OWSM customize policy step sign message

Hi,
is it possible to customize the OWSM policy step "sign message" ?
- to set the attribute mustUnderstand of the element wsse:Security to 0 (default is 1)
- to add the timestamp wsu:Expires to the security header (in addition to the wsu:Created timestamp)
Bye,
Markus

Hi Vikas,
Thanks for the reply.
I suspect that the "fiddling with the Outgoing Transport Protocol that is between OWSM Gateway and actual service" as mentioned in my original post is probably the same as "creating a custom transport messenger between gateway and service" as mentioned by you.
Any pointers to get me going, e.g. what interfaces te implement, classes to extend, how to register and manage with OWSM?
Thanks and best regards,
Sjoerd

Similar Messages

OWSM Custom Policy Step: use of the setProcessingStage() method?

Hello,
When creating a Custom Policy Step for use in an OWSM pipeline the API provides the option to set the processing stage. Possible values are STAGE_PREREQUEST, STAGE_REQUEST, STAGE_RESPONSE and so on.
Can anyone tell me the use of setting the processing stage. Would it allow me to literally take the message request to a different stagewhat, e.g. what should happen when in the Request Stage I set it to STAGE_RESPONSE?
I have tried this and cannot see any effect.
Thanks, Sjoerd

Hi Vikas,
Thanks for the reply.
I suspect that the "fiddling with the Outgoing Transport Protocol that is between OWSM Gateway and actual service" as mentioned in my original post is probably the same as "creating a custom transport messenger between gateway and service" as mentioned by you.
Any pointers to get me going, e.g. what interfaces te implement, classes to extend, how to register and manage with OWSM?
Thanks and best regards,
Sjoerd

Custom Policy Step calling EJB

Hi there,
I'm a newby to OC4J and need some help in regards to some library issues. I've created an EJB using spring and deployed it to the oc4j container. Then I created an owsm custom policy step which retrieves the EJB bean using spring and retrieves the custom security header, which I then add to the current SOAP header. I wasn't quite sure how to create the custom policy step jar as it contains my spring jar as well as my ejb jar, so I used maven to create the jar with all my dependent jars as well. Everything works great, as in, it retrieves the EJB calls the method on the EJB which will retrieve a value from LDAP and then uses that value to query our data store and then return the object, but when it returns the object it throws the following exception:
java.lang.LinkageError: Class com/cochlear/erpsecurity/domain/ErpSoapHeader violates loader constraints
Which is due to the fact that I have the ErpSoapHeader in my custom policy step jar as well as my ejb jar. When I don't include the ejb jar in my custom policy step jar however then it give a class not found exception when trying to load the ejb with spring. Then I tried something dodgy and added the ejb jar to my server.xml in oracle.wsm.gateway shared library, but this caused the linkage error as well.
Any help on how I can resolve this library issue will be great appreciated.
Thanks so much,
Ida

Here's an example on how to add a custom SOAP header to the request message inside a custom step.
public IResult execute(IMessageContext messageContext) throws Fault {
MessageContext msgCtxt = (MessageContext) messageContext;
SOAPEnvelope senv = msgCtxt.getRequest().getAxisMessage().getSOAPEnvelope();
((org.apache.axis.message.SOAPEnvelope)senv).setDirty(true);
Name header = factory.createName("CustomHeader", "http://foo.com/custom/header");
SOAPHeaderElement headerElement = senv.getHeader().addHeaderElement(header);
headerElement.addTextNode("My custom header data");
OWSM uses AXIS implementation internally to represent the SOAP message.
Cheers,
Vikas Jain

Custom Policy steps in OWSM

I am currenly implementing an integration systems between our systems and a third party system. There is a requirement for all messages sent across the interface to be acknowldeged by the other system. The transactions are synchronous so we have hand off approach where the receiving system must acknowledge message receipt by sending a synchronous response message back. This acknowledgement message will contain a boolean flag that either says true or false depending on whether they are receiving or rejecting the message. Messages could be rejected because they have an invalid digital certificate or failed message integrity. Is it possible to create custom policy step in the OWSM that allows me to send these acknoledgement messages. the message structure will contain only 3 elements:
successfulDelivery (boolean)
RejectedCode (Rejection ErrorCode)
RejectedReason (Rejected Error Reason)
Can any one help? I am still new to the OWSM.

Here's an example on how to add a custom SOAP header to the request message inside a custom step.
public IResult execute(IMessageContext messageContext) throws Fault {
MessageContext msgCtxt = (MessageContext) messageContext;
SOAPEnvelope senv = msgCtxt.getRequest().getAxisMessage().getSOAPEnvelope();
((org.apache.axis.message.SOAPEnvelope)senv).setDirty(true);
Name header = factory.createName("CustomHeader", "http://foo.com/custom/header");
SOAPHeaderElement headerElement = senv.getHeader().addHeaderElement(header);
headerElement.addTextNode("My custom header data");
OWSM uses AXIS implementation internally to represent the SOAP message.
Cheers,
Vikas Jain

Extend OWSM with Custom Policy Step: MessageContext.setResponseMessage()?

Hi,
I intend to create a custom policy step for OWSM.
In the execute method of my step (that extends AbstractStep) I want to set the Response Message using the setResponseMessage() method. According to the Extensibility Guide, this method should be passed a com.cfluent.ccore.message.SOAPMessage object as parameter.
Basically, the code looks something like this:
public IResult execute(IMessageContext messageContext) throws Fault {
MessageContext msgCtxt = (MessageContext)messageContext;
Result result = new Result();
msgCtxt.setResponseMessage(msgCtxt.getRequestMessage());
result.setStatus(IResult.SUCCEEDED);
return result;
At compile time however, JDeveloper throws the following error:
SOAPMessage not found in class nl.amis.soa.CustomStep
and points to the line
msgCtxt.setResponseMessage(msgCtxt.getRequestMessage());
Should I use AXIS SOAP objects (knowing OWSM is based on AXIS or uses it)? Or a MessageFactory? Or ... ?
Any tips and preferably a code sample is much appreciated!
Thanks, Sjoerd

Hi Sjoerd ,
Looks like documentation error. Are you importing the om.cfluent.ccore.message.SOAPMessage class? Try compiling without the import. I was able to compile your code with no issues. All I have is coresv-4.0.jar added to my jDev project.
FYI MessageContext.get/setRequestMessage() really takes javax.xml.soap.SOAPMessage as parameter.
Here is the code I can compile:
package com.junk.wsm;
import com.cfluent.pipelineengine.container.MessageContext;
import com.cfluent.policysteps.sdk.AbstractStep;
import com.cfluent.policysteps.sdk.IMessageContext;
import com.cfluent.policysteps.sdk.IResult;
import com.cfluent.policysteps.sdk.Result;
public class junkStep extends AbstractStep {
public junkStep() {
public IResult execute(IMessageContext messageContext) {
MessageContext msgCtxt = (MessageContext)messageContext;
Result result = new Result();
msgCtxt.setResponseMessage(msgCtxt.getRequestMessage());
result.setStatus(IResult.SUCCEEDED);
return result;
Regards,
Rajesh

OWSM - Logging in Custom Policy Step

I'm trying to implement a custom policy step for Oracle Web Service Management.
For debugging purposes, I need to write a diagnostic log file (like gateway.log, policymanager.log, ccore.log...) with the behavior of my step. I have to use log4j library...
Could you help me with OWSM log configuration?
Thanks!

I have been reading more about this issue but I have doubts yet...
Now, I know that I must use the package "com.cfluent.ccore.util.logging" in my code. For example:
ILogger logger = LogManager.getLogger(...);
logger.log(Level.INFO, "..");
In which owsm log file does this information appear?
Thanks!

Owsm policy step verify certificate

We try to use the OWSM for client authentication using "verify certificate". for what i understand of it i have to send along the public certificate with my request and that certificate should be in the trusted store. Can this store be the same store as the wallet the http server is already using.
when i look for the details of the verify certificate step i see that there are a few prerequisites
Prerequisite Steps Verify Signature, Decrypt and Verify, or if the transport security uses SSL.
i use a https://<server>/gateway/services/SID0003006?wsdl as endpoint from within the webserviceproxy and added the following before setting the endpoint in de proxy.
System.setProperty("javax.net.ssl.keyStore", "/home/maqish/keystore");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.ssl.trustStore", "/home/maqish/keystore");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
I have added the server certificate in my trusted keystore and the public key is send to the server to be added as a trusted certificate.
using verify certificate it should be possible to verify that a request is from a trusted source. but this does not seem to work very well. or else there could be some other problem in my thoughts.
anyone who tried the same? or has ever used the policy step verify certificate?

i do use the soa suite and jdeveloper 10.1.3.3 i have created a webservice which i have deployed to the soa application server. using this webservice works using http and https
when i use owsm to add this webservice as a service this also works. using http and https
when i add the request policystep verify certificate i get the following error
Failed to initialize pipeline 'Request' in policy 'repeater(0.1)

Signed messages are missing from search results in a shared mailbox

We recently completed moving all user mailboxes to Exchange 2013 from Exchange 2010. We also have a policy that disables the 'download shared mailboxes' option in Outlook as it cause .ost files to get cumbersome and cause performance problems. This
means that shared mailboxes that users have open are all in 'Online' mode. Since the move to 2013, when users search against a folder in a shared mailbox, the only items that are returned are unsigned messages. Our customer base very frequently
signs email and these signed messages do not show up in results. This was working in Exchange 2010 so our users are frustrated by the sudden inability to receive complete and accurate search results.
If they perform a search of their local mailbox, which is using Cached mode, they are searching against their local index and they can find signed messages. But since the shared mailbox is not cached to their local system, they are relying on the Exchange
server index and it does not seem to be indexing any signed messages.
Does anyone know how to force Exchange 2013 to index signed messages?

try to perform the below steps and check if it works or else we need to wait till Exchange 2013 SP1 which they have planned to bring digital signature message in exchange
Outlook 2007
In Outlook 2007, follow these steps to verify that indexing is complete:
In Outlook, click Tools, Instant Search, and then click
Instant Search.
When the Microsoft Office Outlook dialog appears, you should see the following:
Outlook has finished indexing all of your items.
New items are indexed when they arrive.
0 items remaining in "Mailbox -<<var>username</var>>"
0 items remaining across all open mailboxes.
Outlook 2010 and Outlook 2013
In Outlook 2010 and Outlook 2013, follow these steps to verify that indexing is complete:
In Outlook, click in the Search box.
Click the Search tab, click Search Tools, and then click
Indexing Status.
When the Indexing Status dialog appears, you should see the following:
Outlook has finished indexing all of your items.
0 items remaining to be indexed.
Exchange Queries

Custom Policy Step and the WS-Security header attibute "mustUnderstand"

Hi there,
I have some issues testing the custom policy step that comes with OWSM (CustomAuthenticationStep), which i describe next.
I manage to compile/deploy the custom step successfully. I also restart the server and add the brand new step into the request pipeline. The pipeline only has two steps, a log step and a custom authentication step.
I develop a client for the gateway service which use the "Username to Authenticate" option of the Proxy Security. The other options (inbound/outbound integrity/encryption) are all unchecked.
When I test the client, the following SOAP message is produced:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ns0="http://agesic.entidad/types/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
env:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
<env:Body>
<ns0:reverseElement>
<ns0:aString>Holas!</ns0:aString>
</ns0:reverseElement>
</env:Body>
</env:Envelope>
Which looks just fine. However I get the following exception:
javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
     at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
     at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
     at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
     at agesic.cliente.gateway.proxy.runtime.EchoReverseSoapHttp_Stub.reverse(EchoReverseSoapHttp_Stub.java:78)
     at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.reverse(EchoReverseSoapHttpPortClient.java:44)
     at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.main(EchoReverseSoapHttpPortClient.java:33)
If i look at the log produced by the custom step, it looks like the step was successfully passed.
********** Entering Custom Authentication execute method **********
Processing stage is Request
Request SOAP message is <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="h
ttp://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-ins
tance" xmlns:ns0="http://agesic.entidad/types/" xmlns:wsu="http://docs.oasis-ope
n.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><env:Header><wsse
:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004
/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.or
g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://sche
mas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken xmlns:wsse="http://docs.oasi
s-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http:/
/docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ws
se:Username>test</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/
wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse
:Password></wsse:UsernameToken></wsse:Security></env:Header><env:Body><ns0:rever
seElement><ns0:aString>Holas!</ns0:aString></ns0:reverseElement></env:Body></env
:Envelope>
User locale is English
Client ip address is rhel4.tecinfo.com.uy:7777
Verified user is test
The problems is with the mustUnderstand attribute. It looks like no step tells the OWSM that he understands the header, so the OWSM pass through the pipeline and when it ends it thinks that that header was not processed properly.
I try to find documentation on this issue but I didn't find any.
Any ideas? Is there any way to specify that the step actually understands the ws-security header?
Thanks!
Leo

Ok. Thanks. The problem here is a little bit different. At the client side, we have the following:
<?xml version="1.0" encoding="UTF-8"?>
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://agesic.entidad/" localpart="EchoReverse"/>
<port-info>
<wsdl-port namespaceURI="http://agesic.entidad/" localpart="EchoReverseSoapHttpPort"/>
<runtime enabled="security">
<security>
<inbound/>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
</outbound>
</security>
</runtime>
<operations>
<operation name='reverse'>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
The <outbound> here is requered in order to use the WSS UserName token profile. I try to remove the <inbound/> to check if it was a problem like yours, but we still have the same exception.
The problem seems to be with the gateway at the server side.
Intercepting the communication between the client and the server, we are getting the following response:
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ns0="http://agesic.entidad/types/">
<env:Body>
<env:Fault>
<faultcode>env:MustUnderstand</faultcode>
<faultstring>SOAP must understand error:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
We need a way to instruct the gateway that he actually understands the wss header.
Any ideas?
Thanks!
Leo

How to pass Username from OWSM Security policy in Oracle Apps Adapter .jca file

My BPEL process uses Oracle Applications Adapter. The following is the .jca file for the Adapter. The Username is initialized statically to "sysadmin" when I created the Adapter.Is it possible to pass in the username from the OWSM Security policy for the username value below? If so how to do? I appreciate your response.
<adapter-config name="EBSAdapter" adapter="Apps" wsdlLocation="../WSDLs/EBSAdapter.wsdl" xmlns="http://platform.integration.oracle/blocks/adapter/fw/metadata">
<connection-factory UIConnectionName="EBS1" location="eis/Apps/EBS1" UIConcurrentPgmName="" UIOracleAppType="DBOBJECT"/>
<endpoint-interaction portType="EBSAdapter_ptt" operation="EBSAdapter">
    <interaction-spec className="oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec">
      <property name="SchemaName" value="APPS"/>
      <property name="PackageName" value="INTG"/>
      <property name="ProcedureName" value="GET_USER_PROFILE1"/>
      <property name="IRepInternalName" value="PLSQL:INTG:WEBCENTER_GET_USER_PROFILE1"/>
      <property name="Username" value="sysadmin"/>
      <property name="Responsibility" value="System Administrator"/>
    </interaction-spec>
</endpoint-interaction>
</adapter-config>

1. Go to Invoke activity
2. Click on Properties tab.
3. click Add
4. Add this property "jca.apps.Username" and map it with either variable or expression.
5. Populate variable defined at previous step with some valid username value at runtime.
hope this helps.
Regards,
Karan
Oracle Fusion Middleware Blog

WSM Sign Message - BinarySecurityToken ordering in Soap message

Hi,
We are trying to send X509 signed messages to a remote client who is using WSE 3.0. WSM is using a Reference URI in SecurtiyTokenReference which relates to a BinarySecurityToken. Currently the BinarySecurityToken follows the SecurityTokenReference in the SOAP message we are sending. The 3rd party has asked we ensure the BST comes first in SOAP:
Has anybody come accross this before or have any suggestions for OWSM on how to make this happen?
*{color:#ff0000}Currently:{color}*
<?xml version="1.0" encoding="UTF-8" ?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#_1wUgSgZOxWwla32XNs9alA22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>it3C2jxQsyJg3cu4lJw1bi1yE50=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#_FZT6dshZtCCekjthPWe1BQ22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>KRsvU/IqWlCPd8ywrmO3EAg5TTg=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>KW8qS+50jy8CQeH9dfZCOAT0yWIUJpRysEOG+yucD6wj7VgRA8VXQLkn9yuG+G85ndVXyydCDrFyapJNL8MyEa3XI/oYWaB2Q2OFCg+ctxm7wbkwN+Wgdh/nxOp9Wls447wxfwiBF9N8XIWmGwyKa103rixazzIf1l1vny7cw+M=</dsig:SignatureValue>
{color:#ff0000}<dsig:KeyInfo>
<wsse:SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#BST-1PYIu9y1RAUXT74Pde0XvQ22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-1PYIu9y1RAUXT74Pde0XvQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">*token in here+*</wsse:BinarySecurityToken>{color}
Should be:
<?xml version="1.0" encoding="UTF-8" ?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#_1wUgSgZOxWwla32XNs9alA22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>it3C2jxQsyJg3cu4lJw1bi1yE50=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#_FZT6dshZtCCekjthPWe1BQ22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>KRsvU/IqWlCPd8ywrmO3EAg5TTg=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>KW8qS+50jy8CQeH9dfZCOAT0yWIUJpRysEOG+yucD6wj7VgRA8VXQLkn9yuG+G85ndVXyydCDrFyapJNL8MyEa3XI/oYWaB2Q2OFCg+ctxm7wbkwN+Wgdh/nxOp9Wls447wxfwiBF9N8XIWmGwyKa103rixazzIf1l1vny7cw+M=</dsig:SignatureValue>
{color:#ff0000}<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-1PYIu9y1RAUXT74Pde0XvQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">*token in here+*</wsse:BinarySecurityToken>
<dsig:KeyInfo>
<wsse:SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#BST-1PYIu9y1RAUXT74Pde0XvQ22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>{color}

This is registered as BUG 8359856 with Oracle Support.

Signer messaging not working in Safari

I have customised my signer messaging for my widget which is appearing in Chrome and in Safari Mobile but not in Safari Desktop on Mac. I don't think it is a cache issue as I am clearing cache and other test changes I make are appearing. It is not showing updates to the signer message that were made the previous day.
This is only in Safari Desktop.
Is this a Bug Issue?

Hi Rob
Thanks for your reply,
I did open a support ticket yesterday and in the reply was told by Sudarshan Shridar at Echosign that he had tested the signer messaging in Safari on an iMac and he said it was OK.
I don't think he understood my problem which is that the signer message displays but it does not replicate the customisations I have made in Safari. Consequently I supplied him with 2 screen shots, one from Chrome where the Signer Message views correctly and one from Safari Where it does not view correctly.
This was 16.10pm yesterday and I have yet to receive a reply unfortunately.
Attached is the screen shots for you to see in case you have any suggestions.
Regards
Steve

Mail doesn't send certificate-signed message

Symptoms
When attempting to send a message in Mail that has been signed by a trusted certificate, a message appear that states:  "Unable to sign message You don’t have a trusted certificate in your keychain that matches the email address (sender’s email address). Without a certificate, you can’t sign messages sent from this address."
 The Compose window cannot be closed.
(same as describe for Lion in http://support.apple.com/kb/TS4222 )
Then, if you quit Mail and reopen it, the signed message reopen in its
compose window and can now be sent…

Symptoms
When attempting to send a message in Mail that has been signed by a trusted certificate, a message appear that states:  "Unable to sign message You don’t have a trusted certificate in your keychain that matches the email address (sender’s email address). Without a certificate, you can’t sign messages sent from this address."
 The Compose window cannot be closed.
(same as describe for Lion in http://support.apple.com/kb/TS4222 )
Then, if you quit Mail and reopen it, the signed message reopen in its
compose window and can now be sent…

Error in sending signed messages to trading partners

This is what we are doing:
Setup Host and Trading Partner Delivery Channels with Non-Repudiation of Origin
and Non-Repudiation of Receipt enabled. Upload certificates on Document
Exchange setup. Assign Delivery Channels to Agreement. Transmit outbound
Text error occurs.
Here is the error:
AIP-51083: General failure creating S/MIME digital signature:
java.lang.NullPointerException
at
oracle.tip.adapter.b2b.packaging.SmimeSecureMessaging.sign(SmimeSecureMessag
ing.java:1054)
at
oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createSignedMimeBodyPart
(MimePackaging.java:392)
Everyrthing works fine if we don't have signed messages and secure messages also work.
Is there additional configuration there needs to be done?
Thank you,
Lavar

Hi,
I am not sure what you did. When you export the user certificate from the Oracle Wallet using the Oracle Wallet Manager, it is already in base64 encoded format. Save this file. You do not need to recreate the trading partner. You need to replace the existing certificate with this newly saved file in your host delivery channel. One way to do this is to upload this user certificate in the B2B host page (Click on create under the Certificates section). Then go to your host delivery channel (in the capabilities page) and view your document exchange. Once you are in the Document Exchange Details page, you can see your existing signing credential. Click Update and replace the signing credential with the newly created credential using the user certificate you have exported from the Oracle Wallet. Redeploy and restart the B2B Server.
Regards,
Eng

Content in S/MIME Signed Message

Hi,
In the following statement, is it possible that the content can be a multipart containing two bodyparts (one containing text and one containing file attachment), my question is : the signature is valid ? :
CertStore certs...
SMIMESignedGenerator fact = new SMIMESignedGenerator();
fact.addSigner(privKey, cert, SMIMESignedGenerator.DIGEST_SHA1);
fact.addCertificatesAndCRLs(certs);
MimeMultipart smime = fact.generate(content, "BC");
Example :
MimeBodyPart mbp1 = new MimeBodyPart();
mbp1.setText(mailContent);
mbp1.setHeader("Content-Type", "text/plain");
// Create the attachment and add it to the mail message
MimeBodyPart mbp2 = new MimeBodyPart();
FileDataSource fileAttachment = new FileDataSource(filePath);
DataHandler dh = new DataHandler(fileAttachment);
mbp2.setDataHandler(dh);
mbp2.setFileName(filename);
mbp2.setHeader("Content-Disposition", "ATTACHMENT");
Multipart multipart = new MimeMultipart("related");
multipart.addBodyPart(mbp1);
multipart.addBodyPart(mbp2);
PrivateKey key = UtilsCrypto.getPrivateKey( alias, passwd, urlpath, keystoretype);
Certificate[] chain = UtilsCrypto.getCertificateChain(alias, passwd, urlpath, keystoretype);
CertStore certsAndCRLs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(chain)), "BC");
MimeBodyPart bodyPart = new MimeBodyPart();
X509Certificate cert = (X509Certificate) chain[0];
bodyPart.setContent(multipart);
// set up the generator
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSigner(key, cert, SMIMESignedGenerator.DIGEST_SHA1, null, null);
gen.addCertificatesAndCRLs(certsAndCRLs);
MimeMultipart multipartbase = gen.generate(bodyPart, "BC");
message = setHeadersMessage(message, mailModel, file);
message.setHeader("Content-Type", "Application/pkcs7-signature; smime-type=signed-data;name=smime.p7s");
message.setContent(multipartbase);
message.saveChanges();
trans.sendMessage(message, address);
Many thanks.

Hi,
Okay, this topic is a bit old, nevertheless, here is my response.
If I understand correctly, what you want is to sign a message with attachment.
You can do this with the following code:
// Body object
MimeBodyPart body = new MimeBodyPart();
body.setContent("this is a test yeah", "text/html");
// Attachment
MimeBodyPart attachment = new MimeBodyPart();
attachment.setDataHandler(new DataHandler(new FileDataSource(sendFile), "text/plain"));
attachment.setFileName("blabla.dat");
// Creat MIME message from parts
MimeMessage notyetsigned = new MimeMessage(session);
Multipart multipart = new MimeMultipart();
multipart.addBodyPart(body);
multipart.addBodyPart(attachment);
notyetsigned.setContent(multipart);
/* Sign message */
MimeMultipart mm = gen.generate(notyetsigned, "BC");
// Create signed MIME message (again)
MimeMessage signedmessage = new MimeMessage(session);;
signedmessage.setContent(mm);
// Set up the message instance attributes
signedmessage.addRecipient(Message.RecipientType.TO, new InternetAddress("[email protected]"));
signedmessage.setSubject(subject);
signedmessage.addHeader("X-Priority", "1");
// send message
Transport.send(signedmessage);
Regards,
Valéry B.

OWSM customize policy step sign message

Similar Messages

Maybe you are looking for