Missing Security header in SOAP

Hello!
I used WSDLs to generate a few client proxy classes in order to access web services of a 3rd party application. The first call was successfull: I called START_SESSION method passing username and password and got proper response (ticket, session ID). Afterwards, I wanted to call methods of other proxy classes of the same application and always got
SoapFaultCode:1 WSDoAllReceiver: Request does not contain required Security header
How do I pass security header and what does it consist of? I suppose ticket and/or session ID, but it is not part of any method's interface.
What should I do?
Thanks in advance!
Kind regards,
Igor
Unfortunately, WSDL is not available in public. If necessary; I'll post it, but for the first post I'll try not to occupy space.

Hi!
I did research on this topic with server application and I quote what I found:
<i>The Alfresco web services have always used the WS Security header to pass the ticket information to the server.
The ticket is plucked out of the password parameter and cross checked within the server to ensure the request can proceed.
So long as you construct the WS Security header correctly authentication at the repository should occure without problem</i>
I get the ticket from the successfull call of START_SESSION method of different (authentication) proxy class, but don't know what to do with it. How to include it in security header of another proxy method call? Or should I do something else?
I'll describe what I tried - please see if I did something wrong:
1. In SE80 -> Client proxy maintenance, I selected tab Preconfiguration, selected "Session-Oriented communication" -> Checked "Select Feature"
2. Same tab, selected "Authentication" -> Basic
3. Activated the proxy
4. WSSPROFILE -> Created profile based on CHECK_USERNAME template
5. LPCONFIG -> Selected operation GET_USER, entered the newly created profile both in ProfileIn and ProfileOut, activated
6. Activated client trace, called method and got SOAP request without any security info in header:
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Header>
    <n0:Trace xmlns:n0="http://www.sap.com/webas/630/soap/features/runtime/tracing/">
      <TraceLevel xmlns="http://www.sap.com/webas/630/soap/features/runtime/tracing/">Error</TraceLevel>
    </n0:Trace>
</soap-env:Header>
<soap-env:Body>
    <nr1:getUser xmlns:nr1="http://www.alfresco.org/ws/service/administration/1.0" xmlns:nr2="http://www.alfresco.org/ws/model/content/1.0">
      <nr1:userName>ADMIN</nr1:userName>
    </nr1:getUser>
</soap-env:Body>
</soap-env:Envelope>
I must have done something wrong.
Regards,
Igor

Similar Messages

OWSM SAML Verify step problem: Missing Security Header in SOAP message

I'm having a problem with SAML steps. From gateway log:
2008-09-17 13:21:32,987 INFO [HTTPThreadGroup-58] saml.InsertSAMLSVStep - User attributes map set to generate the attribute assertions: null
2008-09-17 13:21:33,034 INFO [HTTPThreadGroup-60] saml.SAMLProcessor - Assertion Major Version :1 , Minor Version :1
2008-09-17 13:21:33,034 WARNING [HTTPThreadGroup-60] saml.SAMLProcessor - SAML Assertion verification error: An invalid token was provided
2008-09-17 13:21:33,034 WARNING [HTTPThreadGroup-60] saml.VerifySAMLStep - SAML Token verification failed:
2008-09-17 13:21:33,096 SEVERE [HTTPThreadGroup-58] wssecurity.OSDTWSSecurity - Missing Security Header in SOAP message
2008-09-17 13:21:33,096 WARNING [HTTPThreadGroup-58] wssecurity.SecurityBaseStep - Failure while applying XML Security
FAULT CODE: InvalidSecurity FAULT MESSAGE: Missing WS Security header in the SOAP message
at com.cfluent.policysteps.security.wssecurity.OSDTWSSecurity.decryptVerify(OSDTWSSecurity.java:369)
at com.cfluent.policysteps.security.wssecurity.DecryptStep.performXmlSecurity(DecryptStep.java:131)
at com.cfluent.policysteps.security.wssecurity.SecurityBaseStep.execute(SecurityBaseStep.java:238)
at com.cfluent.pipelineengine.container.DefaultPipeline.executeStep(DefaultPipeline.java:124)
but the wsse:Security header with SAML assertion IS confirmed in the incoming message log. Anybody seen this issue?

Below is the log of the incoming message just prior to the failing SAML Verify step:
<?xml version="1.0" encoding="UTF-8" ?>
- <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://exception.common.periop.gehc.com" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="http://www.patient.patientmanager.periop.gehc.com/service/" xmlns:ns3="http://entity.common.periop.gehc.com" xmlns:ns4="http://entity.patient.patientmanager.periop.gehc.com" xmlns:ns5="http://entity.allergy.patientmanager.periop.gehc.com" xmlns:ns6="http://pdo.domain.customizer.periop.gehc.com" xmlns:ns7="http://entity.cases.scheduler.periop.gehc.com" xmlns:ns8="http://entity.insurance.patientmanager.periop.gehc.com">
- <env:Header>
- <ns1:Security>
- <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="158RBY2QvCFPiTqdXYWh9A22" IssueInstant="2008-09-17T19:58:43Z" Issuer="GE" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2008-09-17T19:58:13Z" NotOnOrAfter="2008-09-17T19:59:43Z" />
- <saml:AuthenticationStatement AuthenticationInstant="2008-09-17T19:58:43Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
- <saml:Subject>
<saml:NameIdentifier NameQualifier="www.ge.com" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">gowri</saml:NameIdentifier>
- <saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
</ns1:Security>
</env:Header>
- <env:Body>
- <ns2:getPatient>
<ns2:patientId>137115</ns2:patientId>
</ns2:getPatient>
</env:Body>
</env:Envelope>

Security Data : No WS-Security Header - UTL_HTTP for HTTPS calls -Oracle 9i

Hello,
I have a SOAP requests to transmitt a on the fly parsed XML file to UTL_HTTP to connect to a SSL connection. Oracle Wallet is installed and connectivity is working as expected. However, in the SOAP response I am getting
Security Data : No WS-Security Header I am not sure what I am missing? How can I resolve this error?
Below is the SOAP response that shows this error.
<?xml version="1.0" encoding="utf-8" ?>
- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
- <soap:Header>
- <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
- <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-17449452">
<wsu:Created>2010-11-20T05:03:40.568Z</wsu:Created>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
- <soap:Body>
- <soap:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:c="urn:schemas-asource-com:transaction-data-1.0">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>Security Data : No WS-Security Header</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>Below is my compete code that generated above response.
BEGIN
         soap_request :=
               '<?xml version="1.0" encoding="utf-8"?>
                   <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns1="urn:schemas-asource-com:transaction-data-1.31">
<SOAP-ENV:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-
secext-1.0.xsd">
<wsse:Security SOAP-ENV:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>NPCOMMERCE_DEV</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssusername-
token-profile-1.0#PasswordText">Il/vJa0jat7929f8xxklPjYZIMy5eBCqBMILeGaC+E/1NfIWv+I2KfgghlhkSOaN6rme70OQHEo3e4LJMlWvfC7UfYaN9bqyQwYACmrDFpoiQYCOS+XLnRshhLHMio5VY4+P3C/25tCEH4lBAMRjP1LmjIvZI/h4YJ/65x8OQrqO7tdggZ/KAgvOiNc1GSU+NhkgzLl4EKoEwgt4ZoL4T/U18ha/4jYp+CCGWGRI5o3quZ7vQ5AcSjd7gskyVa98LtR9ho31urJDBgAKasMWmiJBgI5L5cudGyGEscyKjlVjj4/cL/bm0IQfiUEAxGM/UuaMi9kj+Hhgn/rnHw5Cug==</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>'
            || '<SOAP-ENV:Body>'
            || '<ns1:requestMessage>'
            || '<ns1:merchantID>'
            || 'ACOMM_DEV'
            || '</ns1:merchantID>'
            || '<ns1:merchantReferenceCode>'
            || lv_sequence
            || '</ns1:merchantReferenceCode>'
            || '<ns1:billTo>'
            || '<ns1:firstName>'
            || p_cc_holder_name_first
            || '</ns1:firstName>'
            || '<ns1:lastName>'
            || p_cc_holder_name_last
            || '</ns1:lastName>'
            || '<ns1:street1>'
            || 'XXX Charleston Road'
            || '</ns1:street1>'
            || '<ns1:city>'
            || 'Mountain View'
            || '</ns1:city>'
            || '<ns1:state>'
            || 'CA'
            || '</ns1:state>'
            || '<ns1:postalCode>'
            || '94043'
            || '</ns1:postalCode>'
            || '<ns1:country>'
            || 'US'
            || '</ns1:country>'
            || '<ns1:email>'
            || '[email protected]'
            || '</ns1:email>'
            || '</ns1:billTo>'
            || '<ns1:item id="0">'
            || '<ns1:unitPrice>'
            || 12.34
            || '</ns1:unitPrice>'
            || '<ns1:quantity>'
            || 2
            || '</ns1:quantity>'
            || '</ns1:item>'
            || '<ns1:purchaseTotals>'
            || '<ns1:currency>'
            || 'USD'
            || '</ns1:currency>'
            || '</ns1:purchaseTotals>'
            || '<ns1:card>'
            || '<ns1:accountNumber>'
            || 111111111111111
            || '</ns1:accountNumber>'
            || '<ns1:expirationMonth>'
            || 12
            || '</ns1:expirationMonth>'
            || '<ns1:expirationYear>'
            || 2020
            || '</ns1:expirationYear>'
            || '</ns1:card>'
            || '<ns1:ccAuthService run="true"/>'
            || '</ns1:requestMessage>'
            || '</SOAP-ENV:Body>'
            || '</SOAP-ENV:Envelope>';
      EXCEPTION
         WHEN OTHERS
         THEN
            errx := SQLERRM;
            raise_application_error (-20003, errx);
      END;
      BEGIN
         UTL_HTTP.set_wallet
                            ('file:/p01/oracle/prj1db/9.2.0/appsutil/wallet',
                             'p4ssword'
      EXCEPTION
         WHEN OTHERS
         THEN
            errx := SQLERRM;
            raise_application_error (-20004, errx);
      END;
      BEGIN
         http_req :=
            UTL_HTTP.begin_request ('https://rvcotest.ss.com/commerce/999/tProcessor',
                                    'POST',
                                    'HTTP/1.1'
      EXCEPTION
         WHEN OTHERS
         THEN
            errx := SQLERRM;
            raise_application_error (-20005, errx);
      END;
      BEGIN
         UTL_HTTP.set_header (http_req, 'Content-Type', 'text/xml');
         UTL_HTTP.set_header (http_req,
                              'Content-Length',
                              LENGTH (soap_request)
         UTL_HTTP.set_header (http_req,
                              'SOAPAction',
                              'xmlns="urn:rvcotest.ss.com/commerce/999/tProcessor"'
      EXCEPTION
         WHEN OTHERS
         THEN
            errx := SQLERRM;
            raise_application_error (-20006, errx);
      END;
      BEGIN
         UTL_HTTP.write_text (http_req, soap_request);
         http_resp := UTL_HTTP.get_response (http_req);
         UTL_HTTP.read_text (http_resp, soap_respond);
         UTL_HTTP.end_response (http_resp);
      EXCEPTION
         WHEN UTL_HTTP.end_of_body
         THEN
            UTL_HTTP.end_response (http_resp);
         WHEN OTHERS
         THEN
            errx := SQLERRM;
            raise_application_error (-20007, errx);
      END;

Thank you Fahd for quick response.
I have gone through the note. So, it seems that I have to put a Header tag with username and password. But such tag definitions do not exist neither in my WSDL nor in my XSD that gets validation on destination server. In that case what do I do? :(
-R

Javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header error while invoking FinancialUtilService using HTTP proxy client

I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
Process exited with exit code 0.
Message was edited by: Oliver Steinmeier
Removed attachment

Hi Jani,
Thanks for your reply.
I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command.
     keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
Invoking
    SecurityPolicyFeature[] securityFeature =
    new SecurityPolicyFeature[] { new
    SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
    financialUtilService_Service = new FinancialUtilService_Service();
    FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
    // Get the request context to set the outgoing addressing properties
    WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
    WSEndpointReference replyTo =
      new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
    String uuid = "uuid:" + UUID.randomUUID();
    wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
    wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
    wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY, "Welcome1");
    wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
    wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
    wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
    wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
    wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
    wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
    wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
    wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
SEVERE: WSM-00057 The certificate, client, is not retrieved.
SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
SEVERE: WSM-00005 Error in sending the request.
SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:259)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
... 30 more
Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
... 32 more
SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
File upload failed
javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:259)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
... 19 more

How to fix SOAP Security Header UsernameToken is required for operation?

hi all,
can somone help me how to resolve the error "javax.xml.ws.soap.SOAPFaultException: SOAP Security Header UsernameToken is required for operation" when i run a client.
i got a WSDL and using wsdl2java i generated the stubs
Here is my client code
public final class LiteratureClient {
     public final static QName SERVICE = new QName("http://siebel.com/asi/",
               "Literature");
     public final static URL WSDL_LOCATION;
     private LiteratureClient() {
     static {
          URL url = null;
          try {
               url = new URL(
                         "file:c:\\reprintwsdl\\http___siebel.com_asi__Literature17.WSDL");
          } catch (MalformedURLException e) {
               System.err
                         .println("Can not initialize the default wsdl from file:http___siebel.com_asi__Literature17.WSDL");
               // e.printStackTrace();
          WSDL_LOCATION = url;
     public static void main(String args[]) throws Exception {
          System.out.println(WSDL_LOCATION);
          Literature obj = new Literature(WSDL_LOCATION, SERVICE);
          DefaultBindingSpcLiteratureSpcWS port = obj.getDefault();
          Client cxfClient = ClientProxy.getClient(port);
          cxfClient.getInInterceptors().add(new LoggingInInterceptor());
          cxfClient.getOutInterceptors().add(new LoggingOutInterceptor());
          cxfClient.getOutInterceptors().add(new SiebelPasswordInterceptor());
          com.siebel.xml.literatureio.iterature inputObj = new com.siebel.xml.literatureio.lterature();
inputObj.setDocId("1234");
          // Query by ID
     LiteratureQueryByIdlInput input = new LiteratureQueryByIdInput();
          com.siebel.xml.iteratureio.ListOfliteratureio list = new com.siebel.xml.iteratureio.ListOfliteratureio();
          list.getLiterature().add(inputObj);
          input.setListOfliteratureio(list);
          LiteratureQueryByIdOutput output = obj.getDefault().LiteratureQueryById(input);
This is the interceptor which i added to the client before performing the query operation
public class SiebelPasswordInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
     public static final String SECURITY_TAG_NAME = "wsse:Security";
     public static final String SECURITY_NAMESPACE = "http://schemas.xmlsoap.org/ws/2002/04/secext";
     public static final String USERNAME_TOKEN_TAG_NAME = "wsse:UsernameToken";
     public static final String USERNAME_TAG_NAME = "wsse:Username";
     public static final String PASSWORD_TAG_NAME = "wsse:Password";
     public static final String PASSWORD_TEXT_ATTRIBUTE_NAME = "wsse:PasswordText";
     public static final String TYPE_TAG_NAME = "Type";
     public static final String SECURITY_NAMESPACE_NAME = "wsse";
     public static final String SECURITY = "Security";
     public SiebelPasswordInterceptor() {
          super(Phase.PREPARE_SEND);
     public void handleMessage(SoapMessage message) {
          List l = message.getHeaders();
          Document d = DOMUtils.createDocument();
          Element securityParent = d
                    .createElementNS(
                              SECURITY_NAMESPACE,
                              SECURITY_TAG_NAME);
          Element userNameToken = d.createElementNS(
                    SECURITY_NAMESPACE,
                    USERNAME_TOKEN_TAG_NAME);
          Element userName = d
                    .createElementNS(
                              SECURITY_NAMESPACE,
                              USERNAME_TAG_NAME);
          userName.setTextContent(getUsername());
          userNameToken.appendChild(userName);
          Element pwdText = d
                    .createElementNS(
                              SECURITY_NAMESPACE,
                              PASSWORD_TAG_NAME);
          pwdText.setAttribute(TYPE_TAG_NAME, PASSWORD_TEXT_ATTRIBUTE_NAME);
          pwdText.setTextContent(getPassword());
          userNameToken.appendChild(pwdText);
          securityParent.appendChild(userNameToken);
          SoapHeader header = new SoapHeader(new QName(
                    SECURITY_NAMESPACE, SECURITY,
                    SECURITY_NAMESPACE_NAME), securityParent);
          System.out.println(" HEADER "+header.toString());
          l.add(header);
     protected String getUsername(){
return "test";
     protected String getPassword(){
          return test";
I did add this interceptor as out interceptor to my client but for some reason the header is not getting added to the request . can someone pls. help me in troubleshooting this issue.
Thank you

The problem is in <form action="http://www.eastsidestudios.com.au/FormProcessv2.aspx?WebFormID=42582&O ID={module_oid}&OTYPE={module_otype}&EID={module_eid}&CID={mo dule_cid}"
You have to remove http://www.eastsidestudios.com.au from the action URL and make it relative:
<form action="/FormProcessv2.aspx?WebFormID=42582&O ID={module_oid}&OTYPE={module_otype}&EID={module_eid}&CID={mo dule_cid}"
Cheers,
-mario

11g - InvalidSecurity : error in processing the WS-Security security header

In 11g, I am calling a service which has the username_token_service_policy attached. In the partnerlink, I have the username_token_client_policy & have also set the binding properties for the username & password.
I get the remote fault, InvalidSecurity : error in processing the WS-Security security header
In the log of the service being called, I see WSM-00069 : The security header is missing.
I also tried setting the http username, password in the em console for the reference also setting up the key store & nothing is working for me.
Any pointers would be great.
Also how can I see the SOAP header in the console or in the log file. Is there a log level to be setup. Right now I see only the payload in the em console.
Edited by: user739955 on Mar 24, 2010 3:57 PM

try this
try the below
2.     Add a partner link and enter the WSDL location of the secured web service.
3.     Open the composite.xml from the Application Navigator
4.     Right click on the external reference service and select “Configure WS policies”
5.     Under the security tab, click add button and select “oracle/ wss_username_token_client_policy”
6.     Now Open the property Inspector window and click the add button under “Binding properties” tab.
7.     Include the “oracle.webservices.auth.username”
value
8.     Include the “oracle.webservices.auth.password”
value
Once you are done with above steps BPEL should be ready to invoke secure Web Service.
remeber check the name of the properties check above in my comments
Edited by: Vivek Ganta on Mar 24, 2010 5:20 PM

"error in processing the WS-Security security header" - calling ws OIPM

Hi All,
We are trying to integrate Ebiz and OIPM, when we send request from ebiz to AxfSolutionMediatorService WebService we are getting below error
InvalidSecurity : error in processing the WS-Security security header
<ns2:exception xmlns:ns2="http://jax-ws.dev.java.net/" class="javax.xml.ws.soap.SOAPFaultException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
<message>InvalidSecurity : error in processing the WS-Security security header</message>
<ns2:stackTrace>
<ns2:frame class="oracle.imaging.common.WSSecurityHandler" file="WSSecurityHandler.java" line="134" method="throwSOAPFaultException"/>
<ns2:frame class="oracle.imaging.common.WSSecurityHandler" file="WSSecurityHandler.java" line="119" method="processHeader"/>
<ns2:frame class="oracle.imaging.axf.ws.AxfSolutionMediatorWS" file="AxfSolutionMediatorWS.java" line="66" method="getUserPrincipal"/>
<ns2:frame class="oracle.imaging.axf.ws.AxfSolutionMediatorWS" file="AxfSolutionMediatorWS.java" line="54" method="execute"/>
<ns2:frame class="sun.reflect.GeneratedMethodAccessor2261" line="unknown" method="invoke"/>
<ns2:frame class="sun.reflect.DelegatingMethodAccessorImpl" file="DelegatingMethodAccessorImpl.java" line="25" method="invoke"/>
<ns2:frame class="java.lang.reflect.Method" file="Method.java" line="597" method="invoke"/>
<ns2:frame class="weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker" file="WLSInstanceResolver.java" line="92" method="invoke"/>
<ns2:frame class="weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker" file="WLSInstanceResolver.java" line="74" method="invoke"/>
<ns2:frame class="com.sun.xml.ws.server.InvokerTube$2" file="InvokerTube.java" line="151" method="invoke"/>
<ns2:frame class="com.sun.xml.ws.server.sei.EndpointMethodHandlerImpl" file="EndpointMethodHandlerImpl.java" line="268" method="invoke"/>
<ns2:frame class="com.sun.xml.ws.server.sei.SEIInvokerTube" file="SEIInvokerTube.java" line="100" method="processRequest"/>
<ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="866" method="__doRun"/>
<ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="815" method="_doRun"/>
<ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="778" method="doRun"/>
<ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="680" method="runSync"/>
<ns2:frame class="com.sun.xml.ws.server.WSEndpointImpl$2" file="WSEndpointImpl.java" line="403" method="process"/>
<ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit" file="HttpAdapter.java" line="532" method="handle"/>
<ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter" file="HttpAdapter.java" line="253" method="handle"/>
<ns2:frame class="com.sun.xml.ws.transport.http.servlet.ServletAdapter" file="ServletAdapter.java" line="140" method="handle"/>
<ns2:frame class="weblogic.wsee.jaxws.WLSServletAdapter" file="WLSServletAdapter.java" line="171" method="handle"/>
<ns2:frame class="weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke" file="HttpServletAdapter.java" line="708" method="run"/>
<ns2:frame class="weblogic.security.acl.internal.AuthenticatedSubject" file="AuthenticatedSubject.java" line="363" method="doAs"/>
<ns2:frame class="weblogic.security.service.SecurityManager" file="SecurityManager.java" line="146" method="runAs"/>
<ns2:frame class="weblogic.wsee.util.ServerSecurityHelper" file="ServerSecurityHelper.java" line="103" method="authenticatedInvoke"/>
<ns2:frame class="weblogic.wsee.jaxws.HttpServletAdapter$3" file="HttpServletAdapter.java" line="311" method="run"/>
<ns2:frame class="weblogic.wsee.jaxws.HttpServletAdapter" file="HttpServletAdapter.java" line="336" method="post"/>
<ns2:frame class="weblogic.wsee.jaxws.JAXWSServlet" file="JAXWSServlet.java" line="95" method="doRequest"/>
<ns2:frame class="weblogic.servlet.http.AbstractAsyncServlet" file="AbstractAsyncServlet.java" line="99" method="service"/>
<ns2:frame class="javax.servlet.http.HttpServlet" file="HttpServlet.java" line="820" method="service"/>
<ns2:frame class="weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction" file="StubSecurityHel
per.java" line="227" method="run"/>
<ns2:frame class="weblogic.servlet.internal.StubSecurityHelper" file="StubSecurityHelper.java" line="125" method="invokeServlet"/>
<ns2:frame class="weblogic.servlet.internal.ServletStubImpl" file="ServletStubImpl.java" line="300" method="execute"/>
<ns2:frame class="weblogic.servlet.internal.TailFilter" file="TailFilter.java" line="26" method="doFilter"/>
<ns2:frame class="weblogic.servlet.internal.FilterChainImpl" file="FilterChainImpl.java" line="56" method="doFilter"/>
<ns2:frame class="oracle.security.jps.ee.http.JpsAbsFilter$1" file="JpsAbsFilter.java" line="111" method="run"/>
<ns2:frame class="java.security.AccessController" file="AccessController.java" line="native" method="doPrivileged"/>
<ns2:frame class="oracle.security.jps.util.JpsSubject" file="JpsSubject.java" line="313" method="doAsPrivileged"/>
<ns2:frame class="oracle.security.jps.ee.util.JpsPlatformUtil" file="JpsPlatformUtil.java" line="413" method="runJaasMode"/>
<ns2:frame class="oracle.security.jps.ee.http.JpsAbsFilter" file="JpsAbsFilter.java" line="94" method="runJaasMode"/>
<ns2:frame class="oracle.security.jps.ee.http.JpsAbsFilter" file="JpsAbsFilter.java" line="161" method="doFilter"/>
<ns2:frame class="oracle.security.jps.ee.http.JpsFilter" file="JpsFilter.java" line="71" method="doFilter"/>
<ns2:frame class="weblogic.servlet.internal.FilterChainImpl" file="FilterChainImpl.java" line="56" method="doFilter"/>
<ns2:frame class="oracle.dms.servlet.DMSServletFilter" file="DMSServletFilter.java" line="136" method="doFilter"/>
<ns2:frame class="weblogic.servlet.internal.FilterChainImpl" file="FilterChainImpl.java" line="56" method="doFilter"/>
<ns2:frame class="weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction" file="WebAppServletContext.java" line="3715" method="wrapRun"/>
<ns2:frame class="weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction" file="WebAppServletContext.java" line="3681" method="run"/>
<ns2:frame class="weblogic.security.acl.internal.AuthenticatedSubject" file="AuthenticatedSubject.java" line="321" method="doAs"/>
<ns2:frame class="weblogic.security.service.SecurityManager" file="SecurityManager.java" line="120" method="runAs"/>
<ns2:frame class="weblogic.servlet.internal.WebAppServletContext" file="WebAppServletContext.java" line="2277" method="securedExecute"/>
<ns2:frame class="weblogic.servlet.internal.WebAppServletContext" file="WebAppServletContext.java" line="2183" method="execute"/>
<ns2:frame class="weblogic.servlet.internal.ServletRequestImpl" file="ServletRequestImpl.java" line="1454" method="run"/>
<ns2:frame class="weblogic.work.ExecuteThread" file="ExecuteThread.java" line="209" method="execute"/>
<ns2:frame class="weblogic.work.ExecuteThread" file="ExecuteThread.java" line="178" method="run"/>
</ns2:stackTrace>
</ns2:exception>
The request which we are sending is
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Header><Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><UsernameToken> <Username>AXF</Username> <Password>AXF</Password> </UsernameToken> </Security></soap:Header><soap:Body><execute xmlns="http://service.axf.imaging.oracle/"><request xmlns=""><commandNamespace>UCM_Managed_Attachments</commandNamespace><conversationId></conversationId><requestParameters></requestParameters><role>guest</role><solutionNamespace>UCM_Managed_Attachments</solutionNamespace><systemName>Oracle</systemName><userContext><entry><key>RESP_ID</key><value>50554</value></entry><entry><key>RESP_APPL_ID</key><value>200</value></entry><entry><key>ORG_ID</key><value>204</value></entry><entry><key>USR_ID</key><value>1318</value></entry></userContext><username>operations</username></request></execute></soap:Body></soap:Envelope>
Thanks in Advance,
Rakesh.

I know you've probably solved this but I'll post our working soap message below for others.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:imag="http://imaging.oracle/">
<soapenv:Header xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:UsernameToken>
<wsse:Username>Username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<imag:getDocument>
<documentId>4.IPM_004280</documentId>
<sectionSet>
<flags>HISTORY</flags>
<flags>FIELDVALUES</flags>
</sectionSet>
</imag:getDocument>
</soapenv:Body>
</soapenv:Envelope>

Why is the security header empty in the response when mustUnderstand="1"?

Hi
In the response the value of mustUnderstand is equal to "1", but the UsernameToken data is not echoed, the security header is empty.
It seems that either the credentials should be echoed or mustUnderstand should be equal to "0"
An Axis 1.4 client threw an Exception because they interpreted the spec as such, and we've dealt with that but now
I have an external party using some Microsoft stuff and they're having to intercept the response and set it to 0
before processing the response.
How should it be dealt with?
I'm happy to write a handler that does this, and I tested some Oracle sample code but the header is always null.
Source Code: AuthenticateHandler.java
This is my test request...
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:env="http://www.w3.org/2003/05/soap-envelope" soap:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Username>TestUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security></soap:Header>
    <soap:Body xmlns:ns1="http://webservicehandler/">
        <ns1:echoElement>DSF</ns1:echoElement>
    </soap:Body>
</soap:Envelope>and my test response
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:env="http://www.w3.org/2003/05/soap-envelope" env:mustUnderstand="1"/>
</env:Header><env:Body><ans1:echoResponseElement xmlns:ans1="http://webservicehandler/">DSF</ans1:echoResponseElement>
</env:Body></env:Envelope>

You aren't addressing Apple here; we are all users like you.
Please submit to apple.com/feedback

Custom Policy Step and the WS-Security header attibute "mustUnderstand"

Hi there,
I have some issues testing the custom policy step that comes with OWSM (CustomAuthenticationStep), which i describe next.
I manage to compile/deploy the custom step successfully. I also restart the server and add the brand new step into the request pipeline. The pipeline only has two steps, a log step and a custom authentication step.
I develop a client for the gateway service which use the "Username to Authenticate" option of the Proxy Security. The other options (inbound/outbound integrity/encryption) are all unchecked.
When I test the client, the following SOAP message is produced:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ns0="http://agesic.entidad/types/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
env:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
<env:Body>
<ns0:reverseElement>
<ns0:aString>Holas!</ns0:aString>
</ns0:reverseElement>
</env:Body>
</env:Envelope>
Which looks just fine. However I get the following exception:
javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
     at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
     at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
     at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
     at agesic.cliente.gateway.proxy.runtime.EchoReverseSoapHttp_Stub.reverse(EchoReverseSoapHttp_Stub.java:78)
     at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.reverse(EchoReverseSoapHttpPortClient.java:44)
     at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.main(EchoReverseSoapHttpPortClient.java:33)
If i look at the log produced by the custom step, it looks like the step was successfully passed.
********** Entering Custom Authentication execute method **********
Processing stage is Request
Request SOAP message is <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="h
ttp://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-ins
tance" xmlns:ns0="http://agesic.entidad/types/" xmlns:wsu="http://docs.oasis-ope
n.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><env:Header><wsse
:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004
/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.or
g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://sche
mas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken xmlns:wsse="http://docs.oasi
s-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http:/
/docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ws
se:Username>test</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/
wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse
:Password></wsse:UsernameToken></wsse:Security></env:Header><env:Body><ns0:rever
seElement><ns0:aString>Holas!</ns0:aString></ns0:reverseElement></env:Body></env
:Envelope>
User locale is English
Client ip address is rhel4.tecinfo.com.uy:7777
Verified user is test
The problems is with the mustUnderstand attribute. It looks like no step tells the OWSM that he understands the header, so the OWSM pass through the pipeline and when it ends it thinks that that header was not processed properly.
I try to find documentation on this issue but I didn't find any.
Any ideas? Is there any way to specify that the step actually understands the ws-security header?
Thanks!
Leo

Ok. Thanks. The problem here is a little bit different. At the client side, we have the following:
<?xml version="1.0" encoding="UTF-8"?>
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://agesic.entidad/" localpart="EchoReverse"/>
<port-info>
<wsdl-port namespaceURI="http://agesic.entidad/" localpart="EchoReverseSoapHttpPort"/>
<runtime enabled="security">
<security>
<inbound/>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
</outbound>
</security>
</runtime>
<operations>
<operation name='reverse'>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
The <outbound> here is requered in order to use the WSS UserName token profile. I try to remove the <inbound/> to check if it was a problem like yours, but we still have the same exception.
The problem seems to be with the gateway at the server side.
Intercepting the communication between the client and the server, we are getting the following response:
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ns0="http://agesic.entidad/types/">
<env:Body>
<env:Fault>
<faultcode>env:MustUnderstand</faultcode>
<faultstring>SOAP must understand error:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
We need a way to instruct the gateway that he actually understands the wss header.
Any ideas?
Thanks!
Leo

OSB process WS-security header problem! Pls help

Hi All
We have protected all our osb proxy services with username token policy. The problem we are facing is that in some of the proxy services we want this header to be available within the message flow (for auditing purposes) but the process WS-security header option when selected removes this header before it enters the message flow.
If we untick this option, it does not authenticate the incoming soap request and proxy services is invoked even if wrong or no credentials are supplied.
Is there a way we can select this option for authentication and still have the username token intact within the soap header in the message flow. please help. Thanks

Please check the content of $inbound at runtime (with process WS-security header option enabled). You may get all the information for auditing purpose from that variable.
Regards,
Anuj

WS-Security Header inclusing using XQuery

Hi,
I have small issue with the WS-Security Headers.
Client sends the XML message (Not the SOAP Messsage) with an element called SecurityHeader (Which is complex type).
I need to invoke business servcie using SOAP Over HTTP.
The proxy servcie client currently uses both HTTP and JMS protocol.
When client is using JMS protocol, with XML as message type(Proxy service type is Message servcie), Bbefore invoking the business servcie, I need to transform the custom security header to the WS-Security UserNameToken header.
Could you help in this regard? How to insert the WS-Securtiy header in the outbound call? I tried to use the INSERT action. I do not know how to add WS Security header here.
Regards,
Pandu

Shankar,
It depends on your WLP version (9.2 or later), whether the header you need to add is standard and is WLS has support for it. WLS has support for SAML, Username Token (UNT) X.509 and a few other headers. If WLS supports it, the best approach would be to have the server add a security policy to its WSDL. Then WLS will automatically add the header(s) for you. If not a JAX-RPC handler is your best approach.
Hope this helps,
Nate

SAML Validation Error - Proxy Service - Process WS-Security Header

I am testing a Proxy Service that inspects the WS-Security Header which contains a WS-Policy for a SAML Assertion sender-vouches. The SAML Assertion that is produced is valid according to the oassis schema, but ALSB 2.6 returns a SOAP Fault that the SAML Assertion is not valid. Is there any next steps I should take to diagnose the problem? Also, are there any good tools available for validating a SAML Assertion?
Here is the response of the ALSB 2.6 running on WebLogic 9.2. It is a simple proxy service we use to test whether SAML is working correctly or not. The client correctly sends the sender-voucher with the username/password/certificate alias and so forth.
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<soapenv:Fault
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<axis2ns1:Code xmlns:axis2ns1="http://www.w3.org/2003/05/soap-envelope">
<axis2ns1:Value>soapenv:Sender</axis2ns1:Value>
<axis2ns1:Subcode>
<axis2ns1:Value>wsse:InvalidSecurityToken</axis2ns1:Value>
</axis2ns1:Subcode>
</axis2ns1:Code>
<axis2ns2:Reason xmlns:axis2ns2="http://www.w3.org/2003/05/soap-envelope">
<axis2ns2:Text xml:lang="en-US"
>Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@563c52a[status: false][msg The SAML token is not valid.]</axis2ns2:Text>
</axis2ns2:Reason>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
Thanks,
Jay Blanton

Hi, Pls send your client code to my mail [email protected]

Enable / Disable Process WS-Security Header in SOA Suite 11g

Hello,
how can I check the WS-Security Header without authenticate the username? In OSB is a flag "Process WS-Security Header", when I switch it off, the OSB only check the security context and did not check the correct authentication.
I didn't find a configuration in WebService Security Configuration. Is there a configuration to disable the authentifacation-module?
KInd regards
Marcel

I have the same issue, I need to get the X.509 certificate from the security header but OSB removes them uppon authentication. So I cannot retrieve them !

How to include WS-Security Header in the WSDL

hi
how to include WS-Security Header which have username and password as
i had seen the below link it deals with just hello world which is not using any Services(DBAdapter) is it possible to use DBAdapter as the steps present in the below link how to include WS-Security Header which have username and password
http://blogs.oracle.com/reynolds/2005/09/invoking_bpel_from_an_html_for.html

As Amir suggested, you may provide in the URL but I wouldn't suggest it though. You don't want to hard code the user ID and password within in the WSDL because it is a bad practice especially the user ID and password may be different in different systems and every time you change the password, you have to regenarate your WSDL.
May be you thought through this but just in case if you didn't
KK

Extracting username and password from security header

Hey all,
I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
1) I secured my BPEL process
2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
3) I added the security variable to the Header Variables for the BPEL process input
4) I added the security variable to the Input Header Variables for the web service's invoke operation
This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
Environment:
JDeveloper 11.1.1.6.0
Thanks,
Bill

Hi Sri,
If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
Thanks,
Bill

Missing Security header in SOAP

Similar Messages

Maybe you are looking for