Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Screening /
  • Screening Online /
avatar image
Question by oliver.sherlock · Jun 05, 2017 at 11:14 AM · world-checkscreeningauthenticationscreening-apitokensoap-api

Nonce causing invalid username token

The application I am integrating the webservice into generates a wsse security header containing a ‘Nonce’ attribute. As far as I’m aware, this is a standard element of wsse security.

It appears that the API refuses requests that contain Nonce in the UsernameToken. In order to work around this, I would have to create and implement a custom WSE policy assertion. This is not an issue in SOAP UI as one can fully customize the SOAP envelope, however I imagine this is quite restrictive for users attempting API integration in their applications.

Is there something you can do your side to prevent the webservice from rejecting requests with a superfluous nonce element?

Regards,

Oliver

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

4 Replies

  • Sort: 
avatar image
Best Answer
Answer by oliver.sherlock · Jun 28, 2017 at 02:18 PM

I have taken matters into my own hands and gone the custom policy assertion route.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by kamil.cisewski · Jun 09, 2017 at 07:57 AM

Hello @oliver.sherlock,

could you provide the HTTP data for your request and the XML that you are trying to create?

Best Regards

Kamil

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by oliver.sherlock · Jun 21, 2017 at 04:09 AM

Hi Kamil, Sure.

XML REQUEST:

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soap:Header><wsa:Action></wsa:Action><wsa:MessageID>urn:uuid:f707583f-5b4e-4dda-a2e9-abd673faf2d7</wsa:MessageID><wsa:ReplyTo><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo><wsa:To>https://screeningpilot.accelus.com/pilot-v1/screener</wsa:To><wsse:Security soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-eb600678-920a-4e4d-aa3e-77a6a636e4e2"><wsu:Created>2017-06-21T08:05:19Z</wsu:Created><wsu:Expires>2017-06-21T08:10:19Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-19"><wsse:Username>gazprom.api@gazprom-energy.com</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">accelus</wsse:Password><wsse:Nonce>Rr/9Oda3S6HYccRBPhzDeA==</wsse:Nonce><wsu:Created>2017-06-21T08:05:19Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><screen xmlns="http://screening.complinet.com/"><screenRequest xmlns=""><assigneeIdentifier>cnu_so_257</assigneeIdentifier><customId1>?</customId1><customId2>?</customId2><groupIdentifier>cng_so_177</groupIdentifier><name>Test</name><nameType>VESSEL</nameType></screenRequest></screen></soap:Body></soap:Envelope>


XML RESPONSE:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurityToken</faultcode><faultstring>An invalid security token was provided (An error happened processing a Username Token)</faultstring></soap:Fault></soap:Body></soap:Envelope>

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by oliver.sherlock · Jun 21, 2017 at 04:39 AM

Worth noting that using SOAP UI I replicated the XML request but removed the nonce token, resulting in a successful response.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
6 People are following this question.

Related Questions

Screening Online API - Error java.lang.exception when creating new SOAP project in SOAP UI

Batch Screening - Access Denied

Hi, whilst performing some ongoing testing (on our end) our pilot account appears to have been locked. Please could someone unlock the account for us?

Extracting WC profile in PDF format through Screening Online API

Use of Special Characters in Screening Requests

  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Electronic Trading
    • Generic FIX
    • Local Bank Node API
    • Trading API
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Intelligent Tagging
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open Calais
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • RDMS
  • Refinitiv Data Platform
    • Refinitiv Data Platform Libraries
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • Workspace SDK
    • Element Framework
    • Grid
  • World-Check Data File
  • 中文论坛
  • Explore
  • Tags
  • Questions
  • Badges