Send a SOAP request using WSS Authentication

luisartguerra
Kilo Explorer

‎05-17-2017 10:38 AM

Hello everybody,

I want to send a SOAP request from ServiceNow to another server. What i usually do for these tasks is to use the XMLHttpRequest Object. Nevertheless, this object is not defined in ServiceNow, so it seems i need to use the SOAPMessageV2 API. I'm very lost about exactly how to translate my code from the XMLHttpRequest to the SOAPMessageV2. Especially on the security part, since my request needs to specify the wsse:usernametoken in the header. I know that there is the setWSSecurity function, but it is asking for a key and a certificate, while my configuration only needs a username and password. Here is my code:

var xmlhttp = new XMLHttpRequest();
xmlhttp.open('POST', 'https://myservice.com/dev/service1?wsdl&anon=false', false);
   // build SOAP request
   var sr =
   '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" '+
   'xmlns:v1="http://emc.com/it/enterprise/contract/IdentityRoleCollectorService/v1">'+
       '<soapenv:Header>'+
           '<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" '+
           'xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">'+
               '<wsse:UsernameToken>'+
                   '<wsse:Username>myusername</wsse:Username>'+
                   '<wsse:Password Type="PasswordText">mypassword</wsse:Password>'+
               '</wsse:UsernameToken>'+
           '</wsse:Security>'+
       '</soapenv:Header>'+
       '<soapenv:Body>'+
           '<v1:RoleRequest>'+
                     '<v1:IdentityRoleRequest>'+
                               '<v1:NtID>' + workflow.scratchpad.ntid + '</v1:NtID>'+
                               '<v1:IdentityID>' + workflow.scratchpad.usr_id + '</v1:IdentityID>'+
                               '<v1:Role>'+ workflow.scratchpad.app_name +'</v1:Role>'+
                               '<v1:InterfaceKey>CONSTANT_KEYNAME</v1:InterfaceKey>'+
                               '<v1:TransactionType>A</v1:TransactionType>'+
                               '<v1:AccountNumber></v1:AccountNumber>'+
                               '<v1:ValidToDate></v1:ValidToDate>'+
                     '</v1:IdentityRoleRequest>'+
           '</v1:RoleRequest>'+
       '</soapenv:Body>'+
   '</soapenv:Envelope>';
   // Send the POST request
   xmlhttp.setRequestHeader('Content-Type', 'text/xml');
   xmlhttp.send(sr);
   //check response
   if (xmlhttp.status == 200) {
   workflow.scratchpad.SOAPResponseStatus = true;
   }
   else{
   workflow.scratchpad.SOAPResponseStatus = false;
   }
   gs.info("SOAP_Status > " + xmlhttp.status);
   gs.info("SOAP_Response > " + xmlhttp.response);

Thank you very for your time.

Labels:
0 Helpfuls
  • 1,889 Views
1 REPLY 1

cag_onganer
ServiceNow Employee
ServiceNow Employee

‎05-20-2017 03:57 PM

You are on the right track. You would continue to embed the "wsse:UsernameToken" tag in your code as XML as the SOAPMessageV2 API doesn't have a function to incorporate the username/password to be sent via a set method for WSS authentication.



see: https://docs.servicenow.com/bundle/istanbul-servicenow-platform/page/app-store/dev_portal/API_refere...


0 Helpfuls