Problem configuring Username token profile on ALSB
Hi All !!
First of all, thanks for your support!!
I'm facing a problem configuring an active intermediary Proxy service with username token profile. This proxy service has a security policy referencing Auth.xml file to implement Username token profile. That proxy calls a business service which calls a web service.
On test page, username and password is requested (already created in the security domain), then an error is returned "Unable to add security token for identity".
Below you can find the Invocation Trace:
Invocation Trace
(receiving request)
Initial Message Context
added $body
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<per:getPersona xmlns:per="http://com/indra/persona">
<per:nombre>string</per:nombre>
<per:apellidos>string</per:apellidos>
</per:getPersona>
</soapenv:Body>
added $header
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
added $inbound
<con:endpoint name="ProxyService$PruebaWSsecurity$PersonaProxy92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:uri>/PersonaProxy92</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
*<con:security>*
*<con:transportClient>*
*<con:username><anonymous></con:username>*
*</con:transportClient>*
*<con:messageLevelClient>*
*<con:username>securityUser</con:username>*
*<con:principals>*
*<con:group>Administrators</con:group>*
*<con:group>IntegrationAdministrators</con:group>*
*</con:principals>*
*</con:messageLevelClient>*
*</con:security>* </con:endpoint>
added $messageID
2741921765813726088-1b0fcf1c.12204e4868c.-8f3
RouteNode1
Routed Service
Route to: "PersonaBusiness92"
$outbound:
<con:endpoint name="BusinessService$PruebaWSsecurity$PersonaBusiness92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
</con:request>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
$body (request):
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<per:getPersona xmlns:per="http://com/indra/persona">
<per:nombre>string</per:nombre>
<per:apellidos>string</per:apellidos>
</per:getPersona>
</soapenv:Body>
$header (request):
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
$attachments (request):
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
Message Context Changes
added $outbound
<con:endpoint name="BusinessService$PruebaWSsecurity$PersonaBusiness92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:uri>http://esmadaix01:9103/WSPersona/Persona</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<tran:user-header name="SOAPAction" value=""""/>
<tran:user-header name="X-Powered-By" value="Servlet/2.4 JSP/2.0"/>
<http:Content-Type>text/xml; charset="utf-8"</http:Content-Type>
<http:Date>Mon, 22 Jun 2009 10:34:18 GMT</http:Date>
<http:Transfer-Encoding>chunked</http:Transfer-Encoding>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
<tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">OK</tran:response-message>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
<http:http-response-code>200</http:http-response-code>
</con:response>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
changed $header
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>
changed $inbound
<con:endpoint name="ProxyService$PruebaWSsecurity$PersonaProxy92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:uri>/PersonaProxy92</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username><anonymous></con:username>
</con:transportClient>
<con:messageLevelClient>
<con:username>securityUser</con:username>
<con:principals>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:messageLevelClient>
</con:security>
</con:endpoint>
changed $attachments
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
changed $body
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<m:getPersonaResponse xmlns:m="http://com/indra/persona">
<persona>
<correo>[email protected]</correo>
<telefono>91546789</telefono>
</persona>
</m:getPersonaResponse>
</soapenv:Body>
System Error Handler
$fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
*<con:reason>*
*A web service security fault occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Unable to add security token for identity]*
*</con:reason>*
<con:details>
<err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">soapenv:Server</err:faultcode>
<err:faultstring>
Unable to add security token for identity
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>
We have the same problem.
Have you the reposne?
Request Document
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
<soapenv:Body>
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="unt_ZqnW7MTAb7P77cPL" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>weblogic10</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">??????????????</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soapenv:Body>
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
</soapenv:Envelope>
Response Document
The invocation resulted in an error: .
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>
Unable to add security token for identity
</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
Response Metadata
<con:metadata xmlns:con="http://www.bea.com/wli/sb/test/config">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">1</tran:response-code>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:metadata>
Invocation Trace
(receiving request)
Initial Message Context
added $body
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
added $header
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
added $inbound
<con:endpoint name="ProxyService$ctxweb$t17i_wss-1" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:uri>/ctxweb/t17i_wss_1</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username><anonymous></con:username>
</con:transportClient>
<con:messageLevelClient>
<con:username>weblogic10</con:username>
<con:principals>
<con:group>AdminChannelUsers</con:group>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:messageLevelClient>
</con:security>
</con:endpoint>
added $messageID
6412299231164769748--466a8253.12535a4d4fe.-7f29
RouteTo_NORA-bs
Routed Service
Route to: "NORA-bs"
$outbound:
<con:endpoint name="BusinessService$business$NORA-bs" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
</con:request>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
$body (request):
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
$header (request):
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
$attachments (request):
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
Message Context Changes
added $outbound
<con:endpoint name="BusinessService$business$NORA-bs" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:uri>
http://www.integracion.jakina.ejiedes.net/t17iApiWSWar/t17iApiWS
</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<tran:user-header name="Set-Cookie" value="JSESSIONID=Q02mLVvKw8hRcvYm7nwmyJyCQHC2FJknpGbltNPnsqp2gstzHy0M!-1566668667!734317392; path=/"/>
<http:Connection>close</http:Connection>
<http:Content-Length>666</http:Content-Length>
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:Date>Tue, 01 Dec 2009 14:59:22 GMT</http:Date>
<http:Server>
Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7a
</http:Server>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
<tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">OK</tran:response-message>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
<http:http-response-code>200</http:http-response-code>
</con:response>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
changed $body
<env:Body xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<m:pais_getByDescResponse xmlns:m="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<n1:result xsi:type="n2:ArrayOfPais" xmlns:n1="http://www.ejie.es/webServiceEJB/t17iApiWSWar" xmlns:n2="java:t17i.vo">
<n2:Pais xsi:type="n2:Pais">
<n2:descripcionOficial>Bulgaria</n2:descripcionOficial>
<n2:id>104</n2:id>
</n2:Pais>
</n1:result>
</m:pais_getByDescResponse>
</env:Body>
changed $attachments
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
changed $inbound
<con:endpoint name="ProxyService$ctxweb$t17i_wss-1" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:uri>/ctxweb/t17i_wss_1</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username><anonymous></con:username>
</con:transportClient>
<con:messageLevelClient>
<con:username>weblogic10</con:username>
<con:principals>
<con:group>AdminChannelUsers</con:group>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:messageLevelClient>
</con:security>
</con:endpoint>
changed $header
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>
System Error Handler
$fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
<con:reason>
A web service security fault occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Unable to add security token for identity]
</con:reason>
<con:details>
<err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">soapenv:Server</err:faultcode>
<err:faultstring>
Unable to add security token for identity
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>
Similar Messages
-
What needs to configured to support UserName Token Profile for WS Security
Hi,
Using Weblogic 8.1. Have a bunch of web services. Want to support a UserName Token Profile thru Identity assertion. If we use the default authenticator and defaut Identity assertor will it work ? We'll configure the username / pwd thru WebLogic console for the realm.
ThanksThis implies that ODP.NET does NOT need to be installed on a client. However, I cannot find OraOPs9.dll on a machine with Client Release 9.2 installed. Should OraOps?.dll automatically come with a Client installation of 9.2 or higher?
ODP.NET needs to be installed on the client. OraOps9.dll is part of ODP.NET, not the Oracle Client.
Also, if an application is built with the 10g ODP.NET, can it be run from a machine with OraOps9.dll?
If an application is built with 10g ODP.NET, it can be run with 9.2 ODP.NET as long as you do not use any 10g APIs. The new features in 10g ODP.NET are included in the doc and the ODP.NET FAQ for your reference. -
Problems with JAX-WS when using security (e.g. username token profile)
Hello,
I am deploying a web service on weblogic 11g (10.3.1) with this policy:
@Policy(uri = "policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",attachToWsdl=true)
I have another web application as client which is using a JAX-WS SOAP handler to communicate with web service
and everything works fine when my client is deployed on tomcat 6 (JRE 6) (anthentication goes through)
The handleMessage() method of my handler is posted here :
public boolean handleMessage(SOAPMessageContext context) {
m_logger.debug("UserNameTokenHandler handleMessage() called");
Boolean outboundProperty = (Boolean) context.get (MessageContext.MESSAGE_OUTBOUND_PROPERTY);
SOAPMessage message =context.getMessage();
if (outboundProperty.booleanValue()) {
m_logger.debug("\n (client protocol handler) Outbound message:");
try {
SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
SOAPHeader header = envelope.getHeader();
if (header == null ) {
header = envelope.addHeader();
SOAPElement security = header.addChildElement("Security", "wsse", WSSE_NAMESPACE);
SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
usernameToken.addAttribute(new QName("xmlns:wsu"), WSU_NAMESPACE);
SOAPElement username = usernameToken.addChildElement("Username", "wsse");
username.addTextNode(user);
SOAPElement password = usernameToken.addChildElement("Password", "wsse");
password.addTextNode(pass);
} catch (Exception e) {
m_logger.error("Failed to add username token profile security", e);
} else {
m_logger.debug("\n (client protocol handler) Inbound message:");
return true;
but when I deploy the same client on weblogic server it fails to communicate with my web service with this error:
javax.xml.ws.soap.SOAPFaultException: Unable to add security token for identity, token uri =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
I noticed Weblogic has some packages to handle security like:
weblogic.wsee.security.unt.ClientUNTCredentialProvider
weblogic.xml.crypto.wss.provider.CredentialProvider
weblogic.xml.crypto.wss.WSSecurityContext
So I added another mechanism using weblogic package to add username password to SOAP header
Map<String, Object> request = ((BindingProvider) proxy).getRequestContext();
if (connectInfo.get("username") != null && connectInfo.get("password") != null) {
List<CredentialProvider> credProviders = new ArrayList<CredentialProvider>();
//client side UsernameToken credential provider
CredentialProvider cp = new ClientUNTCredentialProvider((String)connectInfo.get("username"),
(String)connectInfo.get("password"));
credProviders.add(cp);
request.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
This seems to be ok but only for weblogic.
I don't want to have one client for deploying on weblogic and another one for JAX-WS
I suppose weblogic follows the standard and should support the original approach.
Is this an incompatibly issue or am i missing somethingIn one of WLP Pageflows, I invoke a SOA BPEL WebService that needs Security Header like the way you have. I have my own Handler class and I call the below private method in handleMessage(...) and so far it is working fine. Security Header is adding fine.
One difference I could see in your method and my method is when we create SOAPElement for "Security" Tag, at the time of creation itself, I pass the third argument also that is the namespace. I remember vaguely, when I used code like yours, like first instantiate with only 2 args. Then set the namespace. It did not work. So I used the API, that takes the namespace as third argument.
So try something like below. This is a working code snipped deployed on WLP 10.3 (WLP is on top of WLS 10.3).
Thanks
Ravi Jegga
private void setSOAPSecurityHeader(SOAPEnvelope soapEnvelope) throws Exception {
try {
//soapEnvelope.addNamespaceDeclaration("soap", "http://schemas.xmlsoap.org/soap/envelope/");
soapEnvelope.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
SOAPHeader header = soapEnvelope.addHeader();
String namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
SOAPElement securityElement = header.addHeaderElement(soapEnvelope.createName("Security", "wsse", namespace));
securityElement.addNamespaceDeclaration("", namespace);
//securityElement.addNamespaceDeclaration("env", "http://schemas.xmlsoap.org/soap/envelope/");
SOAPElement usernameTokenElement = securityElement.addChildElement(soapEnvelope.createName("UsernameToken", "wsse", namespace));
usernameTokenElement.addNamespaceDeclaration("", namespace);
SOAPElement usernameElement = usernameTokenElement.addChildElement(soapEnvelope.createName("Username"));
SOAPElement passwordElement = usernameTokenElement.addChildElement(soapEnvelope.createName("Password"));
// For Testing Purposes only hardcoded this username and password values. Later on this may be set dynamically
usernameElement.setValue("xxxxxxx");
passwordElement.setValue("yyyyyyy");
//SOAPBody soapBody = soapEnvelope.getBody();
//SOAPHeader soapHeader = soapEnvelope.getHeader();
} catch (Exception e) {
// Handle This error in the main method that is calling this private method. So just return the Exception as it is...
throw e;
} -
Oracle Service Registry - UserName Token profile
Hi,
My web services use UserName Token profile for authentication. It also supports encryption. Is there a way to publish these information along with the wsdl?
SteveThank you for your helpful reply!
Although the installation appears to fail, the db schema is actually created.
Thus, when I run installation the next time, having selected an existing db schema, all appears to go well.
NA
http://nickaiva.blogspot.com
Edited by: Nick Aiva on Dec 29, 2010 10:20 AM -
Enable userName Token profile in Java client policy file
My stand-alone java client invokes a .Net web service which implements wse 3.0. userName Token. However, when I ran my client program with the policy file which I converted from .Net config policy. I got errors. How could I make this right?
[java] java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] FaultString [Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.] FaultActor [http://192.168.254.102/TestImageserver2007/DLImageService.asmx]No Detail; nested exception is:
[java] javax.xml.rpc.soap.SOAPFaultException: Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.
[java] fetchMostRecent() Failed...
[java] at digimarc.foto.webservice.clientstub.ImageServiceSoap_Stub.imagingFolioFetchMostRecent(ImageServiceSoap_Stub.java:137)
[java] at digimarc.foto.webservice.Client.main(Client.java:40)
[java] Caused by: javax.xml.rpc.soap.SOAPFaultException: Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.
[java] at weblogic.wsee.codec.soap11.SoapCodec.decodeFault(SoapCodec.java:311)
[java] at weblogic.wsee.ws.dispatch.client.CodecHandler.decodeFault(CodecHandler.java:114)
[java] at weblogic.wsee.ws.dispatch.client.CodecHandler.decode(CodecHandler.java:99)
[java] at weblogic.wsee.ws.dispatch.client.CodecHandler.handleFault(CodecHandler.java:87)
[java] at weblogic.wsee.handler.HandlerIterator.handleFault(HandlerIterator.java:248)
[java] at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.java:218)
[java] at weblogic.wsee.ws.dispatch.client.ClientDispatcher.handleResponse(ClientDispatcher.java:159)
[java] at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:114)
[java] at weblogic.wsee.ws.WsStub.invoke(WsStub.java:89)
[java] at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:331)
[java] at digimarc.foto.webservice.clientstub.ImageServiceSoap_Stub.imagingFolioFetchMostRecent(ImageServiceSoap_Stub.java:132)
Policy file used:
<?xml version="1.0" ?>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wssp="http://www.bea.com/wls90/security/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part">
<!-- Accompany outgoing SOAP messages with a username and password before sending them
out on the wire. -->
<wssp:Security>
<wssp:userNameToken>
<wssp:userName>weblogic</wssp:userName>
<wssp:password type="TEXT">weblogic</wssp:password>
</wssp:userNameToken>
</wssp:Security>
</wsp:Policy>
.Net config policy file:
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<extensions>
<extension name="kerberosSecurity" type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="kerberos" type="Microsoft.Web.Services3.Design.KerberosTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="usernameOverTransportSecurity" type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="AuthorizationPolicy">
<kerberosSecurity establishSecurityContext="false" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false" ttlInSeconds="300">
<token>
<kerberos targetPrincipal="host/nbcis1" impersonationLevel="Identification" />
</token>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
<policy name="InteropPolicy">
<usernameOverTransportSecurity />
<requireActionHeader />
</policy>
<policy name="NamePolicy">
<usernameOverTransportSecurity >
<clientToken>
<username username="nbdls\joejoe" password="ImAGe!" />
</clientToken>
</usernameOverTransportSecurity>
<requireActionHeader />
</policy>
</policies>Thanks Carlo for the suggestion. That helps to overcome my huge hurdle. The username and password were sent successfully in the SOAP header to .Net web service.
However, there is still some errors on the java client side. I am getting:
[java] java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] FaultString [Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.] FaultActor [http://192.168.254.102/TestImageserver2007/DLImageService.asmx]No Detail; nested exception is:
[java] javax.xml.rpc.soap.SOAPFaultException: Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.
[java] at digimarc.foto.webservice.clientstub.ImageServiceSoap_Stub.imagingFolioFetchMostRecent(ImageServiceSoap_Stub.java:137)
[java] at digimarc.foto.webservice.Client.main(Client.java:58)
[java] Caused by: javax.xml.rpc.soap.SOAPFaultException: Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.
[java] at weblogic.wsee.codec.soap11.SoapCodec.decodeFault(SoapCodec.java:311)
[java] at weblogic.wsee.ws.dispatch.client.CodecHandler.decodeFault(CodecHandler.java:114)
[java] at weblogic.wsee.ws.dispatch.client.CodecHandler.decode(CodecHandler.java:99)
[java] at weblogic.wsee.ws.dispatch.client.CodecHandler.handleFault(CodecHandler.java:87)
[java] at weblogic.wsee.handler.HandlerIterator.handleFault(HandlerIterator.java:248)
[java] at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.java:218)
[java] at weblogic.wsee.ws.dispatch.client.ClientDispatcher.handleResponse(ClientDispatcher.java:159)
[java] at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:114)
[java] at weblogic.wsee.ws.WsStub.invoke(WsStub.java:89)
[java] at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:331)
[java] at digimarc.foto.webservice.clientstub.ImageServiceSoap_Stub.imagingFolioFetchMostRecent(ImageServiceSoap_Stub.java:132)
[java] ... 1 more
The statement:
"Action for ultimate recipient is required but not present in message". What is missing?
This is what I have in my java client:
FileInputStream [] inbound_policy_array = new FileInputStream[1];
inbound_policy_array[0] = new FileInputStream("Auth.xml");
FileInputStream [] outbound_policy_array = new FileInputStream[1];
outbound_policy_array[0] = new FileInputStream("Auth.xml");
//create service and port
ImageService imageService = new ImageService_Impl(args[0]);
//specify an array of policy files for the request and response of a
//particular operation
ImageServiceSoap array_of_policy_port = imageService.getImageServiceSoap("ImagingFolioFetchMostRecent", inbound_policy_array, outbound_policy_array);
//create credential provider and set it to the Stub
List credProviders = new ArrayList();
//client side UsernameToken credential provider
CredentialProvider cp = new ClientUNTCredentialProvider("nsbbdl\\joejoe", "ImAGes!");
credProviders.add(cp);
Stub stub = (Stub)array_of_policy_port;
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
try {
ApplicantDataFolio adf = array_of_policy_port.imagingFolioFetchMostRecent("1001917");
} catch (Throwable e) {
} -
Consuming Web Service using WS-Security: USERNAME Token
Hi ABAP Experts,
we like to consume a self defined web service between to SAP systems (ECC6 701/006). Without any security settings the connection is successfully. But we like to setup a message security like USERNAME Token.
The wss profiles are already created by using TX: WSSPROFILE. Therefore we used the templates "SET_USERNAME" and "CHECK_USERNAME". The service user "DELAY_L<sid>" has been generated as well. The problem is in SOAMANAGER we can't find the related configuration (For Provider and Consumer) to set the parameters "PROFILE In" and "Profile Out" like it was in the obsolete TX "LPCONFIG".
Can anybody help me to find out how to configure USERNAME Token using SOAMANAGER.
Thank you very much in advance.
Kind regards
AxelHi,
The following articles would be helpful:
.net call WS-Security enabled web service (created in java)
http://stackoverflow.com/questions/2138129/net-call-ws-security-enabled-web-service-created-in-java
WS-Security Protocol with .NET – A Overview
http://www.c-sharpcorner.com/UploadFile/mahesha/WSSecurityProtocol11232005052243AM/WSSecurityProtocol.aspx
An introduction to Web Service Security using WSE - Part I
http://www.codeproject.com/Articles/7062/An-introduction-to-Web-Service-Security-using-WSE
As this question is not relate to SharePoint, I suggest you post it to a suitable Forum, you will get more help and confirmed answers from there.
Best Regards
Dennis Guo
TechNet Community Support -
URGENT ::: How to add UserName Token to SOAP Message Header.
Hi,
I created a webservice client using CLIENTGEN utility of weblogic from the WSDL file. When I am trying to call a webservice which is hosted on TOMCAT server, I am getting the following exception::
5/12/2008 06:09:02 com.sun.xml.wss.impl.filter.DumpFilter process
INFO: ==== Sending Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://settlementService.au.db.com/types">
<env:Body>
<env:Fault>
<faultcode xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:FailedAuthentication</faultcode>
<faultstring>Message does not conform to configured policy [ AuthenticationTokenPolicy ]: No Security Header found</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
==== Sending Message End ====
The webservice ic configured as secured webservice, there is some certificate file which was provided to me from client. Useing java KEYTOOL command I have created the keystore from that certificate and configure it in the weblogic server console.
Issue is the SOAP message header is blank I need to add the USERNAME TOken profile to this header, in order to access this webservice. The current CLIENT code snippet is shown below:
try{
String WSDLUrl = "https://shappzu2.au.db.com:8297/settlementService-ws/settlementService?WSDL";
String wsUserName = "tracer-us";
String wsPassword = "R0na!do#11";
InputStream[] policies = new InputStream[]{Client.class.getResourceAsStream("/wl-unt-policy.xml")};
SettlementService_Impl settlementServiceObj = new SettlementService_Impl(WSDLUrl);
SettlementServiceFacade port = settlementServiceObj.getSettlementServiceFacadePort(policies, policies);
List credProviders = new ArrayList();
CredentialProvider cp = new ClientUNTCredentialProvider(wsUserName.getBytes(), wsPassword.getBytes());
credProviders.add(cp);
Stub stub = (Stub)port;
// Set stub property to point to list of credential providers
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
if(sharesXMLString != null && sharesXMLString.length() > 0) {
port.loadEquityTrade(sharesXMLString);
}catch(Exception e){
//throw new SystemException(e.getMessage());
e.printStackTrace();
Can any one help me in this?1) Use something like TCPmon https://tcpmon.dev.java.net/ or verbose logging to see the actual message content on the wire that the client is sending
2) Inside the WLS samples there is a UNT sample in the INSTALL_DIR/wlserver_10.0(or equivalent)/samples/server/examples/src/examples/webservices/security_jws
If that works correctly and puts the UNT in the header, then I would compare that code with yours. -
How to set WS Username token programmatically in java?
Hi,
Jdev Version: 11.1.1.4.0.
I have created a webservice proxy using Jdev from a wsdl.
I need to invoke a service from the client. But for this I need to set the username token in SOAP header to access the service.
The username token is not exposed or generated in the client.
When I run it from SOAP ui, I manually enetered,
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-7" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>1234</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">1111111111</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">XXXXXXXXXXXXXXXXXXXXXXXXXXX</wsse:Nonce>
<wsu:Created>2012-03-02T23:41:44.511Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
Without the username token I cannot invoke the service from my client code.
How do I add the username token to the generated clients in ADF?
Thanks in advance!!I tried it by setting the credentials in requestContext and got the error:
Exception in thread "main" javax.xml.ws.WebServiceException: No Content-type in the header!
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:268)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:124)
at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:121)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
at com.sun.xml.ws.client.Stub.process(Stub.java:272)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
at $Proxy35.ping(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
at $Proxy36.ping(Unknown Source)
Is there something else I need to do?
Thanks!
Edited by: 953940 on Oct 11, 2012 7:34 AM -
Using Saml token profile 1.1 with WLS 10.3
Hi All
I am a Student from IITB. I am trying use message-level authentication for webservices using SAML Token Profile 1.1 on weblogic 10.3. I have done the necessary configuration but I am getting an error
"Unable to add Security Token for Identity ". I Started the SamlCredMapper Debug flag on from the console and saw the logs and I saw that everything is going fine untill at one place it
gives this error
<Debug> <SecuritySAMLCredMap> ' *<1245866312123> <BEA-000000> *<SAMLCredentialMapperV2: getCredentialInternal(): InvalidParameterException while validating parameters: weblogic.security.service.InvalidParameterException: Unable to generate SAML Assertion: No partner ID or target resource>**
I do not know how to fix this problem. Please Tell me if anyone has any idea about it.
Thanks
regards,
Sanyam
//The Logs are as follows
<Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310425> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): initiator = Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("ssouser")
>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310425> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): resource = (null)>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310426> <BEA-000000> <SAMLRPConfigManager.findPartnerInTargetMap():Searching with key 'sender-vouches:http://usmumsanygoyal1:7001/SSOTryService/SSOTestHelloWorld'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310426> <BEA-000000> <SAMLRPConfigManager.findPartnerInTargetMap():Found partner 'rp_00001'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310436> <BEA-000000> <SAMLNameMapperCache.getNameMapper: Not found name mapper in the cache, try to create one>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310437> <BEA-000000> <SAMLNameMapperCache.getNameMapper: create SAMLNameMapperImpl name mapper>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310439> <BEA-000000> <SAMLNameMapperImpl: mapSubject: No valid WLSGroup pricipals found in Subject, continuing>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310439> <BEA-000000> <SAMLNameMapperImpl: mapSubject: Mapped subject: qualifier: null, name: ssouser, groups: []>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310440> <BEA-000000> <SAMLCreateAssertion: Mapped subject 'Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("ssouser")
' to: username='ssouser',qualifier='null',format='urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310442> <BEA-000000> <SAMLCreateAssertion: No context or subject attribute were mapped>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310442> <BEA-000000> <SAMLCreateAssertion: Groups attribute statement requested but name mapper returned no groups -- groups attribute statement will not be generated>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: Creating sender-vouches assertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: Assertion IS signed>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: KeyInfo IS NOT supplied>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: AttrStmtInfo IS NOT supplied>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310460> <BEA-000000> <SAMLCreateAssertion: Created SAMLSubject for 'ssouser'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310460> <BEA-000000> <SAMLCreateAssertion: Created SAMLSubject>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310475> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Cloning SAMLSubject>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310476> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Created SAMLAuthenticationStatement>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310484> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Signing assertion, keyinfo is included>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310508> <BEA-000000> <SAMLSignedObject.sign(): algorithm 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310509> <BEA-000000> <SAMLSignedObject.sign(): reference '#b21cfea8d3c90fee97a3100a59b0005e'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310509> <BEA-000000> <SAMLSignedObject.sign(): InclusiveNamespaces '#default saml samlp ds dsig code kind rw typens'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310542> <BEA-000000> <SAMLSignedObject.sign(): adding certificates>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310556> <BEA-000000> <SAMLSignedObject.sign(): signing object>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLSignedObject.sign(): completed>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Signed assertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Created SAMLAssertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCreateAssertion: Returning assertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): Returning non-null credential>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311896> <BEA-000000> <SAMLIdentityAsserter: assertIdentity() called>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311897> <BEA-000000> <SAMLIdentityAsserter: SAMLIdentityAsserter: tokenType is 'SAML.Assertion.DOM'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311903> <BEA-000000> <SAMLAssertion: Assertion passed basic validity check>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311905> <BEA-000000> <SAMLAssertion: Target for assertion is: 'http://usmumsanygoyal1:7001/SSOTryService/SSOTestHelloWorld'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311905> <BEA-000000> <SAMLAssertion: Assertion issuer is: 'http://usmumsanygoyal1:7001/'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311906> <BEA-000000> <SAMLAssertion: Assertion subject confirmation method is: 'urn:oasis:names:tc:SAML:1.0:cm:sender-vouches'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAPConfigManager.findPartnerInTargetMap():Searching with key 'sender-vouches:http://usmumsanygoyal1:7001/&http://usmumsanygoyal1:7001/SSOTryService/SSOTestHelloWorld'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAPConfigManager.findPartnerInTargetMap():Found partner 'ap_00001'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAssertion: Found asserting party 'ap_00001'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAssertion: Assertion is signed>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311908> <BEA-000000> <SAMLTrustManager: Looking for certificate alias 'testalias'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311930> <BEA-000000> <SAMLTrustManager: Certificate was found>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311937> <BEA-000000> <SAMLSignedObject.verify(): key supplied>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311963> <BEA-000000> <SAMLSignedObject.verify(): obtained signed info>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311963> <BEA-000000> <SAMLSignedObject.verify(): validating signature>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311970> <BEA-000000> <SAMLSignedObject.verify(): completed>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311970> <BEA-000000> <SAMLAssertion: Signature verified using trusted certificate>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311977> <BEA-000000> <Got signing certificate for signed object: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311977> <BEA-000000> <SAMLAssertion: Assertion subject confirmation method is: 'urn:oasis:names:tc:SAML:1.0:cm:sender-vouches'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311977> <BEA-000000> <SAMLAssertion: Verified subject confirmation method>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311978> <BEA-000000> <SAMLAssertion: Assertion issuer is 'http://usmumsanygoyal1:7001/'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311978> <BEA-000000> <SAMLAssertion: Assertion issuer verified>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: Assertion contains NotBefore condition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: Assertion contains NotOnOrAfter condition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: NotBefore condition satisfied>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: NotOnOrAfter condition satisfied>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Assertion has AudienceRestrictionCondition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Found matching audience 'http://usmumsanygoyal1:7001/'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: AudienceRestriction condition satisfied (matching audience)>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Assertion has DoNotCache condition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Assertion conditions verified>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311986> <BEA-000000> <SAMLAssertion: Found subject for name: 'ssouser'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLNameMapperCache.getNameMapper: Not found name mapper in the cache, try to create one>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLNameMapperCache.getNameMapper: create SAMLNameMapperImpl name mapper>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLAssertion: Looking for AttributeName 'Groups'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLAssertion: Looking for AttributeNamespace 'urn:bea:security:saml:groups'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLAssertion: ProcessGroups is true but did not find expected groups attribute statement>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311988> <BEA-000000> <SAMLNameMapperCache.getNameMapper: Found name mapper in the cache>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311988> <BEA-000000> <SAMLNameMapperImpl: mapNameInfo: returning name: ssouser>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311989> <BEA-000000> <SAMLNameMapperImpl: mapGroupInfo: returning groups: null>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311989> <BEA-000000> <SAMLIACallbackHandler: SAMLIACallbackHandler(true, ssouser, null)>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311996> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(ssouser)>
####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866312002> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(ssouser)>
####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLCredMap> ' <1245866312122> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLCredMap> ' <1245866312122> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
_####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLCredMap> ' *<1245866312123> <BEA-000000> **<SAMLCredentialMapperV2: getCredentialInternal(): InvalidParameterException while validating parameters: weblogic.security.service.InvalidParameterException: Unable to generate SAML Assertion: No partner ID or target resource>**_*Client Side
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:credential-mapper xsi:type="wls:saml-credential-mapper-v2Type">
<sec:name>SAMLCredentialMapper</sec:name>
<wls:issuer-uri>www.bea.com/demoSAML</wls:issuer-uri>
<wls:name-qualifier>bea.com</wls:name-qualifier>
<wls:signing-key-alias>testalias</wls:signing-key-alias>
<wls:default-time-to-live-delta>-30</wls:default-time-to-live-delta>
<wls:signing-key-pass-phrase-encrypted>{3DES}dOC15C42IEzCnN/klGIdyQ==</wls:signing-key-pass-phrase-encrypted>
</sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:key-store xsi:type="wls:default-key-storeType">
<sec:name>keystore</sec:name>
</sec:key-store>
<sec:name>myrealm</sec:name>
</realm>
Server side
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:saml-identity-asserter-v2Type">
<sec:name>SAMLIdentityAsserter</sec:name>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
Sanyam -
Unable to sign SOAP Kerberos Token Profile message
I'm constructing a SOAP Kerberos Token Profile message in Java 1.6 and am unable to sign the BinarySecurityToken to send to a .NET service.
My aim is to achieve SSO from the Windows Desktop for the user that has already logged on using a Java Client.
(i.e. I don't want to use JAAS to ask the user to login again).
Based on my reading so far, I'm using the javax.security.auth.useSubjectCredsOnly set to false to force the use of the underlying mechanism (in this case the windows credential cache).
I've also configured the jaas.conf as follows:
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required debug=true useTicketCache=true doNotPrompt=true;
My problem is this, in order to sign the BinarySecurityToken element, which contains the Base64 encoded Kerberos service ticket, I need to gain access to the shared session key which is embedded in the service ticket.
Some other posts, in particular this (excellently written) one,
http://thejavamonkey.blogspot.com/2008/05/hacking-jvm-kerberos-libraries-session.html
demonstrate how to do this, by this assumes the use of a JAAS subject and takes advantage of the feature that the GSS-API copies the session key to the private credentials of the Subject when initiating a security context.
However I cannot use storekey=true in combination with the above configuration, as the excerpt from the Krb5LoginModule states:
storeKey=true useTicketCache = true doNotPrompt=true;;
This is an illegal combination since storeKey is set to true but the key can not be obtained either by prompting the user or from the keytab.A configuratin error will occur.
I note that when I step through the code, the session key does indeed seem to be available on the gssCredential object as a property:
gssCredential->tempCred->sessionKey->keyBytes[16]
which seems to be the expected session key size 16 * 8 = 128 (Basic128)
However I cannot find any GSS API method that can obtain this key! I note another reference from the Oracle API:
http://download.oracle.com/docs/cd/E15523_01/apirefs.1111/e10678/oracle/security/xmlsec/wss/kerberos/package-summary.html
In particular this handy method:
<ul><li>Sign/Encrypt using the kerberos session key
There is no public API to get the session key, so we have provided a utility method.
SecretKey sessionKey = KerberosUtils.getSessionKey(gssContext);
WSSEncryptionParams eParams = new WSSEncryptionParams(XMLURI.alg_tripleDES_CBC, sessionKey, null, null, str);
WSSecurity.encryptNoEncKey(...)
</li>
</ul>
This looks like exactly what I'm after however this API seems related to Oracle 11g so I'm not sure if it is:
- open source
- if this is the intended usage by the GSS API developers?
Any help on this point would be very greatly appreciated!
Edited by: jas71 on Aug 4, 2010 8:49 AMValidation of the signature on the .NET server is failing with the following error:
*The key size requirements for the 'Basic128' algorithm suite are not met by the
'System.IdentityModel.Tokens.KerberosReceiverSecurityToken' token which has key
size of '64'*
I'm using the session key to create the signature value as follows:
private static String generateSignatureValue(byte[] sessionKey, String cipherText) {
final String mode = "HmacSHA1";
final SecretKey key = new SecretKeySpec(sessionKey, mode);
Mac mac;
try {
mac = Mac.getInstance(mode);
mac.init(key);
byte[] signatureValueBytes = mac.doFinal(cipherText.getBytes());
return new String(Base64.encodeBase64(signatureValueBytes));
The error is surprising given that the session key used in this method is actually 16 bytes long and would appear to meet the key size requirements (16 * 8 = 128 bit)?
This appears to be the last piece in the puzzle, signing the Kerberos Token Profile SOAP request. -
Unable to call Web Service with Username Token
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I posted this in the JDeveloper forum but got no response.
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I have JDeveloper 10g release 3.
I created a regular Java application. Added a Web service proxy with no special mappings or anything. Right clicked on the proxy and said "Secure Proxy". I only used basic plain text username token. Added a method to my class that call instantiates a client, and called the operation.
However when I run this I get the following error message.
SEVERE: No username found
Error::oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: No username found
The Web Service Security Proxy Wizard created an xml in my src file, that I updated to put the username and password of the web service. Below is the xml file.
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1"/>
<port-info>
<wsdl-port namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1Soap"/>
<runtime enabled="security">
<security>
<inbound/>
<outbound>
<username-token name="myusername" password="xxxxx" password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
</outbound>
</security>
</runtime>
<operations>
<operation name='TryMe'>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
And this configuration file is processed in the stub file.
setupConfig("project2/runtime/Service1Soap_Stub.xml");
What am I doing wrong. I cannot find any documentation on the secure web service client wizard and it's generated code.
Thanks, MIke L.Mike,
I updated the 3 xml files with the name and password and I get a different error now ...
WARNING: Unable to connect to URL: https://dssd001.ca.boeing.com:443/bartinterface/SOAP/resSetup.cgi due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
I am using the simple text based username auth, but jdev for some reason still goes and looks for the x509 cert? How did you get yours to work?
Thanks
Sriram -
R/3- PI- webservice. Pass userid/password for Username Token from R/3
Hello,
We (SAP R/3) need to call Webservices from third party for which we are using SAP-PI system as the Middleware.
The Password and ID for USERNAME TOKEN to be passed in the SOAP Header request needs to be sent through RFC in SAP R/3.
The requirement is that SAP-PI should use this ID/password and prepare the USername Token in the SOAP Request header for the Webservice Call.
Note: PI has AXIS framework installed on it.
Can you please suggest as to what should be done? Request you to please provide the Custom Code / Detailed configuration etc. that is required to be done at the PI end.
Note: I have searched the Forum but couldn't find anything a detailed information.
Thanks & Regards,
Abhishek JollyXSLT-Mapping looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output method="xml" indent="yes"/>
<xsl:template match="/">
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsh="http://something/wsh">
<soapenv:Header>
<wsh:Context>
<SessionId>
<xsl:value-of select="/*[local-name()
=MySoapFunction]/Parameters/Parameters
[Scope[text()='XI'] and Name[text()='SessionID']]/Value"/>
</SessionId>
</wsh:Context>
</soapenv:Header>
<soapenv:Body>
<wsh:MySoapFunction>
<xsl:if test="count(./*[local-name()=MySoapFunction]/Parameters/Parameters)>1">
<Parameters>
<xsl:for-each select="./*[local-name()=MySoapFunction]/Parameters/Parameters">
<xsl:if test="Scope!='XI'">
<Parameters>
<Scope><xsl:value-of select="Scope"/></Scope>
<Name><xsl:value-of select="Name"/></Name>
<Value><xsl:value-of select="Value"/></Value>
</Parameters>
</xsl:if>
</xsl:for-each>
</Parameters>
</xsl:if>
</wsh:MySoapFunction>
</soapenv:Body>
</soapenv:Envelope>
I save XSLT to file.
Input message that creates in XI and live only in BPM:
<?xml version="1.0" encoding="UTF-8"?>
<ns0:MySoapFunction xmlns:ns0="http://something/wsh">
<Parameters>
<Parameters>
<Scope>XI</Scope>
<Name>SessionID</Name>
<Value>0123456789</Value>
</Parameters>
<Parameters>
<Scope>otherScope</Scope>
<Name>someParam</Name>
<Value>someValue</Value>
</Parameters>
</Parameters>
</ns0:MySoapFunction>
In BPM's SendStep this message is used.
2) Create ZIP archive with this XSLT file (one archive can contains many XSLT programs). And Import ZIP it into XI. You can see this in Imported Archive and list of filenames of Archived Program in XI. -
Web Service Security username token...
Hi All,
I am presently trying to build in security authentication into my web service using the username-token and the verify-username-token tokens.
My WS_stub.xml on the proxy side looks like the following:-
other tokens
<security>
<inbound/>
<outbound>
<username-token name="NAME" password="PASS" password-type="DIGEST" add-nonce="true" add-created="true"/>
</outbound>
</security>
other tokens
and my oracle-webservices.xml on hte web service side looks like the following:-
other tokens
<security>
<inbound>
<verify-username-token name="NAME" password="PASS" password-type="DIGEST"
require-nonce="true"
require-created="true"/>
</inbound>
<outbound/>
</security>
other tokens
I have set the javacache.xml for the embedded OC4J location as follows:-
</persistence>
<max-objects>1000</max-objects>
<max-size>48</max-size>
<clean-interval>60</clean-interval>
</cache-configuration>
When I run the web service followed by the proxy I get the following error at the proxy side.
javax.xml.rpc.soap.SOAPFaultException: Policy requires DIGEST passwords
at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:60)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:47)
Also it gives exceptions with repect to nonces such as "Policy requires nonce". Please could someone tell me how to setup an nonce in the xml files above and how to use nonce in web services?
Regards,
Lester.Hi All,
Presently I am trying to set the security for my web service and am receiving the following error when doing so at the proxy side:-
oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: java.lang.NullPointerException
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.createSoapFaultException(InterceptorChainImpl.java:338)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleException(InterceptorChainImpl.java:256)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleRequest(InterceptorChainImpl.java:128)
at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorPipeline.handleRequest(AbstractInterceptorPipeline.java:87)
at oracle.j2ee.ws.client.StubBase._preRequestSendingHook(StubBase.java:699)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:147)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:62)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:49)
Process exited with exit code 0.
My WS_Stub.xml file under runtime of the proxy project looks as follows:-
<?xml version="1.0" encoding="UTF-8"?>
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://trailerinfo/" localpart="TrailerWS"/>
<port-info>
<wsdl-port namespaceURI="http://trailerinfo/" localpart="TrailerWSSoapHttpPort"/>
<runtime enabled="security">
<security>
<key-store name="mytestkeystore" store-pass="mytestkeystore" path="C:\Temp\mytestkeystore.jks"/>
<signature-key key-pass="sampwd" alias="sam"/>
<encryption-key key-pass="davepwd" alias="dave"/>
<inbound>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key alias="dave"/>
<encryption-method>3DES</encryption-method>
<keytransport-method>RSA-1_5</keytransport-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
<operations>
<operation name='addtrailerinfo'>
<runtime>
<security>
<inbound/>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key alias="test"/>
<encryption-method>3DES</encryption-method>
<keytransport-method>RSA-1_5</keytransport-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
My oracle-webservices.xml file looks like the following:-
<oracle-webservices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/oracle-webservices-10_0.xsd">
<webservice-description name="TrailerWS">
<port-component name="TrailerWSSoapHttpPort">
<runtime enabled="security">
<security>
<key-store name="mytestkeystore" store-pass="mytestkeystore"
path="META-INF/mytestkeystore.jks"/>
<signature-key key-pass="sampwd" alias="sam"/>
<encryption-key key-pass="davepwd" alias="dave"/>
<inbound>
<verify-username-token password-type="PLAINTEXT"
require-nonce="false"
require-created="true"/>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key key-pass="" alias="dave"/>
<encryption-method>3DES</encryption-method>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
<operations>
<operation name="addtrailerinfo"
input="{http://trailerinfo/}addtrailerinfoElement">
<runtime>
<security>
<inbound>
<verify-username-token require-nonce="false"
require-created="true"
password-type="PLAINTEXT"/>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"
mode="CONTENT"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound/>
</security>
</runtime>
</operation>
</operations>
</port-component>
</webservice-description>
</oracle-webservices>
I checked this exception out at hte following link
http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html#keystore
which lists hte instructions to secure a web service. The trouble shooting section lists this exception and says it might be due to a timestamp created flag being set to false. However I have made sure that both the client and service side xml files above have this set to true and are matching.
However I am still not able to eliminate this error. Please could someone help me out? This is urgent.
Regards,
Lester. -
No mapping for Identity User Name in WS Security X.509 token profile
Hi,
I am trying to do interoperability tests with Apache WSS4J and Aqualogic ESB for X509 certificates.
I wrote the client and server in the Axis and WSS4J framework. It is worknig fine.
When I developed the proxy servcies in Aqualogic ESB with the configuration like Proxy Service Provider, Adding WS Policy statements in WSDL, keystore configuration, Credential mapping providers etc.., I am gettnig the following error always.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soa
penv:Header/><soapenv:Body><soapenv:Fault xmlns:wsse="http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:FailedA
uthentication</faultcode><faultstring>Failed to derive subject from token.javax.
security.auth.login.LoginException: [Security:090377]Identity Assertion Failed,
weblogic.security.spi.IdentityAssertionException: [Security:090377]Identity Asse
rtion Failed, weblogic.security.spi.IdentityAssertionException: [Security:090245
]No mapping for Identity User Name</faultstring></soapenv:Fault></soapenv:Body><
/soapenv:Envelope>
weblogic.xml.crypto.wss.WSSecurityException: Failed to derive subject from token.javax.security.auth.login.LoginException: [Security:090377]Identity Assertion F
ailed, weblogic.security.spi.IdentityAssertionException: [Security:090377]Identi
ty Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security
:090245]No mapping for Identity User Name
I am using X509 certificates for the digital singature only. I am not using SSL in the demo..
Could anyone help me in this regard since i am structup here for the last one week?
Regards,
PanduHi,
i have a question about setting up the OC4J server to
check against a cert revocation list (CRL) when:
1. SSL in standalone OC4J (no oracle http server)Probably not supported.
2. ws-security x.509 token profile (authenticate user by cert)OC4J + WS_SECURITY doesn't support CRL-s, sorry.
Hubert M. -
SAML Token Profile Policies Issues
Hi all
i want to secure a Web service using SAML Token Profile Policies. I am using Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml Policy.
I have Configured SAML 2.0 Identity Assertion Provider in my WebLogic Server. And added Identity Provider partner.
I gave the Issues as http://com.example.idp/AssertingParty
Below is the Soap Request Which i send to my Webservice.
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_15931837d93e95e7e7ffbaa038ad4942"
IssueInstant="2013-04-26T15:20:24.021Z" Version="2.0">
<saml:Issuer>http://com.example.idp/AssertingParty</saml:Issuer>
<saml:Subject>
<saml:NameID Format="NameID">weblogic_sp</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
</saml:Subject>
<saml:Conditions NotBefore="2013-04-26T15:24:14.021Z" NotOnOrAfter="2013-04-26T15:50:24.021Z"/>
<saml:AuthnStatement>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="Roles">
<saml:AttributeValue>Administrators</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wsse:Security>
</env:Header>
<env:Body/>
</env:Envelope>
I am Getting the below error.
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurityToken</faultcode>
<faultstring>Invalid SAML token on CCS?Invalid SAML token when samlAsst= null</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
I turned on the Verbose in the Weblogic server and Got the Below log when i invoke the Web Service.
<WSEE:24>Created<SoapMessageContext.<init>:48>
<WSEE:24>set Message called: [email protected]36368<SoapMessageContext.setMessage:65>
<WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
<WSEE:24>set Message called: [email protected]36368<SoapMessageContext.setMessage:65>
<WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
<WSEE:24>tokenType: null, cred: [saml:Assertion: null], privkey: null<SAMLCredentialImpl.<init>:107>
<WSEE:24>Class of cred is: class com.sun.xml.internal.messaging.saaj.soap.impl.ElementImpl<SAMLCredentialImpl.<init>:108>
<WSEE:24>Instantiating SAMLAssertionInfoFactory<SAMLCredentialImpl.<init>:113>
<WSEE:24>Getting SAMLAssertionInfo from DOM Element of CSS<SAMLCredentialImpl.<init>:141>
<WSEE:24>Got erroron on SAMLAssertionInfo from DOM Element of CSS, msg =[Security:098517]Failed to get SAML assertion info: Unable to construct SAML 1.1/2.0 Schema object, can not perform validation.<SAMLCredentialImpl.<init>:152>
Please let me if i am doing any thing wrong.
Thanks
RanjithHi all
i want to secure a Web service using SAML Token Profile Policies. I am using Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml Policy.
I have Configured SAML 2.0 Identity Assertion Provider in my WebLogic Server. And added Identity Provider partner.
I gave the Issues as http://com.example.idp/AssertingParty
Below is the Soap Request Which i send to my Webservice.
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_15931837d93e95e7e7ffbaa038ad4942"
IssueInstant="2013-04-26T15:20:24.021Z" Version="2.0">
<saml:Issuer>http://com.example.idp/AssertingParty</saml:Issuer>
<saml:Subject>
<saml:NameID Format="NameID">weblogic_sp</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
</saml:Subject>
<saml:Conditions NotBefore="2013-04-26T15:24:14.021Z" NotOnOrAfter="2013-04-26T15:50:24.021Z"/>
<saml:AuthnStatement>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="Roles">
<saml:AttributeValue>Administrators</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wsse:Security>
</env:Header>
<env:Body/>
</env:Envelope>
I am Getting the below error.
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurityToken</faultcode>
<faultstring>Invalid SAML token on CCS?Invalid SAML token when samlAsst= null</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
I turned on the Verbose in the Weblogic server and Got the Below log when i invoke the Web Service.
<WSEE:24>Created<SoapMessageContext.<init>:48>
<WSEE:24>set Message called: [email protected]36368<SoapMessageContext.setMessage:65>
<WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
<WSEE:24>set Message called: [email protected]36368<SoapMessageContext.setMessage:65>
<WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
<WSEE:24>tokenType: null, cred: [saml:Assertion: null], privkey: null<SAMLCredentialImpl.<init>:107>
<WSEE:24>Class of cred is: class com.sun.xml.internal.messaging.saaj.soap.impl.ElementImpl<SAMLCredentialImpl.<init>:108>
<WSEE:24>Instantiating SAMLAssertionInfoFactory<SAMLCredentialImpl.<init>:113>
<WSEE:24>Getting SAMLAssertionInfo from DOM Element of CSS<SAMLCredentialImpl.<init>:141>
<WSEE:24>Got erroron on SAMLAssertionInfo from DOM Element of CSS, msg =[Security:098517]Failed to get SAML assertion info: Unable to construct SAML 1.1/2.0 Schema object, can not perform validation.<SAMLCredentialImpl.<init>:152>
Please let me if i am doing any thing wrong.
Thanks
Ranjith
Maybe you are looking for
-
HI ALL, i have created a formletter report using the wizard, now i have 3 text items for eg hi customers, we invite u... regards ie three text items in the repeating frame , on some condition i am hiding the text2. My problems is when i am hiding tex
-
Cannot use Word2008 doc/docx file to Create PDF (single or multiple)
Attempting to Create PDF from File >> Single file or Multiple File>> selection of MS-Word2008 .docx or 97-compatible .doc file will error out. Adobe has replicated the problem of receiving the same exact error message with Word2008(mac) doc/docx file
-
"Wrong Sync Key" even though it's right on my laptop
Fired up a new laptop, installed Firefox 3.6.12, and Sync gets stuck at "Wrong Sync Key" when I try to activate Sync. I'm looking at my other laptop's working Sync key as I enter it--I'm entering the CORRECT sync key. I get the same results on the bu
-
Payment Print system and Script Assigning
Hi Experts In FI check(payment) print outs, we use FBZ5 transaction. In our company user defined script has been called from this transaction. how to call, is there any customization needed, i checked the standard program SAPMFCHK and includ
-
No RMAN records in control file
Hi, We're running 10.2.0.4 Database on AIX with no catalog Database. We keep all the backup info in controlfiles only. When we do that backup, we're able to successfully back it up (including archivelogs). But I'm unable to find any records in the co