WS-Security Header inclusing using XQuery

Similar Messages

• Javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header error while invoking FinancialUtilService using HTTP proxy client

  I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
  javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
  Process exited with exit code 0.
  Message was edited by: Oliver Steinmeier
  Removed attachment

  Hi Jani,
  Thanks for your reply.
  I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command. 
       keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
  Invoking
      SecurityPolicyFeature[] securityFeature =
      new SecurityPolicyFeature[] { new
      SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
      financialUtilService_Service = new FinancialUtilService_Service();
      FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
      // Get the request context to set the outgoing addressing properties
      WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
      WSEndpointReference replyTo =
        new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
      String uuid = "uuid:" + UUID.randomUUID();
      wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
      wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
      wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY,  "Welcome1");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
  SEVERE: WSM-00057 The certificate, client, is not retrieved.
  SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
  SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
  SEVERE: WSM-00005 Error in sending the request.
  SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
  SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
  SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
  oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
    at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
    at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
    at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
    at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
    at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
    at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
    ... 30 more
  Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
    at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
    at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
    ... 32 more
  SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
  File upload failed
  javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    ... 19 more

• RowNum for header and detail for XMLNodes using XQuery Sqlserver

  Hi All,
  I have this xml.
  declare @xml xml
  set @xml =' <StudentsData>
  <StudentData>
  <Name>AAA</Name>
  <subjects>
  <subject>
  <Name>computers</Name>
  <marks>30</marks>
  </subject>
  <subject>
  <Name>Maths</Name>
  <marks>40</marks>
  </subject>
  </subjects>
  </StudentData>
  <StudentData>
  <Name>BBB</Name>
  <subjects>
  <subject>
  <Name>Science</Name>
  <marks>30</marks>
  </subject>
  <subject>
  <Name>Physics</Name>
  <marks>40</marks>
  </subject>
  </subjects>
  </StudentData>
  </StudentsData>'
  I am able to get the proper data by querying like below.
  select
  s.n.value('(Name/text())[1]', 'varchar(50)') as StudentName ,
  z.c.value('(Name/text())[1]','varchar(50)') as SubjectName ,
  z.c.value('(marks/text())[1]','int') as Marks
  from
  @XML.nodes('/StudentsData/StudentData') as S(N)
  CROSS APPLY s.n.nodes('subjects/subject') z(c)
  But I want to include the header_id and detail_id to for these records using a variable like below.
  eg: declare @header_id =100
        declare @detail_id = 1000
  I want the output like below.
  HeaderId DetailId StudentName SubjectName Marks
  101 1001 AAA computers 30
  101 1002 AAA Maths 40
  102 1003 BBB Science 30
  102 1004 BBB Physics 40
  how do I get this using xquery.
  Thanks in advance.

  pls try
  declare @xml xml
  set @xml =' <StudentsData>
  <StudentData>
  <Name>AAA</Name>
  <subjects>
  <subject>
  <Name>computers</Name>
  <marks>30</marks>
  </subject>
  <subject>
  <Name>Maths</Name>
  <marks>40</marks>
  </subject>
  </subjects>
  </StudentData>
  <StudentData>
  <Name>BBB</Name>
  <subjects>
  <subject>
  <Name>Science</Name>
  <marks>30</marks>
  </subject>
  <subject>
  <Name>Physics</Name>
  <marks>40</marks>
  </subject>
  </subjects>
  </StudentData>
  </StudentsData>'
  declare @header_id int =100
  declare @detail_id int= 1000
  select @header_id+ROW_NUMBER() over(order by (select 1)) header_id,@detail_id+ROW_NUMBER() over(order by (select 1))detail_id,
  s.n.value('(Name/text())[1]', 'varchar(50)') as StudentName ,
  z.c.value('(Name/text())[1]','varchar(50)') as SubjectName ,
  z.c.value('(marks/text())[1]','int') as Marks
  from
  @XML.nodes('/StudentsData/StudentData') as S(N)
  CROSS APPLY s.n.nodes('subjects/subject') z(c)
  vt
  Please mark answered if I've answered your question and vote for it as helpful to help other user's find a solution quicker

• How to include WS-Security Header in the WSDL

  hi
  how to include WS-Security Header which have username and password as
  i had seen the below link it deals with just hello world which is not using any Services(DBAdapter) is it possible to use DBAdapter as the steps present in the below link how to include WS-Security Header which have username and password
  http://blogs.oracle.com/reynolds/2005/09/invoking_bpel_from_an_html_for.html

  As Amir suggested, you may provide in the URL but I wouldn't suggest it though. You don't want to hard code the user ID and password within in the WSDL because it is a bad practice especially the user ID and password may be different in different systems and every time you change the password, you have to regenarate your WSDL.
  May be you thought through this but just in case if you didn't
  KK

• Extracting username and password from security header

  Hey all,
  I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
  1) I secured my BPEL process
  2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
  3) I added the security variable to the Header Variables for the BPEL process input
  4) I added the security variable to the Input Header Variables for the web service's invoke operation
  This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
  Environment:
  JDeveloper 11.1.1.6.0
  Thanks,
  Bill

  Hi Sri,
  If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
  Thanks,
  Bill

• Unable to pass security header

  Hi, We are facing issue while passing the OWSM policy from one proxy to other proxy.
  PS1 ->PS2
  PS1 doesnot have OWSM policy .
  PS2 has owsm policy.The policy used is username token service policy.
  When we are calling the PS2 from PS1 the security headers are not getting passed and hence failing with authentication.
  We tried inserting the WS security header in PS1 ie., we assigned the security header in header variable and tried passing it. But that also failed
  Could you please help us how to pass the security header from non secured proxy service.
  Thanks in advance, Anup

  Hi,
  We cannot make PS1 as pass through. The whole scenario is like this.
  We have two different OSB projects.
  Project 1-> PS1a, PS1b, PS1,PS2
  Project 2-> PS2a, PS2b, PS1,PS2
  PS1a calls PS1b which inturn calls Ps1/Ps2 based on some conditions.
  We have implemented OWSM in PS1a(Pass through) and PS1b(OWSM processed).
  We have to call PS2a from PS1(Project1)
  PS1a(Pass through)->PS1b(OWSM processed).->PS1----->PS2a(Pass through)
  When the flow comes to PS1, it will not have security headers. But PS2a expect security header from PS1.
  So are you suggesting us to make PS1 of project1 also to be a pass through.
  Any suggestions on this will be helpful

• How to pass Security Header from the Physical Service in ODSI

  We have to call a secured Web service using ODSI. We are trying to build a physical service in ODSI using a WSDL which has username token with password text policy inside it. The requests to that web service are bound by the security policy. But ODSI is not allowing us to create a Physical service usin a WSDL with a security policy in it. How can we then pass the security header from the ODSI physical service to the external web service.

  You would need to write a webservice handler for your physical data service to implement the security.
  http://download.oracle.com/docs/cd/E13162_01/odsi/docs10gr3/datasrvc/How%20To%20Create%20SOAP%20Handlers%20for%20Imported%20WSDLs.html

• Why is the security header empty in the response when mustUnderstand="1"?

  Hi
  In the response the value of mustUnderstand is equal to "1", but the UsernameToken data is not echoed, the security header is empty.
  It seems that either the credentials should be echoed or mustUnderstand should be equal to "0"
  An Axis 1.4 client threw an Exception because they interpreted the spec as such, and we've dealt with that but now
  I have an external party using some Microsoft stuff and they're having to intercept the response and set it to 0
  before processing the response.
  How should it be dealt with?
  I'm happy to write a handler that does this, and I tested some Oracle sample code but the header is always null.
  Source Code: AuthenticateHandler.java
  This is my test request...
  <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:env="http://www.w3.org/2003/05/soap-envelope" soap:mustUnderstand="1">
  <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Username>TestUser</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security></soap:Header>
      <soap:Body xmlns:ns1="http://webservicehandler/">
          <ns1:echoElement>DSF</ns1:echoElement>
      </soap:Body>
  </soap:Envelope>and my test response
  <env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:env="http://www.w3.org/2003/05/soap-envelope" env:mustUnderstand="1"/>
  </env:Header><env:Body><ans1:echoResponseElement xmlns:ans1="http://webservicehandler/">DSF</ans1:echoResponseElement>
  </env:Body></env:Envelope>

  You aren't addressing Apple here; we are all users like you.
  Please submit to apple.com/feedback

• Custom Policy Step and the WS-Security header attibute "mustUnderstand"

  Hi there,
  I have some issues testing the custom policy step that comes with OWSM (CustomAuthenticationStep), which i describe next.
  I manage to compile/deploy the custom step successfully. I also restart the server and add the brand new step into the request pipeline. The pipeline only has two steps, a log step and a custom authentication step.
  I develop a client for the gateway service which use the "Username to Authenticate" option of the Proxy Security. The other options (inbound/outbound integrity/encryption) are all unchecked.
  When I test the client, the following SOAP message is produced:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ns0="http://agesic.entidad/types/"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  env:mustUnderstand="1">
  <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Username>test</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </env:Header>
  <env:Body>
  <ns0:reverseElement>
  <ns0:aString>Holas!</ns0:aString>
  </ns0:reverseElement>
  </env:Body>
  </env:Envelope>
  Which looks just fine. However I get the following exception:
  javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at agesic.cliente.gateway.proxy.runtime.EchoReverseSoapHttp_Stub.reverse(EchoReverseSoapHttp_Stub.java:78)
       at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.reverse(EchoReverseSoapHttpPortClient.java:44)
       at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.main(EchoReverseSoapHttpPortClient.java:33)
  If i look at the log produced by the custom step, it looks like the step was successfully passed.
  ********** Entering Custom Authentication execute method **********
  Processing stage is Request
  Request SOAP message is <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="h
  ttp://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-ins
  tance" xmlns:ns0="http://agesic.entidad/types/" xmlns:wsu="http://docs.oasis-ope
  n.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><env:Header><wsse
  :Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004
  /01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.or
  g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://sche
  mas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken xmlns:wsse="http://docs.oasi
  s-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http:/
  /docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ws
  se:Username>test</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/
  wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse
  :Password></wsse:UsernameToken></wsse:Security></env:Header><env:Body><ns0:rever
  seElement><ns0:aString>Holas!</ns0:aString></ns0:reverseElement></env:Body></env
  :Envelope>
  User locale is English
  Client ip address is rhel4.tecinfo.com.uy:7777
  Verified user is test
  The problems is with the mustUnderstand attribute. It looks like no step tells the OWSM that he understands the header, so the OWSM pass through the pipeline and when it ends it thinks that that header was not processed properly.
  I try to find documentation on this issue but I didn't find any.
  Any ideas? Is there any way to specify that the step actually understands the ws-security header?
  Thanks!
  Leo

  Ok. Thanks. The problem here is a little bit different. At the client side, we have the following:
  <?xml version="1.0" encoding="UTF-8"?>
  <oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
  <webservice-client>
  <service-qname namespaceURI="http://agesic.entidad/" localpart="EchoReverse"/>
  <port-info>
  <wsdl-port namespaceURI="http://agesic.entidad/" localpart="EchoReverseSoapHttpPort"/>
  <runtime enabled="security">
  <security>
  <inbound/>
  <outbound>
  <username-token password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name='reverse'>
  </operation>
  </operations>
  </port-info>
  </webservice-client>
  </oracle-webservice-clients>
  The <outbound> here is requered in order to use the WSS UserName token profile. I try to remove the <inbound/> to check if it was a problem like yours, but we still have the same exception.
  The problem seems to be with the gateway at the server side.
  Intercepting the communication between the client and the server, we are getting the following response:
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ns0="http://agesic.entidad/types/">
  <env:Body>
  <env:Fault>
  <faultcode>env:MustUnderstand</faultcode>
  <faultstring>SOAP must understand error:
  {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  We need a way to instruct the gateway that he actually understands the wss header.
  Any ideas?
  Thanks!
  Leo

• Missing Security header in SOAP

  Hello!
  I used WSDLs to  generate a few client proxy classes in order to access web services of a 3rd party application. The first call was successfull: I called START_SESSION method passing username and password and got proper response (ticket, session ID). Afterwards, I wanted to call methods of other proxy classes of the same application and always got
  SoapFaultCode:1  WSDoAllReceiver: Request does not contain required Security header
  How do I pass security header and what does it consist of? I suppose ticket and/or session ID, but it is not part of any method's interface.
  What should I do?
  Thanks in advance!
  Kind regards,
  Igor
  Unfortunately, WSDL is not available in public. If necessary; I'll post it, but for the first post I'll try not to occupy space.

  Hi!
  I did research on this topic with server application and I quote what I found:
  <i>The Alfresco web services have always used the WS Security header to pass the ticket information to the server.
  The ticket is plucked out of the password parameter and cross checked within the server to ensure the request can proceed.
  So long as you construct the WS Security header correctly authentication at the repository should occure without problem</i>
  I get the ticket from the successfull call of START_SESSION method of different (authentication) proxy class, but don't know what to do with it. How to include it in security header of another proxy method call? Or should I do something else?
  I'll describe what I tried - please see if I did something wrong:
  1. In SE80 -> Client proxy maintenance, I selected tab Preconfiguration, selected "Session-Oriented communication" -> Checked "Select Feature"
  2. Same tab, selected "Authentication" -> Basic
  3. Activated the proxy
  4. WSSPROFILE -> Created profile based on CHECK_USERNAME template
  5. LPCONFIG -> Selected operation GET_USER, entered the newly created profile both in ProfileIn and ProfileOut, activated
  6. Activated client trace, called method and got SOAP request without any security info in header:
  <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
    <soap-env:Header>
      <n0:Trace xmlns:n0="http://www.sap.com/webas/630/soap/features/runtime/tracing/">
        <TraceLevel xmlns="http://www.sap.com/webas/630/soap/features/runtime/tracing/">Error</TraceLevel>
      </n0:Trace>
    </soap-env:Header>
    <soap-env:Body>
      <nr1:getUser xmlns:nr1="http://www.alfresco.org/ws/service/administration/1.0" xmlns:nr2="http://www.alfresco.org/ws/model/content/1.0">
        <nr1:userName>ADMIN</nr1:userName>
      </nr1:getUser>
    </soap-env:Body>
  </soap-env:Envelope>
  I must have done something wrong.
  Regards,
  Igor

• WS Security Header over WSM ServerAgent

  Hello!
  I've got a OWSM ServerAgent in front of my webservice. This agent does the authentication and authorization, but the webservice behind needs the user. The WS should get the user out of the principle, but with the agent in front there is no principle to reach.
  Have you any ideas, how can I get the user name out of the security header into my WS?
  Thank's in advance - Claus

  It's a preference of using transport-level security(two-way ssl) and message-level security(x.509 for identity, digital signature and xml encryption), or even the combination of both. When using https, every packet is encrypted across the wire. The encrypted key is exchanged during the initial handshakes. The process is application independent as long as the x.509 certificates are valid and trusted between the two parties. On the other hand, message-level security is a bit more complicated and application specific since you can decide which part of the message you want to sign or encrypt and what token you can want to use for particular needs and requirements. It's more flexible and powerful. So it's really up to your application and your personal preference to pick what security mechanism you want to apply.

• SAML Validation Error  - Proxy Service - Process WS-Security Header

  I am testing a Proxy Service that inspects the WS-Security Header which contains a WS-Policy for a SAML Assertion sender-vouches. The SAML Assertion that is produced is valid according to the oassis schema, but ALSB 2.6 returns a SOAP Fault that the SAML Assertion is not valid. Is there any next steps I should take to diagnose the problem? Also, are there any good tools available for validating a SAML Assertion?
  Here is the response of the ALSB 2.6 running on WebLogic 9.2. It is a simple proxy service we use to test whether SAML is working correctly or not. The client correctly sends the sender-voucher with the username/password/certificate alias and so forth.
  <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
  <soapenv:Body>
  <soapenv:Fault
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <axis2ns1:Code xmlns:axis2ns1="http://www.w3.org/2003/05/soap-envelope">
  <axis2ns1:Value>soapenv:Sender</axis2ns1:Value>
  <axis2ns1:Subcode>
  <axis2ns1:Value>wsse:InvalidSecurityToken</axis2ns1:Value>
  </axis2ns1:Subcode>
  </axis2ns1:Code>
  <axis2ns2:Reason xmlns:axis2ns2="http://www.w3.org/2003/05/soap-envelope">
  <axis2ns2:Text xml:lang="en-US"
  >Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@563c52a[status: false][msg The SAML token is not valid.]</axis2ns2:Text>
  </axis2ns2:Reason>
  </soapenv:Fault>
  </soapenv:Body>
  </soapenv:Envelope>
  Thanks,
  Jay Blanton

  Hi, Pls send your client code to my mail [email protected]

• SECU1075: An error was discovered processing the wsse:Security header

  I have designed a console application as a web service client which is able to talk with webservice; however instead of using
  a console application, I've written a DLL that is called from a Winform app and  I am getting following error message.
  Error message System.Web.Services.Protocols.SoapException: SECU1075: An error was discovered processing the <wsse:Security>
  header
     at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response,
  Stream responseStream, Boolean asyncCall)   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
     at ErcotNodalDll.NodalClient.NodalService.MarketTransactions(RequestMessage RequestMessage) in C:\Pb10_Devl\KeyStone\Dark
  Angel\Visual Studio\ErcotNodalDll\ErcotNodalDll\Web References\NodalClient\Reference.cs:line 98
     at ErcotNodalDll.Program.submitPayload(String certificate, HeaderType header, RequestType request, PayloadType payload)
  in C:\Pb10_Devl\KeyStone\Dark Angel\Visual Studio\ErcotNodalDll\ErcotNodalDll\Class1.cs:line 243
     at ErcotNodalDll.Program.createBidSetData(String[] parms) in C:\Pb10_Devl\KeyStone\Dark Angel\Visual Studio\ErcotNodalDll\ErcotNodalDlA
  first chance exception of type 'System.Web.Services.Protocols.SoapException' occurred in System.Web.Services.dll
  I'm told the problem is that the DLL can not find the policycache.config file thus doesn't know how to handle security for the
  html.
  Anybody know what I need to do to call the webservice
  from DLL instead of console application?

  You use WSE3 and not WCF (which is this forum main focus). One idea is to consider WCF.
  Also:
  - the client proxy should have a SetPolicy() method which you can use to set the policy
  - use Fiddler to check which message the client sends and which one it gets back. Then compare these to a workign client message.
  http://webservices20.blogspot.com/
  WCF Security, Interoperability And Performance Blog

• Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.

  We have a web role where we have hosted a WCF service.
  We are facing the below exception intermittently on consuming the service.
  Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.   This
  can occur if the service is configured for security and the client is not using security.
  This is intermittent. Few calls fail , and the subsequent calls succeed without making any changes.
  Please help in overcoming this abnormal behavior.
  Thanks in advance !!
  Best Regards ,
  Eswar

  Hi Eswar,
  As the error message mentioned, it may be a mismatch between the configuration on the client and the server.Try putting all your configuration in a binding configuration and then use the same binding configuration on the server and client. Since this issue
  is more related with WCF, I suggest you move to WCF forum, it is appropriate and more experts will assist you.
  Best Regards,
  Jambor
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How to fix SOAP Security Header UsernameToken is required for operation?

  hi all,
  can somone help me how to resolve the error "javax.xml.ws.soap.SOAPFaultException: SOAP Security Header UsernameToken is required for operation" when i run a client.
  i got a WSDL and using wsdl2java i generated the stubs
  Here is my client code
  public final class LiteratureClient {
       public final static QName SERVICE = new QName("http://siebel.com/asi/",
                 "Literature");
       public final static URL WSDL_LOCATION;
       private LiteratureClient() {
       static {
            URL url = null;
            try {
                 url = new URL(
                           "file:c:\\reprintwsdl\\http___siebel.com_asi__Literature17.WSDL");
            } catch (MalformedURLException e) {
                 System.err
                           .println("Can not initialize the default wsdl from file:http___siebel.com_asi__Literature17.WSDL");
                 // e.printStackTrace();
            WSDL_LOCATION = url;
       public static void main(String args[]) throws Exception {
            System.out.println(WSDL_LOCATION);
            Literature obj = new Literature(WSDL_LOCATION, SERVICE);
            DefaultBindingSpcLiteratureSpcWS port = obj.getDefault();
            Client cxfClient = ClientProxy.getClient(port);
            cxfClient.getInInterceptors().add(new LoggingInInterceptor());
            cxfClient.getOutInterceptors().add(new LoggingOutInterceptor());
            cxfClient.getOutInterceptors().add(new SiebelPasswordInterceptor());
            com.siebel.xml.literatureio.iterature inputObj = new com.siebel.xml.literatureio.lterature();
  inputObj.setDocId("1234");          
            // Query by ID
       LiteratureQueryByIdlInput input = new LiteratureQueryByIdInput();
            com.siebel.xml.iteratureio.ListOfliteratureio list = new com.siebel.xml.iteratureio.ListOfliteratureio();
            list.getLiterature().add(inputObj);
            input.setListOfliteratureio(list);
            LiteratureQueryByIdOutput output = obj.getDefault().LiteratureQueryById(input);
  This is the interceptor which i added to the client before performing the query operation
  public class SiebelPasswordInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
       public static final String SECURITY_TAG_NAME = "wsse:Security";
       public static final String SECURITY_NAMESPACE = "http://schemas.xmlsoap.org/ws/2002/04/secext";
       public static final String USERNAME_TOKEN_TAG_NAME = "wsse:UsernameToken";
       public static final String USERNAME_TAG_NAME = "wsse:Username";
       public static final String PASSWORD_TAG_NAME = "wsse:Password";
       public static final String PASSWORD_TEXT_ATTRIBUTE_NAME = "wsse:PasswordText";
       public static final String TYPE_TAG_NAME = "Type";
       public static final String SECURITY_NAMESPACE_NAME = "wsse";
       public static final String SECURITY = "Security";
       public SiebelPasswordInterceptor() {
            super(Phase.PREPARE_SEND);
       public void handleMessage(SoapMessage message) {
            List l = message.getHeaders();
            Document d = DOMUtils.createDocument();
            Element securityParent = d
                      .createElementNS(
                                SECURITY_NAMESPACE,
                                SECURITY_TAG_NAME);
            Element userNameToken = d.createElementNS(
                      SECURITY_NAMESPACE,
                      USERNAME_TOKEN_TAG_NAME);
            Element userName = d
                      .createElementNS(
                                SECURITY_NAMESPACE,
                                USERNAME_TAG_NAME);
            userName.setTextContent(getUsername());
            userNameToken.appendChild(userName);
            Element pwdText = d
                      .createElementNS(
                                SECURITY_NAMESPACE,
                                PASSWORD_TAG_NAME);
            pwdText.setAttribute(TYPE_TAG_NAME, PASSWORD_TEXT_ATTRIBUTE_NAME);
            pwdText.setTextContent(getPassword());
            userNameToken.appendChild(pwdText);
            securityParent.appendChild(userNameToken);
            SoapHeader header = new SoapHeader(new QName(
                      SECURITY_NAMESPACE, SECURITY,
                      SECURITY_NAMESPACE_NAME), securityParent);
            System.out.println(" HEADER "+header.toString());
            l.add(header);
       protected String getUsername(){
  return "test";
       protected String getPassword(){
            return test";
  I did add this interceptor as out interceptor to my client but for some reason the header is not getting added to the request . can someone pls. help me in troubleshooting this issue.
  Thank you

  The problem is in <form action="http://www.eastsidestudios.com.au/FormProcessv2.aspx?WebFormID=42582&O ID={module_oid}&amp;OTYPE={module_otype}&amp;EID={module_eid}&amp;CID={mo dule_cid}"
  You have to remove http://www.eastsidestudios.com.au from the action URL and make it relative:
  <form action="/FormProcessv2.aspx?WebFormID=42582&O ID={module_oid}&amp;OTYPE={module_otype}&amp;EID={module_eid}&amp;CID={mo dule_cid}"
  Cheers,
  -mario