NTLM authentication with SOAP in Mule 4

While connecting with system API’s, one is often confronted with some nice exotic protocols. While some protocols are not considered cool anymore (SOAP for example), some authentication schemes just gives you a headache. This blog post shows how to do that.

While connecting with system API’s, one is often confronted with some nice exotic protocols. While some protocols are not considered cool anymore (SOAP for example), some authentication schemes just gives you a headache.

So when consuming a SOAP webservice in Mule 4 that is secured with Microsoft’s NTLM you just have to consider the following:

• The Web Service connector won’t work. There is no NTLM authentication in there. That makes sense by the way: in the SOAP world we have the WSSecurity standards for that.
• The DOMAIN name should always be in capitals (I want hours of my life back).

Instead of using the Web Service Consumer, use the HTTP Request connector (POST method). You can setup the NTLM configuration in the HTTP Request configuration:

In my experience the DOMAIN should always be in all caps. It won’t work otherwise.

However, using the HTTP Request means that you should manually create the SOAP request message as XML payload. This is a bit cumbersome, but not that hard using DataWeave 2:

%dw 2.0
output text/xml
ns soapenv http://schemas.xmlsoap.org/soap/envelope/
ns wh ns.whitehorses.nl
---
{
 soapenv#Envelope: { 
   soapenv#Body: {
      wh#MyBodyElement: {
       <<ETC>>       
      }
    }
 }
}

Also, don’t forget the set the SOAPAction header as Header in the HTTP Request connector! This is often required by SOAP web services. (Or, when using Mule 3, set a SOAPAction property).

Happy coding!