Secured Sybase Web Service with outside certificate authority

Similar Messages

• Importing external web service with SSL certificate security

  Hello,
  I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      [Error: com.sap.ide.es.core.ui.internal.wizards.fragments  Thread[ModalContext,6,main]]
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
            at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
            at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
            at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
            ... 15 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 21 more
  Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
  Cheers!

  Hi Alain,
  I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
  You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info

• Test Web Services with X509 Certificate

  Hello,
  We'd like to perform a test of our web services with an X509 Certificate.  I have been using SOAPSonar to do my test up to this point.  But the version I have will not allow me to test with a certificate.  It appears I will need to purchase the software upgrade in order to test with a certificate. 
  Must I use this software or is there another method/software I can use to do this testing?
  Can Altova's XMLSpy test with a X509 certificate?
  Thanks,
  Matt

  Neetesh,
  It looks like SOAPUI will work.  I am currently looking into it. 
  Ravi - I'm not sure what software these steps are refering to?  Is that for XMLSpy?
  Thanks,
  Matt
  Edited by: Matthew Herbert on Dec 2, 2009 8:56 PM

• How to implement the security in web service with Weblogic 9.2

  I've generated web service by Web Logic 9.2 using existing WSDL (as per client requirement) and want to add security policy for authentications.
  I have used following annotation in service class.
  @Policies({
  @Policy(uri="policy:Auth.xml" , direction=Policy.Direction.inbound)
  But it gives compilation time error with following message.
  The Policy and Policies annotations are not allowed on jws file when compiledWsdl option is specified
  I've also tried to modify the WSDL to accommodate policy configuration and again generate the web service but problem is being as it is.
  If anybody has solution of this issue then please let me know ASAP.

  Did you get an answer to your question? I have the same problem with WebLogic 10.0.

• Connect to Secure web service with certificate from SAP EP

  Hi Experts,
  Here is the current situation:
  1. Our business requirement is to connect 3rd party RESTful web service which requires secure connection with private client certificate attached
  2. I've tested in my Java test application and successfully attached private certificate to HttpsURLConection request to the web service and made a connection. No problem at all.
  KeyStore keyStore  = KeyStore.getInstance("PKCS12");
  InputStream inputStream = new FileInputStream("privateKeyCert.p12");
  keyStore.load(inputStream, "myPassword".toCharArray());
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  keyManagerFactory.init(keyStore, "myPassword".toCharArray());
  KeyManager[] kms = keyManagerFactory.getKeyManagers();
  SSLContext sslContext = SSLContext.getInstance("SSL");
  sslContext.init(kms, null, new SecureRandom());
  SSLSocketFactory sockFact = sslContext.getSocketFactory();
  URL url = new URL("https://www.thirdpartywebservice.com/testroot/");
  HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
  conn.setSSLSocketFactory(sockFact);
  conn.setRequestMethod("POST");
  conn.setDoOutput(true);
  conn.setDoInput(true);
  conn.setUseCaches(false);
  conn.setDefaultUseCaches (false);
  conn.setRequestProperty("Content-Type", "text/xml");
  3. Next, I tried to apply my Java application to SAP EP NetWeaver, and found that I have to use SecureConnectionFactory:
  https://help.sap.com/saphelp_nw70ehp1/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm
  4. So, I modified my Java code for SAP EP:
  KeyStore keyStore  = KeyStore.getInstance("PKCS12");
  InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("privateKeyCert.p12");
  keyStore.load(inputStream, "myPassword".toCharArray());
  SecureConnectionFactory scFactory = new SecureConnectionFactory(keyStore);
  HttpURLConnection conn = scFactory.createURLConnection("https://www.thirdpartywebservice.com/testroot/");
  conn.setRequestMethod("POST");
  conn.setDoOutput(true);
  conn.setDoInput(true);
  conn.setUseCaches(false);
  conn.setDefaultUseCaches (false);
  conn.setRequestProperty("Content-Type", "text/xml");
  And I'm facing the following error message:
  Exception: java.security.UnrecoverableKeyException: ja
  va.security.GeneralSecurityException: Unable to decrypt private key: javax.crypto.BadPaddingException: Invalid PKCS#5 padding length: 253
  Could you please help me what this error message means?
  Do you think do I need to to do some other configuration to make connection to web service with client certificate?
  This is our first approach. Please help...
  Thank you in advance.

  SunJSSE implement SSL server CertificateRequest in a strict mode, if client failed to find a proper certificate corresponding the server request, it does not guess what's the proper certificate and send to the server. In your case, because there is no intermediate certificate in the client context, so there is no way to make the decision which certificate would be acceptable by server, so client does not send any cert to server. That's why you got a handshaking error.
  I guess your client key store does not contains a full certificate path from the client end-entity certificate to the root CA. Please import the full certificate path into the key store.
  BTW, these approaches should work, but I found no reason why one does not adopt #1:
  1. import the full certification path of client certificate into client key store.
  2. as a workaround, configure the server to send a list including the intermediate certificates;
  3. as a workaround, you will have to customize the client KeyManager if you don't want to or are not able to configure the server to send a list including the intermediate certificates.

• Web Service (SSL) and certificates (keytool) with INternet Explorer

  Hi,
  Followed this steps http://www.grallandco.com/blog/archives/2006/10/using_htts_with.html to have a secure SSL WEb service (with client authorization).
  Tested from Jdeveloper it worked O.K.
  Now I would like to test it with Internet explorer, but now server ask for certificate before internet show parameters page to invoke Web Service.
  I generated self signed certificates and keystore using keytool. (This keystore is used by the OC4J and my proxy client).
  Imported this certificate (.cer) to internet explorer succesfully, but when access URL for the web service (https) internet does not show this certificate to use it, so failed to connect...
  keytool certificates could be used by INternet explorer for this purposes?, what am I doing wrong?
  Thanks
  J.

  Hi,
  I already configured HTTPS - client authenticate for OC4J, and you can work with follow step:
  1: Create keystore for OC4J by java keytool
  2: Using openssl to create certificate for your server (privatekey, certificate)
  3. Using keytool to import your server's certificate (2) to keystore (1)
  4. Generate client certificate (4)
  5. Sign on client certificate (4) by privatekey and server certificate (20
  6. Import client certificate to windows - (should create keystore with format pkcs12)
  You can using "Java Certificate Services" to help you create keystore with multi format or sign cert....
  Rgs

• Use of security in web service

  Hi,
  I have tried to use security from the example jaas-sample of jwsdp 1.5 .
  I just want to secure my web service with a username/password.
  When I called my service from the client...I see the xml flow :
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
  <wsse:UsernameToken>
  <wsse:Username>Ron</wsse:Username>
  <wsse:Password>****</wsse:Password>
  <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3k18Sv+DMhcO3aoq6YWLB4xa</wsse:Nonce>
  <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2005-03-01T15:26:05Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </env:Header>
  <env:Body>
  <ns0:getInformations/>
  </env:Body>
  </env:Envelope>
  it seems to be correct but I have an exception :
  Thread : main at 01 mars 2005 16:10:06,593 ERROR Error occured during retrieving informations
  java.rmi.ServerException: JAXRPCSERVLET28 : Informations sur le port manquant
       at com.sun.xml.rpc.client.StreamingSender._raiseFault(StreamingSender.java:497)
       at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:294)
  It works when I not use the security option (in wscompile) ...
  Have you any idea for a solution?

  Hi,
  I tried the xws-security samples and everything worked fine.
  After editing the "java.security" according to the manual with:
  security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
  After that change and a restart of the application server I get the same error message.
  I copied the jar file "bcprov-jdk14-127.jar" from bouncycastle to the jre/lib/ext folder.
  I will check further.
  br
  Dieter

• Biztalk 2010 - Consume Web Service with Certificate

  Hi
  I have to consume a java web service with Biztalk that requires authentication via a client certificate. Until now I have not been able to consume any web service where any kind of authentication was needed. Simple web services without authentication are
  no problem. Also using SoapUI works perfectly fine.
  I am generating the XSDs and the port binding with the WCF wizard in VS2010. I've read several comments that it's not possible to consume web services with the WCF-WSHttp adapter when the message format should be SOAP 1.1. Therefore I'm trying with the WCF-BasicHttp
  and WCF-Custom adapters, but I did not suceed in receiving a positive response yet.
  The web service I want to consume uses a client certificate (with a private key) and two root certificates. When I use the BasicHttp adapter I choose either 'Transport' or 'TransportWithMessageCredential' but none of them work. I also have to supply a client
  and a service certificate. I always use the one with the private key for the client but I'm not sure which one I have to use for the service. Is there a possibility that I have to provide both root certificates and if so, how can I achieve this?
  Hope the question makes sense somehow... thanks for any input.
  Error message that I receive currently is that the server needs a client certificate. However I attached it in the send port properties under the tab "Security" => mode "TransportWithMessageCredential".

  Adapter: WCF-Custom
  Binding: customBinding
  Cannot send pictures (yet).
  <configuration>
  <enterpriseLibrary.ConfigurationSource selectedSource="ESB File Configuration Source" />
  <system.serviceModel>
  <client>
  <endpoint address="...." behaviorConfiguration="EndpointBehavior" binding="customBinding" bindingConfiguration="ReceiptBinding" contract="BizTalk" name="WebServicePort" />
  </client>
  <behaviors>
  <endpointBehaviors>
  <behavior name="EndpointBehavior">
  <clientCredentials>
  <clientCertificate findValue="..." x509FindType="FindByThumbprint" />
  <serviceCertificate>
  <defaultCertificate findValue="..." storeLocation="LocalMachine" storeName="AuthRoot" x509FindType="FindByThumbprint" />
  </serviceCertificate>
  </clientCredentials>
  </behavior>
  </endpointBehaviors>
  <serviceBehaviors>
  <behavior name="ServiceBehavior" />
  </serviceBehaviors>
  </behaviors>
  <bindings>
  <customBinding>
  <clear />
  <binding name="ReceiptBinding">
  <textMessageEncoding messageVersion="Soap11" />
  <security authenticationMode="MutualCertificate" />
  <httpsTransport proxyAuthenticationScheme="Basic" requireClientCertificate="true" />
  </binding>
  </customBinding>
  </bindings>
  </system.serviceModel>
  </configuration>

• Securing web services with Sun Access Manager

  Hi!
  I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
  What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
  I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
  I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
  My questions are:
  1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
  2) Are there any documentation/tutorials/etc?
  Thanks in advance :-)
  Anders

  what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
  the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
  So.. having said that. here's what I'd recommend.
  1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
  2. configure it to use your access manager instance for authentication.
  3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
  4. voila... your webservices are not "protected" by acces manager ;-)

• SSL Certificate necessary for web Service with HTTPS encoding?

  Hi experts,
  I wanna create a Web Service with HTTPS. Now when I create an endpoint in Transaction SOAMANAGER, I use "Transport Guarantee Type" HTTPS. I'm a little bit confused, becuase at "Authentication Method I have different options which I don't understand.
  At Authentication Method, there are some check boxes.
  Whats the difference between HTTP Authentication and Message Authentication?
  (Why) can I use User ID/Password as Authentication Method with HTTPS? I think I need X.509 SSL Client Certificate.
  What is a Logon Ticket?
  Is there a good Documentation in the web, who explains the meaning of the different options and when to use which option?
  Thanks and regards,
  Sebastian

  Hi,
  >>>WSDL in Integration Directoryb but that WSDL containt a like staring with the HTTP instead of HTTPS! My question is how to generate a wsdl file with an HTTPS url tot he web service,
  you don't use the URL from ID - you need to create one yourself and put it there in the generator
  Regards,
  Michal Krawczyk

• Exception while accessing web service secure through web services Manager

  Hi All,
  I deployed sime Hello World web service on JWSDP1.6 and secure it through web service manager(gateway) using Certificate based security.But when I try to access this web service using JWSDP client,I got the following Error while monitoring the soap messages through TCP-Monitor:
  /////////////////////////////////Request///////////////////////////////////////////////////////////////
  POST /gateway/services/SID0003009 HTTP/1.1
  Content-Type: text/xml; charset=utf-8
  Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Content-Length: 5631
  SOAPAction: ""
  User-Agent: Java/1.5.0_05
  Host: ivy.cs.ucl.ac.uk:8082
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://hello.org/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <wsse:SecurityTokenReference>
  <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">eN9famBBWzHNUIwWRhMPktcM+VQ=</wsse:KeyIdentifier>
  </wsse:SecurityTokenReference>
  </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>MHjtgA4wOtvI1B+SuRVEmD07yE+jl6axd4XbJ0nvQ3EzSuVVoST9vHzURh+B47yj41187s8T+yjt
  Bmpk9OB278Jghonkacv6r+q+LVlxRrQDudNGir7plzFeM6bUadMxf+FLgn5O0a44vU/tvy6V9+zi
  yqFdhTvS21No/aW62No=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#XWSSGID-1155126003241-1198323932"/></xenc:ReferenceList></xenc:EncryptedKey><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-11551260018331598979688">MIIC3TCCAkagAwIBAgIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzEMMAoGA1UECBMD
  U0NBMQwwCgYDVQQKEwNTVU4xHjAcBgNVBAMTFWNlcnRpZmljYXRlLWF1dGhvcml0eTAeFw0wNjAz
  MTkxMzQ5MDJaFw0xNjAzMTYxMzQ5MDJaMEcxCzAJBgNVBAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAK
  BgNVBAoTA1NVTjEcMBoGA1UEAxMTeHdzLXNlY3VyaXR5LWNsaWVudDCBnzANBgkqhkiG9w0BAQEF
  AAOBjQAwgYkCgYEAzNDPKUz1MhUH1LsrLqXKxciOKSWeTrdoe/SVwe/4uy5eobAWSsSTposaOYFy
  uxf3cGCCIs7u0jMAXLQ9jzobDbt9XQ4tXPoBzKKzS+yU6hDk2TcOCkioeT9A9db5LF8yevhwXKB4
  AJ1Eh//Dp/djoonXCCxsxupQZp3ueRJrR98CAwEAAaOB1jCB0zAJBgNVHRMEAjAAMCwGCWCGSAGG
  +EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUECH05VC3/WGW
  H4AGD6tnH0h+kFUweQYDVR0jBHIwcIAUdry1wGRZ2fyJSKisVSxpMEmIiaahTaRLMEkxCzAJBgNV
  BAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAKBgNVBAoTA1NVTjEeMBwGA1UEAxMVY2VydGlmaWNhdGUt
  YXV0aG9yaXR5ggkA4HaEvd6hq8YwDQYJKoZIhvcNAQEEBQADgYEA0RhOk67pCrO6MgZZGqrmAMW6
  76fZowBxTKlFq88nrf8v1MUxV8H9wgbTDrwR0HtxY3TGpDFw2tNAww2pyDX/pQ2Wt46ichluGxjf
  aEV53loKTOM7syAmlicWqViGzBfgzriIl918TzFaX9BD/Y55bKZQk057maBCSkUuFfF453s=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse enc env ns0 xsd xsi"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#XWSSGID-1155126002593447652186"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>UJ1kuwI+WuF/RkrQpZrj1GvraLI=</ds:DigestValue></ds:Reference><ds:Reference URI="#XWSSGID-1155126002602761294100"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>sKG/z5OIGgqJ2nw7JtpXyJzr8pY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SBc65VTG1xpEkRUTz70H0fVGIgoBJ0QnNad0k07RMSfw4vG1WHJdt19R05pO2AvU5aoYuBSaguJe
  ZGEjmWzw8mnSWKBi+zeDMeJiwgqwW6HHHX9P7JDslxuTIqoJIVUbSjUTSVz6ww8siIK65quXdkMT
  ZzLfp7Cd0gBuA3EEZpg=</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-11551260025411896275738">
  <wsse:Reference URI="#XWSSGID-11551260018331598979688" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
  </wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002602761294100"><wsu:Created>2006-08-09T12:20:02Z</wsu:Created><wsu:Expires>2006-08-09T12:20:07Z</wsu:Expires></wsu:Timestamp></wsse:Security></env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002593447652186"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-1155126003241-1198323932" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><xenc:CipherData><xenc:CipherValue>XNqEzHNp47ILtOagAUNCXYkxOCWv4CjHqmZ7j6VKN/NO96ce4BsNSL6lKzqa9dPxHB1sTVGZQ8KA
  COQ6DGwyWCP8ip+CU2hor3uUAml7nzHTx1LUw3Db+0p31VAT3EqKJA3aFy38GQrBTr9ojMOUA6tm
  Cj71yucN3UCKRUl3RpE8qU68y7AwNxPsyAZeSa2AVm2cmWvSDZlxgMsx+JCEZaf3+D0o1zMp0Fxb
  MSISPt/JrEolt1H5UM1AoFGU4QkckWrQNLPyEF9oxEgZ8oCE5U8v/YJwZIAHFrx67XfaLwQLjzXw
  VPigsH9gLkfbP2BU8Vp31GsPwBZtUeNz9S35+CZPD7EiqoAB1QuAxZkJV7n00VChYH+scT64tNja
  c81bcD8tf4sAr7toCMNDAU6+74+Qy0EyPqgwLtotDxErn4kF8e72cONMMQBQ91tQs+iI+D6C1I6+
  f9UiSfgtm/MTuKQK1CRqarEtI9N6lpqVH8k7ulUwH/jFstihxmhMJ3aZY+qQgSwSs3pwSSim+e18
  eR7dOEq4vG8ivKuGvTDO4sSV2RP/nL/3eXr0y7eM0kMFKwTUA4JqL4Y/l8Bo/rie/ZXkkbF6hwEu
  dX1QmB0gf5k=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>
  ////////////////////////////////Response///////////////////////////////////////////////////////////////
  HTTP/1.1 100 Continue
  Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
  Date: Wed, 09 Aug 2006 12:28:47 GMT
  HTTP/1.1 500 Internal Server Error
  Date: Wed, 09 Aug 2006 12:28:47 GMT
  Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
  Connection: Keep-Alive
  Keep-Alive: timeout=15, max=100
  Content-Type: text/xml
  Transfer-Encoding: chunked
  157
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
  0
  So basically, what I am doing here as follows:
  HelloClient(using JWSPD1.6)->gateway(web service manager for securing the web service using message level security through certificate )->helloservice(deployed using JWSDP1.6)
  I would appreciate if someone could tell me the cause of this errror.Thanks.
  Kashif

  time to look into the gateway logs as stated by the fault ..
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
  looks like the cipher step might have failed

• Unable to call WSS (WS-Security) enabled Web Service using UTL_DBWS

  We are attempting to call a WSS (WS-Security) enabled Web Service from PL/SQL using the UTL_DBWS package (see [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/u_dbws.htm#CHDIDGJH] ). We are doing this in similar fashion to [http://www.oracle-base.com/articles/10g/utl_dbws10g.php] with calls to utl_dbws.create_service, utl_dbws.create_call and utl_dbws.invoke.
  Using this method we can successfully call an unsecured Web Service, but calls to WSS-enabled Web Services fail. We are currently using Oracle Database 10.2.0.3.
  The failure we are getting is:
  ORA-29532: Java call terminated by uncaught Java exception: javax.xml.rpc.soap.SOAPFaultException:
  com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
  policy ( AuthenticationTokenPolicy(S) ): No Security Header found;nested
  exception is com.sun.xml.wss.XWSSecurityException:
  com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
  policy ( AuthenticationTokenPlicy(S) ): No Security Header found
  Apparently UTL_DBWS does not support calling WSS enabled services, although this doesn't appear to be an officially recognised position. Does anyone know if Oracle are planning to support this soon (if ever)? Looking at Re: Calling WS from PL/SQL using WS-security suggests that support has been considered before, but not yet realised.
  Thanks,
  Tom

  Having raised a Service Request with Oracle support on this, I got the following response from Oracle Development (On unpublished bug [8542959|https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=BUG&p_id=8542959]):
  Development has confirmed that WS-Security is not supported through UTL_DBWS. They have also acknowledged that this is not documented and they will change the official Oracle documentation will reflect this fact. From what is being stated, it would appear that there is no plan to support the use of WS-Security through UTL_DBWS in any release in the near future.
  So, in short, without developing your own home-grown SOAP request, there is no way to call a WSS enabled web service from within PL/SQL.
  -Tom

• Issue with OSI PI WCF Web Service with wshttpbinding

  Hi Experts,
  System Details:
  SAP MII 14 SP4
  OSI PI Web Service: PITimeSeries
  I am having issue when trying to call OSI PI web service using http post. it is returning status 0 when i am using exception handler in BLS.
  Same web service works fine with basichttpbinding (SOAP 1.1)  but with wshttpbinding (SOAP 1.2) it is giving error.
  Following are Web config binding details for web service.
        <wsHttpBinding>
          <binding name="wsBinding_2011" sendTimeout="00:01:00" receiveTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
            <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
            <security mode="Message">
              <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" />
            </security>
          </binding>
        </wsHttpBinding>
  I am not sure it could be the issue with passing windows credentials.
  Did anybody consumed WCF web service with wshttpbinding with security mode as Message and clientCredentialType as Windows.
  Also i was trying to pass MYSAPSSO2 SSO token to service in http post but first i am not sure if this is correct windows token and second which header property of service should be mapped and i am not sure that I am going into correct direction or not.
  Please let me know what i am missing.
  I have tried following other options and tools:
  SOAP UI: basichttpbinding works fine for wshttpbinding receiving Internal Server error in log and Response as
                    The security context token is expired or is not valid.
  MII Web Service Action Block: basichttpbinding works fine for wshttpbinding not able to configure url through wizard because as per                                                                              my discussion with other MII experts MII does not support SOAP1.2. that is one reason for using http post.
  WCF Storm: both bindings works fine (There is option to select windows authentication and Impersonation level as delegation)
  WCF Test Client: Both bindings works fine
  Any help is appreciated.
  Thanks & Regards,
  Manoj Bilthare

  Hi Sam,
  The web service is valid following are details of testing on various tools.
  SOAP UI: basichttpbinding works fine for wshttpbinding receiving Internal Server error in log and Response as The security context token is expired or is not valid.
  MII Web Service Action Block: basichttpbinding works fine for wshttpbinding not able to configure url through wizard because as per my discussion with other MII experts MII does not support SOAP1.2. that is one reason for using http post.
  WCF Storm: both bindings works fine (There is option to select windows authentication and Impersonation level as delegation)
  WCF Test Client: Both bindings works fine
  Please let me know if additional details required.
  Thanks & Regards,
  Manoj Bilthare

• Error while executing Secure SOAP web service from Web Service Navigator

  Hi All,
  I have created a web service for a stateless session bean choosing option "Secure SOAP".
  When I am testing it through web service navigator, it is showing following error:-
  Security: Authentication expected but missing
  And in response text it is showing following :-
  HTTP/1.1 500 Internal Server Error
  Connection: close
  Server: SAP J2EE Engine/7.00
  Content-Type: text/xml; charset=UTF-8
  Date: Wed, 17 Dec 2008 05:42:10 GMT
  Set-Cookie: <value is hidden>
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
  <SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Security: Authentication expected but missing</faultstring><detail><ns1:com.sap.engine.interfaces.webservices.runtime.ProtocolException xmlns:ns1='http://sap-j2ee-engine/error'>Security: Authentication expected but missing</ns1:com.sap.engine.interfaces.webservices.runtime.ProtocolException></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
  Can anybody help me with above thing?
  And my second question : I have created web service with "Basic Auth SOAP" option. and while executing at web service navigator, its asking for username & password.
  What role / right should be granted to this user so as to make him able to execute this web service? This user must be a UME user, correct?
  Pls help me in resolving this.
  Thanks and regards,
  Amey Mogare

  Hi Fazal,
  I have read the thread, but my questions are still unanswered.
  1. I know how to set username and password while using "Basic Auth SOAP" protocol. But my question in this case is what are the accesses user requires to be able to execute web service.
  2. And about Secure SOAP, why is above mentioned error is appearing?
  Thanks and regards,
  Amey Mogare

• WS-Security, WSE, Web Services, Authentication and Flex 2

  Hey All,
  I've been working hard on getting Flex to communicate with a
  Microsoft .NET 2.0 Web Services project enabled with WSE 3.0
  WS-Security. I can't seem to get the headers into the SOAP request
  that I need.
  For example, I can get a SOAP header into the message like
  so:
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="
  http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="
  http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="
  http://www.w3.org/2001/XMLSchema-instance">
  <SOAP-ENV:Header>
  <ns0:Security xmlns:ns0="
  http://tempuri.org/">
  <ns0:password>pass</ns0:password>
  <ns0:username>DOMAIN\Administrator</ns0:username>
  </ns0:Security>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body>
  <HelloWorld xmlns="
  http://tempuri.org/" />
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  .. but, this isn't what my WSE, WS-Security enabled service
  expects. Which is:
  <soap:Envelope xmlns:soap="
  http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsi="
  http://www.w3.org/2001/XMLSchema-instance"
  xmlns:xsd="
  http://www.w3.org/2001/XMLSchema"
  xmlns:wsa="
  http://schemas.xmlsoap.org/ws/2004/08/addressing"
  xmlns:wsse="
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wsu="
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <soap:Header>
  <wsa:Action>
  http://tempuri.org/HelloWorld</wsa:Action>
  <wsa:MessageID>urn:uuid:5be8b55a-df7b-4547-8def-76282fcd8b47</wsa:MessageID>
  <wsa:ReplyTo>
  <wsa:Address>
  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
  </wsa:ReplyTo>
  <wsa:To>
  http://localhost/CampaignMojoAPI.asmx</wsa:To>
  <wsse:Security soap:mustUnderstand="1">
  <wsu:Timestamp
  wsu:Id="Timestamp-aab299a8-81e3-4d8a-bfa4-555f38978584">
  <wsu:Created>2007-06-06T20:26:37Z</wsu:Created>
  <wsu:Expires>2007-06-06T20:31:37Z</wsu:Expires>
  </wsu:Timestamp>
  <wsse:UsernameToken xmlns:wsu="
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  wsu:Id="SecurityToken-b43668b1-51a3-4ba1-a90a-69eca3b98b66">
  <wsse:Username>DOMAIN\Administrator</wsse:Username>
  <wsse:Password Type="
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Passwor dText">pass</wsse:Password>
  <wsse:Nonce>IK4ZemfS1pj3kpdYO5+FBg==</wsse:Nonce>
  <wsu:Created>2007-06-06T20:26:37Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </soap:Header>
  <soap:Body>
  <HelloWorld xmlns="
  http://tempuri.org/" />
  </soap:Body>
  </soap:Envelope>
  I've tried "addSimpleHeader" and "addHeader", but both seem
  to inject nested xml elements. Can anyone help me shape this WS
  call into the format I need it in? Would it be possible to call
  this WS manually via a direct HTTP post from Flex 2?
  Thanks!,
  Sean

  Yeah,
  Hey guys - thanks for the responses. I looked into this and
  it seems no one uses WS-Security from the browser. That's why even
  Google's APIs use alternative key logins, etc. I read from one user
  that in the next version of Microsoft's AJAX platform that they
  might support it, but that's about it. For now, it looks like
  there's not even an AJAX/Javascript way to do this. If we could do
  it via Javascript, then we could use the FABridge. I don't think
  Flex supports it. I've tried to manipulate the headers into place
  via Flex classes and I don't think enough control is there to get
  the output in the form that's needed.
  I think it's possible to write it in Javascript. But right
  now my time budget just doesn't allow for it. I already spent two
  whole days re-writing how Flex makes Web Service calls so they're
  synchronous with timeouts instead of this massive amount of
  asynchronous code they want you to write, so no more
  re-writing/extending of components for me for a while.
  But if anyone wants to work together to support it via
  AJAX/Javascript, I would invest money into developing it.
  I would like a public WS-Security AJAX/Javascript framework
  for making these calls via WS-Security so I can offer customers a
  standard way of accessing/authenticating against our public API
  set. It would also make it possible for Flex to access standard web
  services with WS-Security enabled.
  Let me know what you guys think, or if anyone else has any
  good suggestions/software.
  Thanks much,
  S.