SAML Validation Error - Proxy Service - Process WS-Security Header
I am testing a Proxy Service that inspects the WS-Security Header which contains a WS-Policy for a SAML Assertion sender-vouches. The SAML Assertion that is produced is valid according to the oassis schema, but ALSB 2.6 returns a SOAP Fault that the SAML Assertion is not valid. Is there any next steps I should take to diagnose the problem? Also, are there any good tools available for validating a SAML Assertion?
Here is the response of the ALSB 2.6 running on WebLogic 9.2. It is a simple proxy service we use to test whether SAML is working correctly or not. The client correctly sends the sender-voucher with the username/password/certificate alias and so forth.
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<soapenv:Fault
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<axis2ns1:Code xmlns:axis2ns1="http://www.w3.org/2003/05/soap-envelope">
<axis2ns1:Value>soapenv:Sender</axis2ns1:Value>
<axis2ns1:Subcode>
<axis2ns1:Value>wsse:InvalidSecurityToken</axis2ns1:Value>
</axis2ns1:Subcode>
</axis2ns1:Code>
<axis2ns2:Reason xmlns:axis2ns2="http://www.w3.org/2003/05/soap-envelope">
<axis2ns2:Text xml:lang="en-US"
>Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@563c52a[status: false][msg The SAML token is not valid.]</axis2ns2:Text>
</axis2ns2:Reason>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
Thanks,
Jay Blanton
Hi, Pls send your client code to my mail [email protected]
Similar Messages
-
OSB process WS-security header problem! Pls help
Hi All
We have protected all our osb proxy services with username token policy. The problem we are facing is that in some of the proxy services we want this header to be available within the message flow (for auditing purposes) but the process WS-security header option when selected removes this header before it enters the message flow.
If we untick this option, it does not authenticate the incoming soap request and proxy services is invoked even if wrong or no credentials are supplied.
Is there a way we can select this option for authentication and still have the username token intact within the soap header in the message flow. please help. ThanksPlease check the content of $inbound at runtime (with process WS-security header option enabled). You may get all the information for auditing purpose from that variable.
Regards,
Anuj -
Enable / Disable Process WS-Security Header in SOA Suite 11g
Hello,
how can I check the WS-Security Header without authenticate the username? In OSB is a flag "Process WS-Security Header", when I switch it off, the OSB only check the security context and did not check the correct authentication.
I didn't find a configuration in WebService Security Configuration. Is there a configuration to disable the authentifacation-module?
KInd regards
MarcelI have the same issue, I need to get the X.509 certificate from the security header but OSB removes them uppon authentication. So I cannot retrieve them !
-
Creating Proxy service over a secured BPEL process
Hi,
I have a BPEL process project A which I have secured using oracle/wss_username_token_service_policy
Now, I want to expose it over OSB as a proxy service.
After registering the WSDL, I tried to create Business Service over it.
It gave me a warning:
[OSB Kernel:398133]WSSP 1.2 policy assertions (Web Services Security Policy 1.2) are not allowed on this service.
What is the best approach to take.
Thanks.Get the wsdl of the OSB proxy service and create webservice parnerlink in BPEL based on this wsdl to invoke the service
To form the wsdl url, copy the Endpoint URI configured to the proxy service(just click on the proxy service in the console) from the sbconsole - /ATHGPUM_GlidePathService/ProxyService/ATHGPUM_GlidePathProxyService
Pre append <<protocol://OSB Hostname:OSB Port>> - http://localhost:8000/ and post append with ?WSDL
The final WSDL url look like - http://localhost:8000/ATHGPUM_GlidePathService/ProxyService/ATHGPUM_GlidePathProxyService?WSDL
Regards
Albin I -
Cluster Creation Validation Error - List Services
Good Afternoon All,
I am setting up a simple two node Windows 2008 SP2 Failover cluster. The nodes are brand new and patched with all updates. Having gone through this process many times before I was confident it would be quick and painless. However I am getting
the following validation error that I have never seen before:
An error occurred while executing the test. There was an error getting information about the running services on the nodes. There was an error retrieving information about the Services from node 'Node.domain'. Object reference not set to an instance of an
object
I'm at a complete loss as to where to start. If the task is to simply obtain a list of running services I would have thought that would be relatively straight forward. A simple Get-Service from Powershell will display those details. I have
located a KB article that refers to this exact error and there is a hotfix available but this is strictly for Windows 2008 R2 not R1 (SP2).
http://support.microsoft.com/kb/2559392
Has anyone seen this error before?Hi valleydoofer,
This error some time occur when you installed Powershell 3, please try to uninstall Powershell 3 from the nodes then rerun the validation.
More information:
Install and Configure Windows PowerShell
http://msdn.microsoft.com/en-us/library/cc952756(v=exchsrvcs.149).aspx
Best Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Read SAML attributes in Proxy service
Hi,
I need to read SAML attributes in a proxy service in OSB. But the SAML is not available.
The client call a service with encrypted SAML im Header, but when I read the header in Proxy service, the SAML is no more available.
Client call with:
Authorization: Basic MTAyOjw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+CjxzYW1sMnA6UmVzcG9uc2UgSUQ9IlJlc3BvbnNlX2YzY2ZkZjM5NWIyNzI3ZWFhZWEyZDlhYTRkMWNhY2RhNzgzNGMxZWMiIElzc3VlSW5zdGFudD0iMjAxMi0wOC0zMFQwNjoyMDoyMC43MDNaIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5uZXZpc0F1dGg8L3NhbWwyOklzc3Vlcj48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIElEPSJBc3NlcnRpb25fM2MxYzZlZGM1NWQ4ZDVhN2QzNmQ2NTkzMzlmMzgxNzBhOWU1Mzk0NiIgSXNzdWVJbnN0YW50PSIyMDEyLTA4LTMwVDA2OjIwOjIwLjM4OVoiIFZlcnNpb249IjIuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3Vlcj5uZXZpc0F1dGg8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KPGRzOlNpZ25lZEluZm8+CjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiNBc3NlcnRpb25fM2MxYzZlZGM1NWQ4ZDVhN2QzNmQ2NTkzMzlmMzgxNzBhOWU1Mzk0NiI+CjxkczpUcmFuc2Zvcm1zPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyI+PGVjOkluY2x1c2l2ZU5hbWVzcGFjZXMgUHJlZml4TGlzdD0ieHMiIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybT4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4KPGRzOkRpZ2VzdFZhbHVlPnRvUzBGM3lxSjdPTXpUZmYzQ05oVFlvQ0x1Yz08L2RzOkRpZ2VzdFZhbHVlPgo8L2RzOlJlZmVyZW5jZT4KPC9kczpTaWduZWRJbmZvPgo8ZHM6U2lnbmF0dXJlVmFsdWU+ClNjTlJBc0cvY2loSFB2cVRPTHhOSkNOQUhjdVNoU0NCZDQ4UTNDK1ZieHQ3OHVoZDZNbHdVdDhuaDVJc1hJK2k4SldWRFJiMnJVMUYKcGxYeUdrcWRDYWRtcVB5bjRUb00wZ2tLRTF3R05wb1lLYkFtaGl5ZDZyai9yK2E0SEVmUUxvQmxxWTQ4TTBzZWRra1dlY0orcGE1NwppbUM3ekNzWlhWbWFSNzdvZEZPVVhsR1FwNFlpbnlBaExrbVk1QjlkNjVZSE91akh3UFhLTURaT3VwSlExMURIcFE3N1p1WjE5WjNWClRWK2ZkRzl1RThBUmpKYVZobnJSdWdETWVEOWNaYnRDbkRyRWdaeFYwanAvWHB2TTg3cTEwYXNuWFZMaDRwWlA5eCtGSkNQQis4MS8KV21PK2VwRVZSZU0rLy85WU1xdlNTaXBaTXJ1N1AxZGs5K3R3eHc9PQo8L2RzOlNpZ25hdHVyZVZhbHVlPgo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlERERDQ0FmU2dBd0lCQWdJR0FUY3dvTzBVTUEwR0NTcUdTSWIzRFFFQkJRVUFNRll4Q3pBSkJnTlZCQVlUQW1Ob01SUXdFZ1lEClZRUUtEQXRVY21sMllXUnBjeUJCUnpFeE1DOEdBMVVFQXd3b2RISnBkbUZrYVhNZ1EwRWdLR3hqYlRBeE1ERXVZMnh2ZFdRdWRISnAKZG1Ga2FYTXVZMjl0S1RBZUZ3MHhNakExTURrd09EQTBNelphRncweU1qQTFNRGt3T0RBME5ERmFNRGd4Q3pBSkJnTlZCQVlUQW1ObwpNUlF3RWdZRFZRUUtEQXRVY21sMllXUnBjeUJCUnpFVE1CRUdBMVVFQXd3S1lYVjBhRk5wWjI1bGNqQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbWhjRTVWQ0JjVXNwTFVaa1JkRkxETFk2VFBjR3JmbUJmSkVFblVCUXF5MTZ5UG5LZmIKRVNFWjEzQnFCSVNKcEQ0aEpFRWJXZTFvY1hUSWJTSTNRaVE0Z1huMzdraXYwVmZkZmdmcGRDeW9zazIwbmRsWEsxbnFQcmdrREQzNwpSU0h5YXhYWW1QOExEWDF0UHNzbTJPT3lBdWtVcXgxVnJtRDc3SGttMHBuVGxKWWhlODVGZndiQnpQaGtJM3pWa0lZYmF5eHh2QkQrCldURjRZa0pQeUNRQmxxRUZGQ0I3enpsVUhRTzBTZngyK0Q0b3MyVSthbThjTHkvUUNQT2F0N0prQkZ0TXJOME5ZbWpOaEFBNWkyYkMKWHNnWldGNXM4bmZTU0Y4R0JYVWdTcXJyMVdKaHg2YVJ0V2xJcUl2ZFpGSStYbmttRHhiNjNtUDBDdVRmMnUwQ0F3RUFBVEFOQmdrcQpoa2lHOXcwQkFRVUZBQU9DQVFFQWF2YXdzMkFJM0NrZzhwclYrcFVOSGxlanV1aE5ZbEFlZGVFaUs3Z09jb29ScjEvV0N6cDA4cFdjCmE5ZThQWEhGTGJPeHJYMUNyeXA1bW9Xc3ZwRXFQMkhVbFZqK3d3ZWtnZERXVzFzaTdYZWI5YURyTmFvSnJQelp6ZzNvK2ZmaXRMM1EKeWYvRTcwemllZTladG5ZQk1Zc1ZIbituWHJzZlVsYVdjMzdYQzNPaWZtajc1WGYrZ0J0MmM1RUJLay8yV1cwaXlEZTJhQVpubisyNwpKTkU2bGE5SHVqWWlWS3pzMUpzRm5lNWJwT1dJZDZ5MW8rUnZSOVpsb1hSMjVMM2tMekd1ajBlRzdjaTE1eXBjY1o1NDlZaTdHRlhPClJxZTlKVnZPZERGcllCQnpEaHE4TWlEZG1aemVZbFEzS3NNNlU1SjE5ODVDRXJLa0NpNUdUTm9yanc9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMjpTdWJqZWN0PjxzYW1sMjpOYW1lSUQ+MTAyPC9zYW1sMjpOYW1lSUQ+PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMi0wOC0zMFQwNjoyMDoyMC4zODlaIiBOb3RPbk9yQWZ0ZXI9IjIwMTItMDgtMzBUMDY6MjU6MjAuMzg5WiIvPjxzYW1sMjpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTItMDgtMzBUMDY6MjA6MjAuMzg5WiI+PHNhbWwyOkF1dGhuQ29udGV4dD48c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDI6QXV0aG5Db250ZXh0Pjwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDI6QXR0cmlidXRlIE5hbWU9ImNsaWVudElkIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+MTAwPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9InJvbGVzIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyIvPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0ic2Vzc2lkIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyIvPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0ibG9naW5JZCI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciLz48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9InByb2ZpbGVJZCI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjEwMjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+PC9zYW1sMnA6UmVzcG9uc2U+
Is the security filtered ?
Thanks
YvesHi Sura,
The number of thread-count configured in your proxy-scheme is the number of concurrent client request that you proxy servers can handle. Ideally your (thread-count * proxy servers) = (clients * max requests). Also, you need to check that the byte/message backlog on the proxy servers is close to zero.
Hope this helps!
Cheers,
NJ -
Detecting validation errors during accept processing
I have a page with the following accept processing components
1. Process - On Submit - Before computations and validations
2. A validation
3. Process - On Submit - After computations and validations
When the page is first submitted, (1) runs fine. (2) runs and the validation fails so (3) doesn't run.
Now when I re-submit the page, I would like (1) to NOT run.
Is there a way to detect that the page is being re-submitted as a result of validation errors and hence suppress certain after-submit components from executing?
[As far as I know, the "Inline validation errors" declarative condition and the g_inline_validation_error_cnt variable only apply during the page rendering phase, so they can't be used here]
ThanksHello Vikas,
In version 3.0 you can use a hidden item as a flag, and set this flag with a on load procedure (and NOT computation). The first procedure will be conditioned by "Inline Validation Errors Displayed" and the second one with "NO Inline Validation Errors Displayed". Then you can condition your after submit processes with this flag.
>>As far as I know, the "Inline validation errors" declarative condition and the g_inline_validation_error_cnt variable only apply during the page rendering phase, so they can't be used here
A little test on my local instance confirm this.
Regards,
Arie. -
Movement type error for Service Processes
Hi All,
We are working on service scenario with CRM5.0 and R/34.6c.
The problem that we face is as follows,
Whenever we make a service confirmation with products with item cat group BANC the movement type is correctly determined as 261 but whenever our service confirmation contains the products with item category NORM, the R/3 system returns the error that the movement type 291 is not found for the business area.
Regards
Rekha DadwalThe error was due to the material type. We changed the material type and now it works fine
-
Validation Errors with new Install of W7 x64 Ent Debug Checker On New Equipment
I am receiving multiple Errors. I am trying to use the Windows 7 x64 Enterprise which happens to be the Debug Checker version OS as the host machine. I have only built the machine, and tried to load the Drivers.
I say this due to the starting issue that upon the loading of the entire driver set, (for the MB, Seagate Harddrive, and Vid Card), I would get the BSOD. I identified that the Bluetooth driver was the issue. I then did not load the Bluetooth
drivers for the MB on the 5<sup>th</sup> or so install of the 7 Ent os. (Tried Server 2k8 r2. Which is not compatible with the MB Drivers.)
I have not received a single Update either. The Auto update feature claims that I am up to date. I do not believe this due to the fact that any fresh Install of any OS has about several decades of updates and reboots to go through.
Upon trying the suggestions on the forum about turning off the IE Addons, the errors remain. Also the results of the sfc /scannow are copied below.
My Questions
I am seeking assistance on solving the Errors that have refused to leave me alone , to put it humorously and am asking for your insight and wisdom. Will you take a look??
Do I need to go to Win 7 Ent or Ult x64 that is not a Debug Checker version.
Are there other Microsoft download Registery file checkers besides the MGA Diag tool that are freeware that I can use to check, for corrupted registry files.
Or do I just need to take it to the stores (Fry’s and Microcenter) that recommended the equipment and have them just reload the software and allow them the headache of solving the error issue, by paying them to install the drivers and have ALL of the
drivers work. (including the blue tooth)
The Goal is to turn it into a Active Directory Server using Virtual Box with Server 2k8 R2 running in the virtual box environment.
Errors and Results.
There are also a number of logs that show various Crit, Error, and Warning logs. I will include those if need be.
This is the majority of the error messages, and I have missed the opportunity to capture others.
Internet explorer encountered Validation errors:
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : mshtml.dll
iii.
Assert offset: 0000000000B221DB
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : comctl32.dl
iii.
Assert offset: 00133A2A
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : mshtml.dll
iii.
Assert offset: 008BE823
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : mshtml.dll
iii.
Assert offset: 0040F9E8
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : iertutil.dll
iii.
Assert offset: 001DEC51
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : KERNELBASE.dll
iii.
Assert offset: 00014159
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : mshtml.dll
iii.
Assert offset: 0000000000B221DB
Microsoft Management Console Encountered a Validation Error
Validation Error
i.
Process Name: mmc.exe
ii.
Module Name : ieframe.dll
iii.
Assert offset: 00000000006C9283
Scripted Diagnostics Native Hot encountered a Validation Error
Validation Error
i.
Process Name: sdiagnhost.exe
ii.
Module Name : urlmon.dll
iii.
Assert offset: 00000000001A0A73
Validation Error
i.
Process Name: sdiagnhost.exe
ii.
Module Name : KERNELBASE.dll
iii.
Assert offset: 0000000000017f32
Windows System Assessment Tool encountered a validation error
Validation Error
i.
Process Name: winsat.exe
ii.
Module Name : KERNELBASE.dll
iii.
Assert offset: 0000000000017F32
Windows Explorer Encountered a validation Error
Validation Error
i.
Process Name: Explored.exe
ii.
Module Name : thumbcache.dll
iii.
Assert offset: 00000000000300BE
AI Suite 2 encountered a validation error
Validation Error
i.
Process Name: AI Suite 2.exe
ii.
Module Name : ntdll.dll
iii.
Assert offset: 000686BD
the number “2” is the substitutedfor the roman numeral 2
I believe that this is part of the MB Suite.
My the environment is a new equipment, and Downloaded student software. Windows 7 Enterprise SPK 1 Debug Checker, Valid Key with the software download. Activated on 8-12-2012
Motherboard: Asus p9x79 Deluxe, Part number: 90-mibh50-g0aay0kz
Chip Set: bx80619i73930k
2x Memory: cmx16gx3m2a1600c11 Corsair
Video Card: Diamond R7870 2GB DD OC 2xDVI/HDMI/2xDisplayport memory Clock 1250 MHz
Hard Drive: 9jb1n3-574 (leave the last two didgets off when searching in the browser) This is a Seagate 2TB
Generic optic drive: SH-222bb/bebe Samsung
Here is the Microsoft Fix It error code
Assertion Failed!
Program:…
File: d:\w7rtm\ds\security\cryptoapi\pki\...\newstor.cpp
Line: 2131
Expression: pStore->dwState = = STORE_STATE_OPEN || pStore->dwState = = STORE_STATE_OPENING || pStore->dwState = = STORE_STATE_DEFER_CLOSING || pStore->dwState = = STORE_STATE_NULL
For information on how your program can cause an assertion failure, see the Visual C++ documentation on asserts
(Press Retry to debug the application – JIT must be enabled)
Abort Retry Ignore
Abort
Closes the program
Retry
Repeats the error
Verbatim
Ignore
Closes the program
Nothing happens
Here is the Microsoft Genuine Advantage Diagnostic Report
Diagnostic Report (1.9.0027.0):
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-*****-*****-8C7YB
Windows Product Key Hash: cezvXJ2/mUhIEFxJfWkZ3IN8EQQ=
Windows Product ID: 55041-146-2397786-86942
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.004
ID: {EBD85729-DBBB-479F-AB15-EBC0DDE0CC28}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: c:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EBD85729-DBBB-479F-AB15-EBC0DDE0CC28}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-146-2397786-86942</PID><PIDType>6</PIDType><SID>S-1-5-21-4234423899-2489109333-1931045272</SID><SYSTEM><Manufacturer>System
manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1103</Version><SMBIOSVersion major="2" minor="7"/><Date>20120409000000.000000+000</Date></BIOS><HWID>CFBA3607018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific
Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Enterprise edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-146-239778-03-1033-7601.0000-2252012
Installation ID: 000792957432055771547065313840421702569731971164600080
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 8C7YB
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 8/12/2012 5:47:25 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: OAAAAAEAAgABAAEAAgACAAAABAABAAEAHKJu3XDSdMRkx4ieoGkwung0ipvkrmTRDIsORc6qNCE=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA
A M I
FACP ALASKA
A M I
HPET ALASKA
A M I
MCFG ALASKA
OEMMCFG.
SSDT AMICPU
PROC
Scan Now Results
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
C:\Windows\system32>Thank you for your valuable time.
I have performed the Chkdsk and the memory Diagnostic tool as per the suggestions.
The Memory Tool did not find anything amiss.
As per another thread I am going to try flashing the bios as well with the updates.
Following are the Chkdsk results.
Are there any other suggestions?
Chkdsk Results
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
89600 file records processed.
File verification completed.
221 large file records processed.
0 bad file records processed.
1596 EA records processed.
44 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
131874 index entries processed.
Index verification completed.
0 unindexed files scanned. 0
unindexed files recovered. CHKDSK
is verifying security descriptors (stage 3 of 5)...
89600 file SDs/SIDs processed.
Cleaning up 36 unused index entries from index $SII of file 0x9.
Cleaning up 36 unused index entries from index $SDH of file 0x9.
Cleaning up 36 unused security descriptors.
Security descriptor verification completed.
21138 data files processed.
CHKDSK is verifying Usn Journal...
36120296 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
89584 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
476262075 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
1953410047 KB total disk space.
48065140 KB in 61610 files.
43468 KB in 21139 indexes.
0 KB in bad sectors.
253139 KB in use by the system.
65536 KB occupied by the log file.
1905048300 KB available on disk.
4096 bytes in each allocation unit.
488352511 total allocation units on disk.
476262075 allocation units available on disk.
Internal Info:
00 5e 01 00 ef 42 01 00 ef 95 02 00 00 00 00 00 .^...B..........
e3 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
6d 00 75 00 69 00 00 00 00 00 00 00 00 00 00 00 m.u.i...........
Windows has finished checking your disk.
Please wait while your computer restarts. -
OSB 10gR3 - Process WS-Security flag not working with PasswordDigest
Hi,
By Oracle documentation when you set the "process ws-security header" in security section of a proxy service, the proxy service act as an active intermediary and consume the ws-security header received in inbound messages. This feature works fine when you call the proxy service using WS-Security Username Token Profile PasswordText, but when you send Username Token with PasswordDigest I got the following error: +"weblogic.xml.crypto.wss.WSSecurityException: Unable to validate identity assertions"+
I am using SoapUi to call the proxy with passwordDigest, WSS-Password Type option set to PasswordDigest.
Proxy configured with:
General tab -> WSDL based proxy service, this wsdl doesn't have ws-policy definitions inside.
Transport tab -> Get all headers = Yes
HTTP Transport tab -> HTTPS Required = No / Authentication = Basic
Operation tab -> Enforce WS-I Compliance = not checked / Selection Algorithm = SOAP Body Type
Message Content tab -> default settings
Policy -> Added Auth.xml(predefined) policy to request policies.
Security tab -> Process WS-Security header = Yes / Custom Authentication settings = none
Error --->
+<01/12/2009 09h34min55s BRST> <Error> <OSB Security> <BEA-387022> <An error ocurred during web service security inbound request processing [error-code: Fault, message-id: 6198860737666014185--de42214.12549f82d66.-7fdb, proxy: AlphaTests/MyProxy/Proxy/MyLogProxy, operation: null]+
--- Error message:
+<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurity</faultcode>*<faultstring>Unable to validate identity assertions.</faultstring>*</env:Fault></env:Body></env:Envelope>+
weblogic.xml.crypto.wss.WSSecurityException: Unable to validate identity assertions.
+ at weblogic.wsee.security.wss.SecurityPolicyValidator.processIdentity(SecurityPolicyValidator.java:133)+
+ at weblogic.wsee.security.wss.SecurityPolicyValidator.processInbound(SecurityPolicyValidator.java:77)+
+ at weblogic.wsee.security.WssServerPolicyHandler.processInbound(WssServerPolicyHandler.java:54)+
+ at weblogic.wsee.security.WssServerPolicyHandler.processRequest(WssServerPolicyHandler.java:30)+
+ at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:74)+
+ at com.bea.wli.sb.security.wss.WssInboundHandler.processRequest(WssInboundHandler.java:155)+
+ at com.bea.wli.sb.security.wss.WssHandlerImpl.doInboundRequest(WssHandlerImpl.java:201)+
+ at com.bea.wli.sb.context.BindingLayerImpl.addRequest(BindingLayerImpl.java:257)+
+ at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:66)+
+ at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:508)+
+ at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:506)+
+ at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)+
+ at weblogic.security.service.SecurityManager.runAs(Unknown Source)+
+ at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)+
+ at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:505)+
+ at com.bea.wli.sb.transports.TransportManagerImpl.receiveMessage(TransportManagerImpl.java:371)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper$1.run(HttpTransportServlet.java:279)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper$1.run(HttpTransportServlet.java:277)+
+ at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)+
+ at weblogic.security.service.SecurityManager.runAs(Unknown Source)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper.securedInvoke(HttpTransportServlet.java:276)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper.service(HttpTransportServlet.java:237)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet.service(HttpTransportServlet.java:133)+
+ at weblogic.servlet.FutureResponseServlet.service(FutureResponseServlet.java:24)+
+ at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)+
+ at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)+
+ at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)+
+ at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)+
+ at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)+
+ at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3498)+
+ at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)+
+ at weblogic.security.service.SecurityManager.runAs(Unknown Source)+
+ at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)+
+ at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)+
+ at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)+
+ at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)+
+ at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)+Eduardo,
Yes, but the flag "Process WS-Security header" needs to be set to 'No' and I included a delete node to remove the wsse:Security element from header. Attaching Auth.xml predefined policy to my request operation, causes OSB to include the policy directive in my WSDL, but the PasswordText(see below).
In Oracle security guide we have steps to configure PasswordDigest in the Oracle Service Bus Security Configuration using the WLS Console http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/model.html#wp1062542
My doubt is: Is this a bug? "Process WS-Security header" flag is supposed to work with PasswordDigest?
My WSDL with WS-Policy statements after Auth.xml policy was configured.
<?xml version="1.0" encoding="UTF-8"?>
<s2:definitions targetNamespace="http://alpha.tests.org" xmlns:s0="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:s1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:s2="http://schemas.xmlsoap.org/wsdl/" xmlns:s3="http://alpha.tests.org" xmlns:s4="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<s0:Policy s1:Id="encrypt-custom-body-element-and-username-token">
<wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy">
<wssp:SupportedTokens>
<wssp:SecurityToken TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
<wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
</wssp:SecurityToken>
</wssp:SupportedTokens>
</wssp:Identity>
</s0:Policy>
<wsp:UsingPolicy s2:Required="true"/>
<s2:types>
<xsd:schema elementFormDefault="qualified" targetNamespace="http://alpha.tests.org" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:impl="http://alpha.tests.org" xmlns:s0="http://schemas.xmlsoap.org/wsdl/" xmlns:s1="http://alpha.tests.org" xmlns:s2="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<xsd:element name="EchoRequest">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="send" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="EchoResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="response" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:schema>
</s2:types>
<s2:message name="echoRequest">
<s2:part element="s3:EchoRequest" name="echoPartReq"/>
</s2:message>
<s2:message name="echoResponse">
<s2:part element="s3:EchoResponse" name="echoPartResp"/>
</s2:message>
<s2:portType name="MyAlphaPort">
<s2:operation name="echo">
<s2:input message="s3:echoRequest" name="echoRequest"/>
<s2:output message="s3:echoResponse" name="echoResponse"/>
</s2:operation>
</s2:portType>
<s2:binding name="MyAlphaBinding" type="s3:MyAlphaPort">
<s4:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<s2:operation name="echo">
<s2:input name="echoRequest">
<s4:body use="literal"/>
<wsp:Policy>
<wsp:PolicyReference URI="#encrypt-custom-body-element-and-username-token"/>
</wsp:Policy>
</s2:input>
<s2:output name="echoResponse">
<s4:body use="literal"/>
</s2:output>
</s2:operation>
</s2:binding>
<s2:service name="MyAlphaBindingQSService">
<s2:port binding="s3:MyAlphaBinding" name="MyAlphaBindingQSPort">
<s4:address location="http://CLXSP0272:7001/MyAlphaService"/>
</s2:port>
</s2:service>
</s2:definitions> -
Saml authentication error-cross domains
Hi,
I am trying to setup the SAML 1.1 authentication with OWSM Policy for my SOA composite. The Web Service contains a simple hello operation which is called by an external client also BPEL service. The SOA service is just an SAML assertion consumer. I have already configured the OWSM through the Enterprise Manager and the policy for the Proxy Service:
1. Security/Security Provider Configuration/ Web Services Manager Authentication Providers section - I configured a custom keystore with private key and required trusted certificates. The saml.loginmodule is configured with sufficient control flag, valid issuer vaue and to allow virtual users (property oracle.security.jps.assert.saml.identity=true)
2. Custom OWSM policy was created. It is based on the built-in wss11_saml_token_with_message_protection_service_policy.
3. Web Services/Platform Policy COnfiguration/Trusted STS Servers and Trusted SAML Clients configuration contains the Issuer of my SAML Issuer.
Now I am calling the hello service with an external client. The request meets the security policy. It contains a valid, signed SAML assertion (with sender-vouches subject confirmation method), a valid timestamp is attached in the security header and the body is encrypted with the required method. On the server, I am getting the following exception during the SAML assertion validation:
Unable to invoke endpoint URI "http://172.17.30.192:8001/soa-infra/services/default/SAMLSCAApplication!1.0*soa_a95b5561-3c2e-4339-a301-ec79172914ad/bpelprocess1_client_ep" successfully due to: oracle.fabric.common.PolicyEnforcementException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oracle.wsm.security,keyName=keystore-csf-key read)
Can you please help me?
Regards,
BharatHi,
I am trying to setup the SAML 1.1 authentication with OWSM Policy for my SOA composite. The Web Service contains a simple hello operation which is called by an external client also BPEL service. The SOA service is just an SAML assertion consumer. I have already configured the OWSM through the Enterprise Manager and the policy for the Proxy Service:
1. Security/Security Provider Configuration/ Web Services Manager Authentication Providers section - I configured a custom keystore with private key and required trusted certificates. The saml.loginmodule is configured with sufficient control flag, valid issuer vaue and to allow virtual users (property oracle.security.jps.assert.saml.identity=true)
2. Custom OWSM policy was created. It is based on the built-in wss11_saml_token_with_message_protection_service_policy.
3. Web Services/Platform Policy COnfiguration/Trusted STS Servers and Trusted SAML Clients configuration contains the Issuer of my SAML Issuer.
Now I am calling the hello service with an external client. The request meets the security policy. It contains a valid, signed SAML assertion (with sender-vouches subject confirmation method), a valid timestamp is attached in the security header and the body is encrypted with the required method. On the server, I am getting the following exception during the SAML assertion validation:
Unable to invoke endpoint URI "http://172.17.30.192:8001/soa-infra/services/default/SAMLSCAApplication!1.0*soa_a95b5561-3c2e-4339-a301-ec79172914ad/bpelprocess1_client_ep" successfully due to: oracle.fabric.common.PolicyEnforcementException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oracle.wsm.security,keyName=keystore-csf-key read)
Can you please help me?
Regards,
Bharat -
External Client Error - /groupexpansion/service.svc/WebTicket_Bearer
When users login to the Lync 2013 client from outside the network, it begins continually uploading a heap of data. A fiddler check shows an error, which appears dozens of times after just of few minutes of being connected.
It returns a HTTP/1.1 500 Internal Server Error on https://lync.contoso.com/groupexpansion/service.svc/WebTicket_Bearer
The WebView panel shows:
http://www.w3.org/2005/08/addressing/soap/faulturn:uuid:6ac390a9-bb40-4375-8662-06622f0fb66e<faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurityToken</faultcode><faultstring
xml:lang="en-AU">An error occurred when processing the security tokens in the message.</faultstring>
Any help would be appreciated :)<faultstring xml:lang="en-AU"></faultstring>Hi,
It may be a certificate issue for Edge server, you can first to check the SAN of certificate on Edge server with the help of the link below:
http://technet.microsoft.com/en-us/library/gg398519.aspx
Also, please try to restart Lync server to test the issue again.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Osb proxy service with owsm policy auth slow when soap request very large
I have a proxy service which is security with owsm policy: oracle/wss_username_token_service_policy, the proxy service simply route to Business Service which directly invoke a bpel exposed web service, when I call the proxy service with soap envelope large than 15MB(not attachment), waiting about 4~5 minutes, the bpel instance created ; but when I remove the security policy:oracle/wss_username_token_service_policy, it will cost only 20 seconds, why authentication cost so long? How can I deal with the problem?
My English is poor, please don't mind!
besides, with my OSB version is 11.1.1.6.0I finally figured it out. The nullpointer exception is related to the SAML assertion. The SAML assertion in my requests is signed with embedded signature and this seems to be not supported with the used OWSM policy. Without the signature is the exception gone.
Marian -
OWSM Custom Assertion for OSB RESTful Proxy Service
Hello,
I have implemented a Custom OWSM Assertion to authenticate requests with a custom token placed in a HTTP header. I can assign this assertion to a SOAP proxy service as a security policy. However I am not able to assign the very same policy to a Restful JSON service (Proxy service defined as messaging service with text message type). I am getting this error:
[OSB Kernel:398128]One of the Web service policy attached is not allowed on service default/RESTful because the service binding does not support it
My policy:
<wsp:Policy xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:custom="http://custom"
orawsp:status="enabled"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" orawsp:category="security"
orawsp:attachTo="binding.server" wsu:Id="http_customtoken_authentication_policy"
xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
wsp:Name="custom/http_customtoken_authentication_policy">
<custom:customTokenHttpAuthentication
orawsp:Silent="true" orawsp:Enforced="true"
orawsp:name="Http custom token Authentication" orawsp:category="security/authentication" >
<orawsp:bindings>
<orawsp:Config orawsp:name="authenticationassertion"
orawsp:configType="declarative">
<orawsp:PropertySet orawsp:name="headerName">
<orawsp:Property orawsp:name="headerName"
orawsp:type="string" orawsp:contentType="constant">
<orawsp:Value>CustomToke</orawsp:Value>
</orawsp:Property>
</orawsp:PropertySet>
</orawsp:Config>
</orawsp:bindings>
</custom:customTokenHttpAuthentication>
</wsp:Policy>
My OSB version is OSB 11g PS6 and in this version, OWSM policies are supported for Restful services. Interesting is, that the built-in policy oracle/http_basic_auth_over_ssl_service_policy can be assigned to my Restful service. Do you know a solution for the problem, how can I assign my custom assertion to the Restful service? Anything special is needed in the policy definition?
Thanks.
MarianHi Vinoth,
The users/groups are picked up from the LDAP configured in Security Realms->myRealm->Providers
You basically have 2 options:
- You can configure your LDAP in Providers
- Use the DefaultAuthenticator that weblogic provides you by default.
If you do not want to configure an LDAP, and want to use weblogic's default, then all you have to do is add users and groups in Security Realms->myRealm->Users and Groups
Do mark this as useful or answered, if this has helped. -
Hi friends,
I am doing a BDC for F-03 and everything is working fine except when the the BDC is executed at background mode i.e N.
It is working good at A and E but it gives a custom validation error at background processing.
I am searching SDN since yesterday and found this is caused by S and W messages but i have diffused then but then too the error is encountered.
No idea why my PROFIT CENTER value is not populated at BACKGROUND mode.
Any ideas?
Please help.
Thanks much.Hi Park,
If you have GUI objects like pop-up screens, etc it will not work. Check out these links for more information.
Re: Docking container could not be created - while running batch job
Re: Multiple OO ALV Container - Background Execution
Thanks and Best Regards,
Dinesh.
Maybe you are looking for
-
How can I get my iTunes playlists to sync with my iP4? Everything else syncs fine but my iPod is empty!
-
GTS block for return purchase order
Hi, Our ERP system is integrated with GTS system. After creating a return purchase order in ME21N the order is blocked on 'Sanctioned Party List Screening' and 'Legal Control'. However, it is still allowing to create return delivery with movement typ
-
Photoshop premiere elements and photoshop elements
It is saying my serial numbers can't be validated for photoshop premiere elements and photoshop elements.
-
How can I see block list in skype for I phone5s
How can I see block list in skype for I phone5s
-
Can't do printer alignment test
I changed out the ink in my printer and went to do a printer alignment test and I am not able to perform the test. A message comes up that says my printer is in an error state and it has to be fixed before I can do the test. I am not sure what the