The AUT Tab at the bottom of the request message editors allows adding of authentication credentials to your request. There are quite a lot of things to know here so let’s have a more detailed look:
The Aut tab is shown at the right and complementing request properties to the left.
- Username / Password – specifying these will use them for standard Basic Authentication (remember to set the global HTTP Preference for preemptive authentication if your server expects the credentials without an authentication challenge).
- Domain – add this for NTLM authentication challenges. SoapUI currently does not support NTLMv2, so if your server requires this you will either need to reconfigure the server to accept NTLMv1 (see...) or use a product like (...) to overcome this.
- Outgoing WSS – Specifies which project-level Outgoing WS-Security configuration to apply to outgoing requests (see .. for details)
- Incoming WSS – Specifies which project-level Incoming WS-Security configuration to apply to incoming response messages
The properties to the left add two more settings for automatically adding WS-Security UsernamePassword Tokens to outgoing requests:
- WSS-Password Type - which type of Password to user (Digest, Plain Text ,etc)
- WSS TimeToLive - the TTL value for the added credentials
The values specified in the corresponding username / password fields will be used. Here comes an example setup:
Here we have entered a simple username and password and specified to add a UsernameToken to the outgoing request. After the request is sent we have a look in the Raw request view:
Here you can see the following:
- the HTTP Authentication Header has been added at the top (because I have set preemptive authentication to true in my global http preferences)
- The Created and Expires elements have been added (since we specified a TTL value)
- The Username and Password values are added.
- A Nonce is added in accordance with the UsernamePassword Standard.
Tip: If you want more control over the UsernamePassword Header create an outgoing WSS configuration at the project level instead where you have more options to play with. Then use this configuration in the AUT tab as described above instead of specifying these settings in the inspector and properties.