JMeter WSS-Password Type

Tools
#1

Greetings, I have encountered a similar problem as to this post: https://stackoverflow.com/questions/36478457/how-to-add-wsdl-authentication-to-jmeter# , but have not able to find a working solution yet.

I tried to simulate a similar SOAP request in JMeter, but it seems I am not able to configure WSS-Password Type in anywhere and include it into HTTP Authorization Manager, and keep receiving message “Message security verification failed” where the same reply is received in SOAPUI when the WSS-Password Type is set to none. Is there a way to input WSS-Password Type for the authentication process?

#2

Have you tried the WS Security for SOAP plugin? It seems to be just what you are looking for. More info here: https://github.com/tilln/jmeter-wssecurity

#3

The HTTP Authorization Manager is for configuring authentication credentials for the HTTP protocol level.

However, you need to include those credentials in the SOAP payload of an HTTP request.

A clear text password (type PasswordText) may easily be included in the payload, e.g.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken>
                <wsse:Username>${username}</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">${password}</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>
        <your_content_here/>
    </soapenv:Body>
</soapenv:Envelope>

For encoded passwords (type PasswordDigest) however, you may want to use the plugin mentioned which looks like this:

usernametoken.png886×588 35 KB

#4

Interesting, anyway to insert the clear text password in the request payload within JMeter?