|
|
Hello,
I tried to call a web service hosted in a IBM WebSphere server, but could not
pass WebSphere's security framework. After some talking with the guys in the
WebSphere side, I'm not sure whether this is possible in ColdFusion because
they ask for a <wsse:UsernameToken> in the SOAP envelope header. We did some
testing, and they confirmed that ColdFusion could talk to the web service, by
could not pass security validation. Would someone help me here? Must it be
done in Java?
Here is my calling syntax in ColdFusion:
<cfinvoke webservice="https://WebServiceURL?wsdl"; method="myMethod"
username="myUserName" password="myPassword" returnVariable="ReturnCode">
<cfinvokeargument name="ParaName" value="ParameterValue">
</cfinvoke>
The web service is locked down, so the calling client must issue a SOAP
message containing VALID security extensions:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:ws="http://somedomain";
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext";>
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>U:external:myUserName</wsse:Username>
<wsse:Password>myPassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
... REMOVED as this depends on your individual SOAP service
</soapenv:Body>
</soapenv:Envelope>
Here is the error msg:
AxisFault
faultCode:
{http://schemas.xmlsoap.org/ws/2003/06/secext}FailedAuthentication
faultSubcode:
faultString: WSEC5075E: No security token found which satisfies any one of
AuthMethods.
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:WSEC5075E: No security token
found
which satisfies any one of AuthMethods.
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
at org.apache.axis
Larry
|
|