpost over wsHTTP with Metro

Sadly all documentation is aimed at setting-up a tomcat or glassfish server. Translating this into Mendix is going to be my fun for this week.

Jelle Leermakers · Answer 3 · 2017-06-22

I am facing the same question now. Is there anyone who already got this to work? Or who can help set this up? I already have an HTTPS connection though.

Jaap Luinge · Answer 4 · 2017-06-29

A pity the documentation on this is very poor. You can add request handlers but the how and what is described very summary......