cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

SOAP cfhttpparam header syntax

totalpackage612
New Here ,
Jan 09, 2013 Jan 09, 2013

I need to make a secure SOAP request with Coldfusion , and I'm having trouble implementing the headers properly so the service can use it.


There are two structure examples I was given

Example 1:

This is a sample soap request:

POST /WebService/EmployerWebServiceV24.asmx HTTP/1.1
Host: stage.e-verify.uscis.gov
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />
  </soap:Body>
</soap:Envelope>

Example 2:

An example SOAP authentication HEADER would look something like:

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header>
        <wsse:Security soap:mustUnderstand="1">
            <wsse:UsernameToken namespaces>
                <wsse:Username>username</wsse:Username>
                <wsse:Password Type="type info">password</wsse:Password>
                <wsse:Nonce>nonce</wsse:Nonce>
                <wsu:Created>date created</wsu:Created>
            </wsse:UsernameToken>
        <wsse:Security>
    </soap:Header>
    <soap:Body>
        <WebServiceMethodName xmlns="Web Service Namespace" />
    </soap:Body>
</soap:Envelope>

Important:

I was able to create a successful connection to this web service without including header information.

To use other functions I need a properly working header which works.

This is my code for the successful connection without the headers. (So you can reproduce it)

<cfsavecontent variable="request_xml">
<cfoutput>
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />
  </soap:Body>
</soap:Envelope>
</cfoutput>
</cfsavecontent>
<!--- Make Request --->
<cfhttp url="https://stage.e-verify.uscis.gov/WebService/EmployerWebServiceV24.asmx?wsdl" method="post" result="httpResponse">
  <cfhttpparam type="header" name="SOAPAction" value="https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection" />
  <cfhttpparam type="header" name="accept-encoding" value="no-compression" />
  <cfhttpparam type="body" value="#trim(request_xml)#" />
</cfhttp>
<!--- Show Response --->
<cfdump var="#httpResponse#" label="httpResponse">
<cfdump var="#xmlParse( httpResponse.fileContent )#" label="soapResponse">

PROBLEM:

When I insert my header into the request, then it throws me an error saying "code:InvalidSecurityToken"

(Replace cfsavecontent with this)

<!--- Define Nonce --->
<cfscript>
  strNonce = ToBase64(createUUID());
</cfscript>
<cfsavecontent variable="request_xml">
<cfoutput>
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
    <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>myUsername</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordText">myPassword</wsse:Password>
            <wsse:Nonce>#strNonce#</wsse:Nonce> 
            <wsu:Created>#Dateformat(Now(),'yyyy-mm-ddThh:mm:ss')#Z</wsu:Created>
        </wsse:UsernameToken>
    </wsse:Security>
  </soap:Header>
  <soap:Body>
    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />
  </soap:Body>
</soap:Envelope>
</cfoutput>
</cfsavecontent>

OTHER SOLUTIONS I HAVE TRIED:

I have tried to use createObject + AddSOAPRequestHeader + cfinvoke but nothing seems to work for me

WHAT I NEED

I need some ideas on how to get that secure header working using a cfhttp method.

After 8 hours of researching I have found nothing.


2.1K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 1 Reply 1
latest latest Jump to latest reply
BKBK Community Expert
Community Expert ,
Jan 12, 2013 Jan 12, 2013
LATEST

<cfscript>

  strNonce = ToBase64(createUUID());

</cfscript>

<cfsavecontent variable="request_xml">

<cfoutput>

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Body>

    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />

  </soap:Body>

</soap:Envelope>

</cfoutput>

</cfsavecontent>

<cfsavecontent variable="header_xml">

<cfoutput>

  <soap:Header>

    <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

        <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

            <wsse:Username>myUsername</wsse:Username>

            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordText">myPassword</wsse:Password>

            <wsse:Nonce>#strNonce#</wsse:Nonce>

            <wsu:Created>#Dateformat(Now(),'yyyy-mm-ddThh:mm:ss')#Z</wsu:Created>

        </wsse:UsernameToken>

    </wsse:Security>

  </soap:Header>

</cfoutput>

</cfsavecontent>

<cfhttp url="https://stage.e-verify.uscis.gov/WebService/EmployerWebServiceV24.asmx?wsdl" method="post" result="httpResponse">

  <cfhttpparam type="header" name="SOAPAction" value="https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection" />

  <cfhttpparam type="header" name="security" value="#header_xml#"/>

  <cfhttpparam type="header" name="accept-encoding" value="no-compression" />

  <cfhttpparam type="body" value="#trim(request_xml)#" />

</cfhttp>

<!--- Show Response --->

<cfdump var="#httpResponse#" label="httpResponse">

<cfdump var="#xmlParse( httpResponse.fileContent )#" label="soapResponse">

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices