Testing web service with SoapUI and Windows authentication

user-interface soap testing web-services soapui

SoapUI doesn't seem to work directly with NTLM authentication, but you can use a proxy such as Burp Suite to do the auth for you.

  1. Download Burp Suite from http://portswigger.net/burp/ and crank it up.
  2. On Burp's "Proxy : Intercept" tab, click the button to turn intercept off.
  3. On Burp's "Proxy : Options" tab, make sure it's set to an unused port, the default is 8081
  4. On Burp's "Options" tab, tick "do www authentication" and add a setting for the server you wish to hit. Also tick "prompt for credentials on authentication failure"
  5. Switch to Burp's "Proxy : History" tab so you can see requests going through.
  6. In SoapUI, choose File > Preferences, then select "Proxy Settings". Enter Host "localhost" and port "8081".
  7. Use SoapUI as normal. It will send requests through Burp Proxy, which will do the NTLM authentication for you.

soapUI 4.5 just added support for NTLMv2 which negates the need for Burp Suite.


The accepted solution will work in most scenarios. If, however, the service uses delegation to access resources on other servers, you will run into a double-hop issue with the NTLM authentication the Burp proxy uses. The proxy will successfully authenticate to the service, but subsequent calls made by the service to other resources using delegation will fail.

The issue is described well in this article:

http://blogs.msdn.com/b/besidethepoint/archive/2010/05/09/double-hop-authentication-why-ntlm-fails-and-kerberos-works.aspx

The easiest workaround I found for this was to use Fiddler as a proxy. On Fiddler's Rules menu, select 'Automatically Authenticate.' Then update your SoapUI preferences to use fiddler as a proxy (the default location is localhost:8888). Now your calls will be wrapped in a credential that can be delegated.

If you use LoadUI to execute your SoapUI test cases, the SoapUI test runner will use your SoapUI proxy settings, and your calls will continue to work.


I think SoapUI might only support NT authentication for the WSDL.

you can see some detail of how it is implemented here:

  • http://www.soapui.org/xref/com/eviware/soapui/impl/wsdl/support/wsdl/UrlWsdlLoader.html

(BTW, this google search doesn't look promising for you!)


Current release SoapUI 4.5.1 doesn't work with windows authentication, but nightly build version runs again well.

Download nightly build version

Related

Check if unmanaged DLL is 32-bit or 64-bit?
Editing remote files with Emacs using public key authentication
Is it against best practice to throw Exception on most JUnit tests?
Make emacs run in console mode (-nw) by default
What is a good tutorial for using ORMLite with SQLite and Android [closed]
How to find text files not containing text on Linux?
Why use JNDI for data sources
Why does $((true == false)) evaluate to 1 in bash?
Youtube - How to force 480p video quality in embed link / <iframe>
What's the fastest way to edit hundreds of Git commit messages?
Google Sheets: How to replace text in column header?
Task.Factory.StartNew vs Task.Factory.FromAsync