Known Issues- Web Service Security

Relevant for: API testing only

This section describes troubleshooting and limitations for working with Web services security.

Security on Webservices imported from UDDI Authentication and proxy security are not supported for Web Services imported from a UDDI.
WCF-type Web services
  • Configuring different security settings for operations residing on the same port is not supported.

  • Some of the user event handlers (such as the AfterProcessRequestSecurity, BeforeProcessResponseSecurity, OnSendRequest, and OnReceiveResponse events) will not be invoked.

  • When working with Federation type scenarios that use STS (Security Token Service), you cannot change the SOAP version.

Web services with message level security

When testing Web Services that require message-level security, the Web Service security scenario only supports SOAP version 1.1. For SOAP 1.2 use a WCF type scenario.

SAML security tokens
  • When using a SAML security token for Web services security, user-provided content may contain creation and expiration timestamps. To extend the life of the test, we recommend that you hard-code an expiration date in the distant future. In this is not possible, change the timestamp by implementing the OnBeforeApplyProtocolSettings event.

  • When using a SAML security token for Web services security, if you edit the values in Grid mode, they may not be updated in UFT.

    Workaround: To update the values, switch to Text mode and save the test.

  • Web Service steps are not supported when using a SAML token with a certificate from the file system.

    Workaround: Install the certificate to the Windows store and select the certificate from the store.

SOAP 1.2
  • You can choose only UserName or X509 tokens when configuring the message level security.

  • When configuring the canonicalization algorithm and the transform algorithm for the message signature, you cannot use the following format: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform.