Question about the best way to handle WS Security Authentication

By: Ryan Nicholls named 19 Oct 2020 at 5:58 p.m. CDT

2 Responses
Ryan Nicholls gravatar
Hi, Im just trying to work out what the best method for implemeting SOAP WS Security authenticating with gluu server would be. As far as i can see it, I can either implement a custom interception script to read the SOAP header and catch the request at gluu gateway, or I can let the request through to my java client to handle the SOAP headers using OXD to talk to the gluu server. Any advice about the best way to handle this would be great.
Ubuntu 18.04
closed

Answers

By Aliaksandr Samuseu staff 19 Oct 2020 at 6:30 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Ryan. Any more details about the flow you could provide at the moment? Still a bit hard to picture what is the indended design. May be you could draw a diagram of the flow?

By Ryan Nicholls named 19 Oct 2020 at 6:53 p.m. CDT

Copy
Ryan Nicholls gravatar
Im using gluu gateway as a proxy and OpenID Connect Authentication and OPA PEP Authorization for our normal web traffic to gluu server. Some of our clients interact with our application using SOAP requests with authentication information in the SOAP headers. The SOAP requests will hit my gluu gateway instance, and it will proxy the requests to the upstream application. My question is regarding the authentication/authorization and if it would be better to have custom scripts to handle the headers at the gateway or to do it when the request gets decoded at the upstream using oxd.

Post an answer