Web services security actions

HCL OneTest API supports the use of one or more security actions that can be layered on top of one another in an outgoing SOAP message.

The actions are as follows:
  • User Tokens, which add simple user name and password authentication.
  • Timestamp Tokens, which enable you to define a period during which the SOAP envelope is valid.
  • Binary Tokens, which add authentication by using a keystore and certificate alias.
  • Digital Signatures, which can be applied to the header and body elements of a SOAP message.
  • Encryption, which can be applied to the header and body of a SOAP message.
  • SAML Tokens, which enable authentication of SOAP messages by servers that use Security Assertion Markup Language.
  • Decryption, which can be applied to SOAP messages that are encrypted with WS-Security.
  • Signature validation, which can be applied to SOAP messages that are encrypted with WS-Security.
  • LTPA Tokens, which enable authentication of SOAP messages by servers that use Lightweight Third-Party Authentication (LTPA).
Note: Decryption and Signature validation actions and the ability to encrypt headers of SOAP messages are available only in HCL OneTest API 8.5.0 or later. The ability to add an LTPA token is available only in 8.5.1 or later.
Note: If you are using 8.5.1 or later, you can import WSDL documents that contain WS-SecurityPolicy assertions. This enables HCL OneTest API to automate the definition of security settings in SOAP messages. However, HCL OneTest API does not currently support the following WS-SecurityPolicy elements: SAML 2.0, signed and encrypted elements (XPath), transport binding, layout assertion, and entire header signing and encryption. For information about the WS-SecurityPolicy specification, see the OASIS website.

Security actions

Security actions are created and modified under the WS-Security tab of the Field Properties window, which is opened when you are viewing the properties of a SOAP message (see WS-Security). One or more security actions can be created, and the inclusion of those actions can be enabled or disabled by selecting or clearing the Enabled check box on the WS-Security tab.

Security actions can be managed by using the toolbar under the Enable check box:
Note: The order in which actions are displayed in the list under the toolbar can be significant. This is because the entries in the Encrypt and Signature windows depend on the actions listed above those Encrypt and Signature actions in the list; for example, time stamps. Multiple actions of the same type in the list will result in that action being carried out multiple times, for example, signatures generated for elements that have already been signed.