OWSM SAML Verify step problem: Missing Security Header in SOAP message

Similar Messages

• Missing Security header in SOAP

  Hello!
  I used WSDLs to  generate a few client proxy classes in order to access web services of a 3rd party application. The first call was successfull: I called START_SESSION method passing username and password and got proper response (ticket, session ID). Afterwards, I wanted to call methods of other proxy classes of the same application and always got
  SoapFaultCode:1  WSDoAllReceiver: Request does not contain required Security header
  How do I pass security header and what does it consist of? I suppose ticket and/or session ID, but it is not part of any method's interface.
  What should I do?
  Thanks in advance!
  Kind regards,
  Igor
  Unfortunately, WSDL is not available in public. If necessary; I'll post it, but for the first post I'll try not to occupy space.

  Hi!
  I did research on this topic with server application and I quote what I found:
  <i>The Alfresco web services have always used the WS Security header to pass the ticket information to the server.
  The ticket is plucked out of the password parameter and cross checked within the server to ensure the request can proceed.
  So long as you construct the WS Security header correctly authentication at the repository should occure without problem</i>
  I get the ticket from the successfull call of START_SESSION method of different (authentication) proxy class, but don't know what to do with it. How to include it in security header of another proxy method call? Or should I do something else?
  I'll describe what I tried - please see if I did something wrong:
  1. In SE80 -> Client proxy maintenance, I selected tab Preconfiguration, selected "Session-Oriented communication" -> Checked "Select Feature"
  2. Same tab, selected "Authentication" -> Basic
  3. Activated the proxy
  4. WSSPROFILE -> Created profile based on CHECK_USERNAME template
  5. LPCONFIG -> Selected operation GET_USER, entered the newly created profile both in ProfileIn and ProfileOut, activated
  6. Activated client trace, called method and got SOAP request without any security info in header:
  <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
    <soap-env:Header>
      <n0:Trace xmlns:n0="http://www.sap.com/webas/630/soap/features/runtime/tracing/">
        <TraceLevel xmlns="http://www.sap.com/webas/630/soap/features/runtime/tracing/">Error</TraceLevel>
      </n0:Trace>
    </soap-env:Header>
    <soap-env:Body>
      <nr1:getUser xmlns:nr1="http://www.alfresco.org/ws/service/administration/1.0" xmlns:nr2="http://www.alfresco.org/ws/model/content/1.0">
        <nr1:userName>ADMIN</nr1:userName>
      </nr1:getUser>
    </soap-env:Body>
  </soap-env:Envelope>
  I must have done something wrong.
  Regards,
  Igor

• Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.

  We have a web role where we have hosted a WCF service.
  We are facing the below exception intermittently on consuming the service.
  Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.   This
  can occur if the service is configured for security and the client is not using security.
  This is intermittent. Few calls fail , and the subsequent calls succeed without making any changes.
  Please help in overcoming this abnormal behavior.
  Thanks in advance !!
  Best Regards ,
  Eswar

  Hi Eswar,
  As the error message mentioned, it may be a mismatch between the configuration on the client and the server.Try putting all your configuration in a binding configuration and then use the same binding configuration on the server and client. Since this issue
  is more related with WCF, I suggest you move to WCF forum, it is appropriate and more experts will assist you.
  Best Regards,
  Jambor
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Missing import value in SOAP message

  Hi guys,
  I have developed a function module that calls a .NET web service. I am having an issue that values for import parameter sent to .NET web service are missing. Before calling .NET web service, CODE parameter has a value but when it reach to .NET side there is no value.
    CREATE OBJECT osoap.  " Create object
    TRY.
        CALL METHOD osoap->set_method
          EXPORTING
            nsprefix = ' '
            nsvalue  = 'http://califoniasteel.com/'
            name     = 'VerifyPDFDelivery'.
  Transfer Customer Code to in-parameter
       GET REFERENCE OF p_ccode INTO dref.
        GET REFERENCE OF code INTO dref.
        CALL METHOD osoap->add_parameter
          EXPORTING
            direction = csoapconstants=>ic_param_inout
            name      = 'CODE'
            value     = dref.
        GET REFERENCE OF p_file_found INTO dref.
        CALL METHOD osoap->add_parameter
          EXPORTING
            direction = csoapconstants=>ic_param_out
            name      = 'VerifyPDFDeliveryResult'
            value     = dref.
  Use friendly names
        CALL METHOD osoap->set_tag_name_format
          EXPORTING
            format = csoapconstants=>ic_tagfmt_mixcase.
  Serialize SOAP Document and transport message
        isoap = osoap.
  2 Create SOAP transport object and set payload
        CALL METHOD csoaptransport=>new_http_transport
          IMPORTING
            transport = otransp.
        CONCATENATE 'http://' l_soap_server ':' l_soap_port '/' l_soap_service INTO soapurl.
        CALL METHOD otransp->set_destination_by_url
          EXPORTING
            url = soapurl.
        CALL METHOD otransp->set_soapaction
          EXPORTING
            soapaction = l_soap_method.
        CALL METHOD otransp->set_payload
          EXPORTING
            payload = isoap.
        CALL METHOD otransp->request_response.
    There is no error or system run time error during the call. I found a SAP Note 588924 but our Basis guy says it doesn't apply to our envi: SAP R/3 Enterprise, SAP_BASIS 620 SAPKB62063.
  Let me know if anyone experiences the same issue and found any workaround for it.
  Thanks.

  Below is the log of the incoming message just prior to the failing SAML Verify step:
  <?xml version="1.0" encoding="UTF-8" ?>
  - <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://exception.common.periop.gehc.com" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="http://www.patient.patientmanager.periop.gehc.com/service/" xmlns:ns3="http://entity.common.periop.gehc.com" xmlns:ns4="http://entity.patient.patientmanager.periop.gehc.com" xmlns:ns5="http://entity.allergy.patientmanager.periop.gehc.com" xmlns:ns6="http://pdo.domain.customizer.periop.gehc.com" xmlns:ns7="http://entity.cases.scheduler.periop.gehc.com" xmlns:ns8="http://entity.insurance.patientmanager.periop.gehc.com">
  - <env:Header>
  - <ns1:Security>
  - <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="158RBY2QvCFPiTqdXYWh9A22" IssueInstant="2008-09-17T19:58:43Z" Issuer="GE" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
  <saml:Conditions NotBefore="2008-09-17T19:58:13Z" NotOnOrAfter="2008-09-17T19:59:43Z" />
  - <saml:AuthenticationStatement AuthenticationInstant="2008-09-17T19:58:43Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
  - <saml:Subject>
  <saml:NameIdentifier NameQualifier="www.ge.com" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">gowri</saml:NameIdentifier>
  - <saml:SubjectConfirmation>
  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
  </saml:SubjectConfirmation>
  </saml:Subject>
  </saml:AuthenticationStatement>
  </saml:Assertion>
  </ns1:Security>
  </env:Header>
  - <env:Body>
  - <ns2:getPatient>
  <ns2:patientId>137115</ns2:patientId>
  </ns2:getPatient>
  </env:Body>
  </env:Envelope>

• OWSM: SAML Verify WSS 1.0 Token

  Hi,
  I have created a policy for a service registered with the gateway with 'SAML - Verify WSS 1.0 Token' as one of the steps in the Request pipeline. I am using JKS as the store type. When a client tries to invoke the service, it gets the following error from the gateway:
  javax.xml.rpc.soap.SOAPFaultException: Did not understand "MustUnderstand" header(s)
  On the other hand gateway.log shows the following message:
  saml.SAMLProcessor - SAML assertion confirmation method: urn:oasis:names:tc:SAML:1.0:cm:sender-vouches
  The client is a J2SE client created using JDeveloper.
  Am I missing something important here?
  Any help would appreciated.
  Thanks

  Normally, the mustUnderstand error is given out by the OC4J web service when the service receives a SOAP request with a security header with mustUnderstand attribute set to 1.
  What is the SOAP message being received by the web service itself?
  Vikas Jain
  http://ws-security.blogspot.com

• Http Header for SOAP message.

  Hello,
  I need to set some custom HTTP Header when i send the SOAP message to an endpoint.
  I tried this..but doesn't solve my requirement.
  SOAPMessage soapmsg = messageFactory.createMessage();
  MimeHeaders mime = soapmsg.getMimeHeaders();
  mime.addHeader("SOAPAction", "xxxx");
  mime.addHeader("Sender", "yyy");
  SOAPMessage reply = connection.call(soapmsg, destination);
  Can anyone please guide me how to set HTTP headers for SOAP?
  Thanks,

  The following snippet is some code froma stand-alone web service client that I use for testing. It picks up an XML as the payload of the web service, wraps it in a SOAP message and fires it at the web service endpoint.
       System.out.println("Create the SOAP message.\n"); 
       MessageFactory messageFactory = MessageFactory.newInstance();
       SOAPMessage message = messageFactory.createMessage();
       System.out.println("Creating a DOM object from the JAXB payload.");
       DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
            factory.setValidating(false);
               factory.setNamespaceAware(true);
       DocumentBuilder parser = factory.newDocumentBuilder();
       Document doc = parser.parse("file:payload.xml");
       //  Add the HTTP headers.
       message.getMimeHeaders().addHeader("User-Agent", "Mozilla/4.0 [en] (WinNT; I)");
       message.getMimeHeaders().addHeader("Host", "localhost:9080");
       message.getMimeHeaders().addHeader("Content-type", "text/xml");
       message.getMimeHeaders().addHeader("SOAPAction", "http://www.xxx.com.au/wsdl/someWebService");
       message.setProperty(SOAPMessage.CHARACTER_SET_ENCODING, "utf-8");
       SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
       envelope.addNamespaceDeclaration("n", "http://xxx/webService");
       envelope.addNamespaceDeclaration("xsd", "http://www.w3.org/2001/XMLSchema");
       envelope.addNamespaceDeclaration("xsi", "http://www.w3.org/2001/XMLSchema-instance");
       System.out.println("Adding the payload to the SOAP body.\n");
       SOAPBody body = message.getSOAPBody();
       SOAPBodyElement docElement = body.addDocument(doc);
       System.out.println("This is the SOAP message.\n");
       message.writeTo(System.out);
       System.out.println("\nPutting the payload on the wire.\n");
       SOAPConnectionFactory conFactry = SOAPConnectionFactory.newInstance();
       SOAPConnection connection = conFactry.createConnection();          
       URL endpoint = new URL("http://localhost:9080/xxx/services/yyy-webservices");
       SOAPMessage response = connection.call(message, endpoint);
       System.out.println("Payload sent. Closing the connection.\n");
       connection.close();

• WSSE header in SOAP message

  How do I get a WSSE UserToken header for my ourgoing SOAP message when using a Webservice reference in APEX 3.0?
  Message was edited by:
  user479463

  anybody?

• Attaching Header to SOAP Message

  Hi Guys,
  Can anybody tell me how to attach the Header to the message body in case of SOAP messages?
  My SOAP Message is as follows( in XML format):
  <?xml version="1.0" encoding="utf-8"?>
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:p1="http://sup/bpmscenarios">
    <soap:Body>
      <p1:mt_source_SOAP>
        <row>
          <EmpNo>10</EmpNo>
        </row>
      </p1:mt_source_SOAP>
    </soap:Body>
  </soap:Envelope>
  And SOAP action is :
  http://sap.com/xi/WebService/soap1.1
  Regards,
  Supriya.

  Hi,
  My client is Altova XML Spy, is sending the message without header.
  So, at PI end message is getting failed.
  I want to send the message by Altova only, so want to modify the message by adding header to it.
  But I am not able to understand how to add header.
  Regards,
  Supriya.

• Security Data : No WS-Security Header - UTL_HTTP for HTTPS calls -Oracle 9i

  Hello,
  I have a SOAP requests to transmitt a on the fly parsed XML file to UTL_HTTP to connect to a SSL connection. Oracle Wallet is installed and connectivity is working as expected. However, in the SOAP response I am getting
  Security Data : No WS-Security Header I am not sure what I am missing? How can I resolve this error?
  Below is the SOAP response that shows this error.
  <?xml version="1.0" encoding="utf-8" ?>
  - <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  - <soap:Header>
  - <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  - <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-17449452">
    <wsu:Created>2010-11-20T05:03:40.568Z</wsu:Created>
    </wsu:Timestamp>
    </wsse:Security>
    </soap:Header>
  - <soap:Body>
  - <soap:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:c="urn:schemas-asource-com:transaction-data-1.0">
    <faultcode>wsse:InvalidSecurity</faultcode>
    <faultstring>Security Data : No WS-Security Header</faultstring>
    </soap:Fault>
    </soap:Body>
    </soap:Envelope>Below is my compete code that generated above response.
  BEGIN
           soap_request :=
                 '<?xml version="1.0" encoding="utf-8"?>
                     <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:ns1="urn:schemas-asource-com:transaction-data-1.31">
  <SOAP-ENV:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-
  secext-1.0.xsd">
  <wsse:Security SOAP-ENV:mustUnderstand="1">
  <wsse:UsernameToken>
  <wsse:Username>NPCOMMERCE_DEV</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssusername-
  token-profile-1.0#PasswordText">Il/vJa0jat7929f8xxklPjYZIMy5eBCqBMILeGaC+E/1NfIWv+I2KfgghlhkSOaN6rme70OQHEo3e4LJMlWvfC7UfYaN9bqyQwYACmrDFpoiQYCOS+XLnRshhLHMio5VY4+P3C/25tCEH4lBAMRjP1LmjIvZI/h4YJ/65x8OQrqO7tdggZ/KAgvOiNc1GSU+NhkgzLl4EKoEwgt4ZoL4T/U18ha/4jYp+CCGWGRI5o3quZ7vQ5AcSjd7gskyVa98LtR9ho31urJDBgAKasMWmiJBgI5L5cudGyGEscyKjlVjj4/cL/bm0IQfiUEAxGM/UuaMi9kj+Hhgn/rnHw5Cug==</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </SOAP-ENV:Header>'
              || '<SOAP-ENV:Body>'
              || '<ns1:requestMessage>'
              || '<ns1:merchantID>'
              || 'ACOMM_DEV'
              || '</ns1:merchantID>'
              || '<ns1:merchantReferenceCode>'
              || lv_sequence
              || '</ns1:merchantReferenceCode>'
              || '<ns1:billTo>'
              || '<ns1:firstName>'
              || p_cc_holder_name_first
              || '</ns1:firstName>'
              || '<ns1:lastName>'
              || p_cc_holder_name_last
              || '</ns1:lastName>'
              || '<ns1:street1>'
              || 'XXX Charleston Road'
              || '</ns1:street1>'
              || '<ns1:city>'
              || 'Mountain View'
              || '</ns1:city>'
              || '<ns1:state>'
              || 'CA'
              || '</ns1:state>'
              || '<ns1:postalCode>'
              || '94043'
              || '</ns1:postalCode>'
              || '<ns1:country>'
              || 'US'
              || '</ns1:country>'
              || '<ns1:email>'
              || '[email protected]'
              || '</ns1:email>'
              || '</ns1:billTo>'
              || '<ns1:item id="0">'
              || '<ns1:unitPrice>'
              || 12.34
              || '</ns1:unitPrice>'
              || '<ns1:quantity>'
              || 2
              || '</ns1:quantity>'
              || '</ns1:item>'
              || '<ns1:purchaseTotals>'
              || '<ns1:currency>'
              || 'USD'
              || '</ns1:currency>'
              || '</ns1:purchaseTotals>'
              || '<ns1:card>'
              || '<ns1:accountNumber>'
              || 111111111111111
              || '</ns1:accountNumber>'
              || '<ns1:expirationMonth>'
              || 12
              || '</ns1:expirationMonth>'
              || '<ns1:expirationYear>'
              || 2020
              || '</ns1:expirationYear>'
              || '</ns1:card>'
              || '<ns1:ccAuthService run="true"/>'
              || '</ns1:requestMessage>'
              || '</SOAP-ENV:Body>'
              || '</SOAP-ENV:Envelope>';
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20003, errx);
        END;
        BEGIN
           UTL_HTTP.set_wallet
                              ('file:/p01/oracle/prj1db/9.2.0/appsutil/wallet',
                               'p4ssword'
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20004, errx);
        END;
        BEGIN
           http_req :=
              UTL_HTTP.begin_request ('https://rvcotest.ss.com/commerce/999/tProcessor',
                                      'POST',
                                      'HTTP/1.1'
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20005, errx);
        END;
        BEGIN
           UTL_HTTP.set_header (http_req, 'Content-Type', 'text/xml');
           UTL_HTTP.set_header (http_req,
                                'Content-Length',
                                LENGTH (soap_request)
           UTL_HTTP.set_header (http_req,
                                'SOAPAction',
                                'xmlns="urn:rvcotest.ss.com/commerce/999/tProcessor"'
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20006, errx);
        END;
        BEGIN
           UTL_HTTP.write_text (http_req, soap_request);
           http_resp := UTL_HTTP.get_response (http_req);
           UTL_HTTP.read_text (http_resp, soap_respond);
           UTL_HTTP.end_response (http_resp);
        EXCEPTION
           WHEN UTL_HTTP.end_of_body
           THEN
              UTL_HTTP.end_response (http_resp);
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20007, errx);
        END;

  Thank you Fahd for quick response.
  I have gone through the note. So, it seems that I have to put a Header tag with username and password. But such tag definitions do not exist neither in my WSDL nor in my XSD that gets validation on destination server. In that case what do I do? :(
  -R

• Custom Policy Step and the WS-Security header attibute "mustUnderstand"

  Hi there,
  I have some issues testing the custom policy step that comes with OWSM (CustomAuthenticationStep), which i describe next.
  I manage to compile/deploy the custom step successfully. I also restart the server and add the brand new step into the request pipeline. The pipeline only has two steps, a log step and a custom authentication step.
  I develop a client for the gateway service which use the "Username to Authenticate" option of the Proxy Security. The other options (inbound/outbound integrity/encryption) are all unchecked.
  When I test the client, the following SOAP message is produced:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ns0="http://agesic.entidad/types/"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  env:mustUnderstand="1">
  <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Username>test</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </env:Header>
  <env:Body>
  <ns0:reverseElement>
  <ns0:aString>Holas!</ns0:aString>
  </ns0:reverseElement>
  </env:Body>
  </env:Envelope>
  Which looks just fine. However I get the following exception:
  javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at agesic.cliente.gateway.proxy.runtime.EchoReverseSoapHttp_Stub.reverse(EchoReverseSoapHttp_Stub.java:78)
       at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.reverse(EchoReverseSoapHttpPortClient.java:44)
       at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.main(EchoReverseSoapHttpPortClient.java:33)
  If i look at the log produced by the custom step, it looks like the step was successfully passed.
  ********** Entering Custom Authentication execute method **********
  Processing stage is Request
  Request SOAP message is <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="h
  ttp://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-ins
  tance" xmlns:ns0="http://agesic.entidad/types/" xmlns:wsu="http://docs.oasis-ope
  n.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><env:Header><wsse
  :Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004
  /01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.or
  g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://sche
  mas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken xmlns:wsse="http://docs.oasi
  s-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http:/
  /docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ws
  se:Username>test</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/
  wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse
  :Password></wsse:UsernameToken></wsse:Security></env:Header><env:Body><ns0:rever
  seElement><ns0:aString>Holas!</ns0:aString></ns0:reverseElement></env:Body></env
  :Envelope>
  User locale is English
  Client ip address is rhel4.tecinfo.com.uy:7777
  Verified user is test
  The problems is with the mustUnderstand attribute. It looks like no step tells the OWSM that he understands the header, so the OWSM pass through the pipeline and when it ends it thinks that that header was not processed properly.
  I try to find documentation on this issue but I didn't find any.
  Any ideas? Is there any way to specify that the step actually understands the ws-security header?
  Thanks!
  Leo

  Ok. Thanks. The problem here is a little bit different. At the client side, we have the following:
  <?xml version="1.0" encoding="UTF-8"?>
  <oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
  <webservice-client>
  <service-qname namespaceURI="http://agesic.entidad/" localpart="EchoReverse"/>
  <port-info>
  <wsdl-port namespaceURI="http://agesic.entidad/" localpart="EchoReverseSoapHttpPort"/>
  <runtime enabled="security">
  <security>
  <inbound/>
  <outbound>
  <username-token password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name='reverse'>
  </operation>
  </operations>
  </port-info>
  </webservice-client>
  </oracle-webservice-clients>
  The <outbound> here is requered in order to use the WSS UserName token profile. I try to remove the <inbound/> to check if it was a problem like yours, but we still have the same exception.
  The problem seems to be with the gateway at the server side.
  Intercepting the communication between the client and the server, we are getting the following response:
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ns0="http://agesic.entidad/types/">
  <env:Body>
  <env:Fault>
  <faultcode>env:MustUnderstand</faultcode>
  <faultstring>SOAP must understand error:
  {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  We need a way to instruct the gateway that he actually understands the wss header.
  Any ideas?
  Thanks!
  Leo

• SAML Validation Error  - Proxy Service - Process WS-Security Header

  I am testing a Proxy Service that inspects the WS-Security Header which contains a WS-Policy for a SAML Assertion sender-vouches. The SAML Assertion that is produced is valid according to the oassis schema, but ALSB 2.6 returns a SOAP Fault that the SAML Assertion is not valid. Is there any next steps I should take to diagnose the problem? Also, are there any good tools available for validating a SAML Assertion?
  Here is the response of the ALSB 2.6 running on WebLogic 9.2. It is a simple proxy service we use to test whether SAML is working correctly or not. The client correctly sends the sender-voucher with the username/password/certificate alias and so forth.
  <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
  <soapenv:Body>
  <soapenv:Fault
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <axis2ns1:Code xmlns:axis2ns1="http://www.w3.org/2003/05/soap-envelope">
  <axis2ns1:Value>soapenv:Sender</axis2ns1:Value>
  <axis2ns1:Subcode>
  <axis2ns1:Value>wsse:InvalidSecurityToken</axis2ns1:Value>
  </axis2ns1:Subcode>
  </axis2ns1:Code>
  <axis2ns2:Reason xmlns:axis2ns2="http://www.w3.org/2003/05/soap-envelope">
  <axis2ns2:Text xml:lang="en-US"
  >Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@563c52a[status: false][msg The SAML token is not valid.]</axis2ns2:Text>
  </axis2ns2:Reason>
  </soapenv:Fault>
  </soapenv:Body>
  </soapenv:Envelope>
  Thanks,
  Jay Blanton

  Hi, Pls send your client code to my mail [email protected]

• OSB process WS-security header problem! Pls help

  Hi All
  We have protected all our osb proxy services with username token policy. The problem we are facing is that in some of the proxy services we want this header to be available within the message flow (for auditing purposes) but the process WS-security header option when selected removes this header before it enters the message flow.
  If we untick this option, it does not authenticate the incoming soap request and proxy services is invoked even if wrong or no credentials are supplied.
  Is there a way we can select this option for authentication and still have the username token intact within the soap header in the message flow. please help. Thanks

  Please check the content of $inbound at runtime (with process WS-security header option enabled). You may get all the information for auditing purpose from that variable.
  Regards,
  Anuj

• Hello I have a problem with security questions and i cant reset to my email  The error was   Exceeded Maximum Attempts  We apologize, but we were unable to verify your account information with the answers you provided to our security questions. You have

  Hello
  I have a problem with security questions and i cant reset to my email
  The error was
  Exceeded Maximum Attempts
  We apologize, but we were unable to verify your account information with the answers you provided to our security questions.
  You have made too many attempts to answer these questions. So, for security reasons, you will not be able to reset password for the next eight hours.
  Click here      for assistance.
  i waited more than eight hours. and back to my account but it is the same ( no change ) i cant find forgot your answers
  http://www.traidnt.net/vb/attachment...134863-333.jpg
  can you help me please

  Alternatives for Help Resetting Security Questions and Rescue Mail
       1. Apple ID- All about Apple ID security questions.
       2. Rescue email address and how to reset Apple ID security questions
       3. Apple ID- Contacting Apple for help with Apple ID account security.
       4. Fill out and submit this form. Select the topic, Account Security.
       5.  Call Apple Customer Service: Contacting Apple for support in your
            country and ask to speak to Account Security.
  How to Manage your Apple ID: Manage My Apple ID

• Javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header error while invoking FinancialUtilService using HTTP proxy client

  I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
  javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
  Process exited with exit code 0.
  Message was edited by: Oliver Steinmeier
  Removed attachment

  Hi Jani,
  Thanks for your reply.
  I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command. 
       keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
  Invoking
      SecurityPolicyFeature[] securityFeature =
      new SecurityPolicyFeature[] { new
      SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
      financialUtilService_Service = new FinancialUtilService_Service();
      FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
      // Get the request context to set the outgoing addressing properties
      WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
      WSEndpointReference replyTo =
        new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
      String uuid = "uuid:" + UUID.randomUUID();
      wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
      wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
      wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY,  "Welcome1");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
  SEVERE: WSM-00057 The certificate, client, is not retrieved.
  SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
  SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
  SEVERE: WSM-00005 Error in sending the request.
  SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
  SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
  SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
  oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
    at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
    at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
    at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
    at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
    at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
    at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
    ... 30 more
  Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
    at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
    at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
    ... 32 more
  SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
  File upload failed
  javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    ... 19 more

• Extracting username and password from security header

  Hey all,
  I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
  1) I secured my BPEL process
  2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
  3) I added the security variable to the Header Variables for the BPEL process input
  4) I added the security variable to the Input Header Variables for the web service's invoke operation
  This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
  Environment:
  JDeveloper 11.1.1.6.0
  Thanks,
  Bill

  Hi Sri,
  If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
  Thanks,
  Bill