Workday request works in SoapUI but not in Postman

13.2k views Asked by At

I am trying to call the Put_Background_Check operation of the Workday Recruiting web service. I have opened the WSDL file in SoapUI and successfully sent the following XML...

<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope
    xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:wd="urn:com.workday/bsvc">
    <env:Body>
        <wd:Put_Background_Check_Request
            xmlns:wd="urn:com.workday/bsvc"
            wd:version="v26.2">
            <wd:Business_Process_Parameters>
                <wd:Run_Now>true</wd:Run_Now>
            </wd:Business_Process_Parameters>
            <wd:Background_Check_Data>
                <wd:Event_Reference>
                    <wd:ID wd:type="Background_Check_ID">BACKGROUND_CHECK_EVENT-6-96</wd:ID>
                </wd:Event_Reference>
                <wd:Background_Check_Status_Data>
                    <wd:Status_Date>2016-12-16</wd:Status_Date>
                    <wd:Status_Reference>
                        <wd:ID wd:type="Background_Check_Status_ID">Background_Check_Status_Pending</wd:ID>
                    </wd:Status_Reference>
                </wd:Background_Check_Status_Data>
                <wd:Package_Reference_Data>
                    <wd:Package_Reference>
                        <wd:ID wd:type="Background_Check_Package_ID">BACKGROUND_CHECK_PACKAGE_QR1SQ</wd:ID>
                    </wd:Package_Reference>
                    <wd:Status_Reference>
                        <wd:ID wd:type="Background_Check_Status_ID">Background_Check_Status_Pending</wd:ID>
                    </wd:Status_Reference>
                </wd:Package_Reference_Data>
            </wd:Background_Check_Data>
        </wd:Put_Background_Check_Request>
    </env:Body>
</env:Envelope>

I get the following response...

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
   <env:Body>
      <wd:Put_Background_Check_Response wd:version="v26.2" xmlns:wd="urn:com.workday/bsvc">
         <wd:Event_Reference wd:Descriptor="Background Check for Job Application: Elizabeth Taylor - R0000039 Diversity Report Test (Open)">
            <wd:ID wd:type="WID">ee6477431cb2100ca61ac0100d041523</wd:ID>
            <wd:ID wd:type="Background_Check_ID">BACKGROUND_CHECK_EVENT-6-96</wd:ID>
         </wd:Event_Reference>
      </wd:Put_Background_Check_Response>
   </env:Body>
</env:Envelope>

The URL is https://wd3-impl-services1.workday.com/ccx/service/TENANT/Recruiting/v27.1. Authentication method is basic auth with username@tenant and a password. And the HTTP log looks like the following... SoapUI HTTP log

The problem is that when I try to re-create the same POST request with the same headers in Postman (or cURL or Python requests), I get invalid username or password error. Is SoapUI doing something special here? The response in this case is as follows...

<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wd="urn:com.workday/bsvc">
            <faultcode>SOAP-ENV:Client.authenticationError</faultcode>
            <faultstring>invalid username or password</faultstring>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
1

There are 1 answers

2
Imran S. On BEST ANSWER

SoapUI does modify the outgoing XML in this case. It adds the following chunk just before the <env:Body> element before it sends it out as a POST request.

<env:Header>
    <wsse:Security
        env:mustUnderstand="1"
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:UsernameToken wsu:Id="UsernameToken-86F2FCCEFFBB80C4CD14820998755791">
            <wsse:Username>username@tenant</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
            <wsse:Nonce
                EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">asdfwrqwarqwr1+oA==
            </wsse:Nonce>
            <wsu:Created>2016-12-18T22:24:30.575Z</wsu:Created>
        </wsse:UsernameToken>
    </wsse:Security>
</env:Header>

So I've added this to the original XML and removed the Basic Auth header from the request and it works.