2

I want to test soap web service secured with TAM.

if anybody done this before, could you please tell me the setting I need to do at SOAP UI SIDE(version 5.2).

I tried setting up username and password but not able to hit the service.

getting below html form as response

<form action="/pkmslogin.form" method="POST">
        <table width="500px" border="0" cellpadding="3" cellspacing="0" class="form">
          <tbody>
            <tr bgcolor="#eeeeee">
              <td colspan="2" valign="top" align="center" height="22px"><b>Please Enter Your Connect User ID and Password.</b></td>
            </tr>
            <tr bgcolor="#eeeeee">
              <td width="35%" align="right" valign="top"><b>Username*:&nbsp;</b></td>
              <td width="65%"><input type="text" name="username" style="width: 200px" size="40" maxlength="40"></td>
            </tr>
            <tr bgcolor="#eeeeee">
              <td width="35%" align="right" valign="top"><b>Password*:&nbsp;</b></td>
              <td width="65%"><input type="password" name="password" style="width: 200px" size="40" maxlength="40"></td>
            </tr>
            <tr>
              <td></td>
              <td><input type="submit" name="submit" value="Login" style="width: 75px; height: 22px" class="actionButton"></td>
            </tr>
          </tbody>
        </table>
        <input type="HIDDEN" name="login-form-type" value="pwd">
      </form>
Jaap
  • 641
  • 12
  • 19
chandrashekhar.dehankar
  • 63
  • 7
  • What happened when you send the request back with username and password? Have tried any other ways to successfully invoke any service behind the TAM authorization? – Rao Feb 22 '16 at 02:51
  • 1
    What I did was basically go through the login procedure with the dev console open in a browser. Then I plucked apart the message exchanges in the browser one by one. I then recreated that manual login procedure with HTTP test steps in SoapUI to receive a negotiated token. The entire session is managed by SoapUI by using the 'Maintain HTTP Session' option on the test case level. This might sound as a security risk, but in the end internet is a lot of flat text. So something must be 'creatable' somewhere to get to the token. – Matthias dirickx May 03 '17 at 20:54

0 Answers0