Ryan M

Web Service Scanning - DataPower Authentication SoapHeader

Discussion created by Ryan M on Apr 23, 2020
Latest reply on Apr 27, 2020 by Sheela Sarva

Hello,

 

I am attempting to scan some web services by providing the WSDL links. All the scans are returning 500 errors due to bad authentication. These services reside behind a dataPower proxy that requires a SOAP header for authentication. Is it possible to inject this SOAP header into the scan? The header is not present in the WSDL definitions of the services I have tried traditional authentication records without any success. . 

 

Would need it inject something similar to below to allow proper authentication:

<soapenv:Header>
   <wsse:Security>
      <wsse:UsernameToken>
         <wsse:Username>username</wsse:Username>
         <wsse:Password>password</wsse:Password>
      </wsse:UsernameToken>
   </wsse:Security>
</soapenv:Header>

Outcomes