Security Data : No WS-Security Header - UTL_HTTP for HTTPS calls -Oracle 9i

Similar Messages

• Need suggestion for ISE distributed deployment model in two different data centers along with public certificate for HTTPS

  Hi Experts,
  I am bit confused about ISE distributed deployment model .
  I have two data centers one is DC & other one is as a DR I have  requirement of guest access service implementation using CWA and get public certificate for HTTPS to avoid certificate error on client devices :
  how do i deploy ISE persona for HA in this two data centers
  After reading cisco doc , understood that we can have two PAN ( Primary in DC  & Secondary in DR ) like wise for MnT (Monitoring will be as same as PAN ) however I can have 5 PSN running in secondary i.e. in DR ISE however I have confusion about HA for PSN .. since we have all PSN in secondary , it would not work for HA if it fails
  Can anybody suggest me the best deployment solution for this scenario ?
  Another doubt about public certificate :
   Public Certificate: The ISE domain must be a registered or part of a registered domain name on the Internet. for that I need Domain name being used from customer .
  Please do correct me if I am wrong about certificate understanding :
  since Guest will be the outside users , we can not use certificate from internal CA , we need to get the certificate from service provider and install the same in both the ISE servers
  Can anybody explain the procedure to opt the public certificate for HTTPS from service provider ? And how do i install it in both the ISE servers ?

  Hi there. Let me try answering your questions:
  PSN HA: The PSNs are not configured as "primary" or "secondary" inside your ISE deployment. They are just PSN nodes as far as ISE is concerned. Instead, inside your NADs (In your case WLCs) you can specify which PSN is primary, which one is secondary, etc. You can accomplish this by:
  1. Defining all PSN nodes as AAA radius servers inside the WLC
  2. Then under the SSID > AAA Servers Tab, you can list the AAA servers in the order that you prefer. As a result, the WLC will always use the first server listed until that server fails/gets reloaded, etc. 
  3. As a result, you can have one WLC or SSID prefer PSN server A (located in primary DC) while a second WLC or SSID prefer PSN server B (located in backup DC)
  Last but not the least, you could also place PSNs behind a load balancer and that way the traffic would be equally distributed between multiple PSNs. However, the PSN nodes must be Layer 2 adjacent, which is probably not the case if they are located in two different Data Centers
  Certificates: Yes, you would want to get a public certificate to service the guest portal. Getting a public/well known certificate would ensure that most devices out there would trust the CA that signed your ISE certificate. For instance, VeriSign, GoDaddy, Entrust are some of the ones out there that would work just fine. On the other hand, if you use a certificate that was signed by your internal CA, then things would be fine for your internal endpoints that trust your internal CA but for any outsiders (Guests, contractors, etc) that do not trust and do not know who your internal CA is would get a certificate error when being redirected to the ISE guest portal. This in general is only a "cosmetic" issue and if the users click "continue" and add your CA as a trusted authority, the guest page would load and the session would work. However, most users out there would not feel safe to proceed and you will most likely get a lot of calls to your helpdesk :)
  I hope this helps!
  Thank you for rating helpful posts!

• When we have LSMW for migrating data then why we will go for Session/Call ?

  Hi Guru's,
  Could you please tell me ...
  When we have LSMW for migrating data , why will go for Sessions/call Transaction for migrating? when we do with LSMW we can complete the object with less time then why we have will do with session/call transaction?
  when we have to use LSMW ? and when we have to use SESSION/ CALL TRANSACTION ..
  thanks in advance..
  vardhan

  LSMW can't upload large amount of data into the database.
  Whereas BDC SESSION CALL /TRANSACTION method can upload large amount of data into the database.
  The error capture method is superior in BDC.
  BDC programs can be scheduled to run on periodic basis as per the customer requirements.

• RAC (Linux) Security: "Unknown" Passwords for CRS, ASM, Oracle?

  We're going through an audit (PCI) and the question of these shared accounts has come up. I do realize that ssh connectivity, with key exchange, is used in the maintenance of Oracle RAC clusters. What I'm thinking/wondering is if it's possible to have an "unknown" password for one or all of these accounts. This would mean that a 'sudo su' would still be allowed to the account if needed, and ssh key exchange would still work, but it would tighten up the security a bit (and make writing compensating controls a lot easier).
  I'm wondering if anyone can help identify areas where actually having the crs, asm and oracle passwords will be required in the care and feeding of RAC? Also, or alternately, if someone can point me to the documentation where it shows having the password is a prerequisite, that would make my life a lot easier.
  Thanks in advance for any assistance.

  Hi,
  If I understand your requirement correctly, yes, I believe it's possible.
  If you're doing RAC, you must have "user equivalence" (i.e. ssh via password-less key based authentication) set up on all nodes in the cluster. In addition, it's possible to disable password authentication, once you have key authentication set up. Finally, once you're logged in, you still need sudo to work, correct? If password will not be known to you, you can set up sudo to work without a password, (look at NOPASSWD option) but consider that, you really need to set things up correctly, or you may jeopardize your system security.
  Ideally, you would:
  1.) set up ssh keys with passphrase.
  2.) disable password authentication.
  3.) set up ssh-agent and authentication forwarding.
  I'm not an expert at all, I've just recently been reading up to try to do something similar in my environment.
  I found this three-part article that seems to cover the subject pretty thoroughly:
  http://www.ibm.com/developerworks/linux/library/l-keyc.html
  Hope that helps,
  -Mark

• Multiple endpoints for HTTP adapter (OracleAS 10g - 10.1.2)

  The HTTP adapter documentation states the HTTP adapter supports sending outgoing messages for Interconnect to multiple HTTP endpoints. This enables sending messages to various remote web servers.
  The HTTP user guide states:
  "An endpoint is associated with a subscribing event in iStudio by adding the transport properties such as the HTTP endpoint as metadata for the event. This is done using the Modify Fields function of the Subscribe Wizard - Define Application View dialog. After associating an endpoint and event, the message from the subscribing event is sent to the HTTP endpoint.
  When using the multiple endpoint feature with XML data type, use the Generic event type, instead of XML. Using the Generic event type allows you to enter the metadata for the endpoints using the Modify Fields feature associated with iStudio.
  When invoking this through iStudio, the screen allows you a name/value pair and I have entered 'multipleEP' for the name & 'http://....servlet' for the value. Is this the correct way? For an additional endpoint I assume I add another name/value pair in a similar way to above, can someone confirm this method?
  Some confirmation or additional HOWTO documentation on this facility would be appreciated.
  Regards,
  David

  I've done a bit of testing and this is what I found. Feel free to expand as you see fit.
  Using the Modify Fields feature allows you to enter name/value pairs. I found that you enter the metadata parameter in the name, and the metadata value in the value. For example:
  Name - ota.endpoint, Value - createMemoEP (appears to arbitrary but my example is related to event crateMemo)
  Name - ota.send.endpoint, Value - http://..../servlet/yourServlet
  The data gets saved in table EMDDATALET and when used by the adapter, the above information overrides the metadata from the adapter.ini file.
  Hopes this helps anyone who wants to use this facility.
  David

• SLD data supplier - HTTP call failed

  Hi All,
  I am receiving the following error when navigating to 'Server -> Services -> SLD Data Supplier' within the Visual Administrator
  SLD_Collector_Task
  HTTP call failed: Failed to send HTTP data: 401 : Unauthorized. Please check if the target SLD system is available and the SLD bridge is started there
  The target SLD is started. How do I check if the SLD bridge is started?
  Does anyone has any advice on this error? Thanks.

  Hi Lee,
  You can check this using t-code RZ70
  Also read the post installation guide for how to configure sld bridge where your sld is running.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/500519bb-75bd-2a10-c9b7-878798ae52bc
  Regards
  Ashok
  Edited by: Ashok Dalai on Sep 25, 2008 8:09 AM

• How to fix SOAP Security Header UsernameToken is required for operation?

  hi all,
  can somone help me how to resolve the error "javax.xml.ws.soap.SOAPFaultException: SOAP Security Header UsernameToken is required for operation" when i run a client.
  i got a WSDL and using wsdl2java i generated the stubs
  Here is my client code
  public final class LiteratureClient {
       public final static QName SERVICE = new QName("http://siebel.com/asi/",
                 "Literature");
       public final static URL WSDL_LOCATION;
       private LiteratureClient() {
       static {
            URL url = null;
            try {
                 url = new URL(
                           "file:c:\\reprintwsdl\\http___siebel.com_asi__Literature17.WSDL");
            } catch (MalformedURLException e) {
                 System.err
                           .println("Can not initialize the default wsdl from file:http___siebel.com_asi__Literature17.WSDL");
                 // e.printStackTrace();
            WSDL_LOCATION = url;
       public static void main(String args[]) throws Exception {
            System.out.println(WSDL_LOCATION);
            Literature obj = new Literature(WSDL_LOCATION, SERVICE);
            DefaultBindingSpcLiteratureSpcWS port = obj.getDefault();
            Client cxfClient = ClientProxy.getClient(port);
            cxfClient.getInInterceptors().add(new LoggingInInterceptor());
            cxfClient.getOutInterceptors().add(new LoggingOutInterceptor());
            cxfClient.getOutInterceptors().add(new SiebelPasswordInterceptor());
            com.siebel.xml.literatureio.iterature inputObj = new com.siebel.xml.literatureio.lterature();
  inputObj.setDocId("1234");          
            // Query by ID
       LiteratureQueryByIdlInput input = new LiteratureQueryByIdInput();
            com.siebel.xml.iteratureio.ListOfliteratureio list = new com.siebel.xml.iteratureio.ListOfliteratureio();
            list.getLiterature().add(inputObj);
            input.setListOfliteratureio(list);
            LiteratureQueryByIdOutput output = obj.getDefault().LiteratureQueryById(input);
  This is the interceptor which i added to the client before performing the query operation
  public class SiebelPasswordInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
       public static final String SECURITY_TAG_NAME = "wsse:Security";
       public static final String SECURITY_NAMESPACE = "http://schemas.xmlsoap.org/ws/2002/04/secext";
       public static final String USERNAME_TOKEN_TAG_NAME = "wsse:UsernameToken";
       public static final String USERNAME_TAG_NAME = "wsse:Username";
       public static final String PASSWORD_TAG_NAME = "wsse:Password";
       public static final String PASSWORD_TEXT_ATTRIBUTE_NAME = "wsse:PasswordText";
       public static final String TYPE_TAG_NAME = "Type";
       public static final String SECURITY_NAMESPACE_NAME = "wsse";
       public static final String SECURITY = "Security";
       public SiebelPasswordInterceptor() {
            super(Phase.PREPARE_SEND);
       public void handleMessage(SoapMessage message) {
            List l = message.getHeaders();
            Document d = DOMUtils.createDocument();
            Element securityParent = d
                      .createElementNS(
                                SECURITY_NAMESPACE,
                                SECURITY_TAG_NAME);
            Element userNameToken = d.createElementNS(
                      SECURITY_NAMESPACE,
                      USERNAME_TOKEN_TAG_NAME);
            Element userName = d
                      .createElementNS(
                                SECURITY_NAMESPACE,
                                USERNAME_TAG_NAME);
            userName.setTextContent(getUsername());
            userNameToken.appendChild(userName);
            Element pwdText = d
                      .createElementNS(
                                SECURITY_NAMESPACE,
                                PASSWORD_TAG_NAME);
            pwdText.setAttribute(TYPE_TAG_NAME, PASSWORD_TEXT_ATTRIBUTE_NAME);
            pwdText.setTextContent(getPassword());
            userNameToken.appendChild(pwdText);
            securityParent.appendChild(userNameToken);
            SoapHeader header = new SoapHeader(new QName(
                      SECURITY_NAMESPACE, SECURITY,
                      SECURITY_NAMESPACE_NAME), securityParent);
            System.out.println(" HEADER "+header.toString());
            l.add(header);
       protected String getUsername(){
  return "test";
       protected String getPassword(){
            return test";
  I did add this interceptor as out interceptor to my client but for some reason the header is not getting added to the request . can someone pls. help me in troubleshooting this issue.
  Thank you

  The problem is in <form action="http://www.eastsidestudios.com.au/FormProcessv2.aspx?WebFormID=42582&O ID={module_oid}&amp;OTYPE={module_otype}&amp;EID={module_eid}&amp;CID={mo dule_cid}"
  You have to remove http://www.eastsidestudios.com.au from the action URL and make it relative:
  <form action="/FormProcessv2.aspx?WebFormID=42582&O ID={module_oid}&amp;OTYPE={module_otype}&amp;EID={module_eid}&amp;CID={mo dule_cid}"
  Cheers,
  -mario

• How to pass Security Header from the Physical Service in ODSI

  We have to call a secured Web service using ODSI. We are trying to build a physical service in ODSI using a WSDL which has username token with password text policy inside it. The requests to that web service are bound by the security policy. But ODSI is not allowing us to create a Physical service usin a WSDL with a security policy in it. How can we then pass the security header from the ODSI physical service to the external web service.

  You would need to write a webservice handler for your physical data service to implement the security.
  http://download.oracle.com/docs/cd/E13162_01/odsi/docs10gr3/datasrvc/How%20To%20Create%20SOAP%20Handlers%20for%20Imported%20WSDLs.html

• Row Level Security not working for SAP R/3

  Hi Guys
  We have an environment where the details are as mentioned below:
  1. Crystal Reports are created using Open SQL driver to extract data from SAP R/3 using the SAP Integration Kit.
  2. The SAP roles are imported in Business Objects CMC.
  3. Crystal Reports are published on the Enterprise as well.
  3. Authorization objects are created in SAP R/3 and added as required for the row level security as mentioned in the SAP Installation guide as well. The aim is when the user logs into the Infoview and refreshes the report he should only see data that he is meant to so through the authorization objects.The data security works very much fine when the reports are designed directly on the table but when the reports are built on the Business View it doesnt work hence the user is able to see all data.
  Any help in this issue is greatly appreciated.
  Thanks and Regards
  Kamal

  Hi,
  In order for row level security to work for you using the OpenSql driver, you need to configure the Security Definition Editor on your SAP server.  This is a server side tool which the Integration solution for SAP offers as a transport.
  This tool defined which tables are to be restricted based on authorizations.
  However since you are seeing the issue on reports based on Business Views, you need to identify whether the Business View is configured in such a way where the user refreshing the report is based on the user logging into Infoview.  If the connection to your SAP server is always established with the same user when BV is used then you security definition is pointless.
  You can confirm this by tracing your SAP server to identify what user is being used to logon to SAP to refresh the reports.
  thanks
  Mike

• Javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header error while invoking FinancialUtilService using HTTP proxy client

  I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
  javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
  Process exited with exit code 0.
  Message was edited by: Oliver Steinmeier
  Removed attachment

  Hi Jani,
  Thanks for your reply.
  I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command. 
       keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
  Invoking
      SecurityPolicyFeature[] securityFeature =
      new SecurityPolicyFeature[] { new
      SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
      financialUtilService_Service = new FinancialUtilService_Service();
      FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
      // Get the request context to set the outgoing addressing properties
      WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
      WSEndpointReference replyTo =
        new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
      String uuid = "uuid:" + UUID.randomUUID();
      wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
      wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
      wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY,  "Welcome1");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
  SEVERE: WSM-00057 The certificate, client, is not retrieved.
  SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
  SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
  SEVERE: WSM-00005 Error in sending the request.
  SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
  SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
  SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
  oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
    at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
    at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
    at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
    at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
    at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
    at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
    ... 30 more
  Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
    at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
    at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
    ... 32 more
  SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
  File upload failed
  javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    ... 19 more

• Extracting username and password from security header

  Hey all,
  I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
  1) I secured my BPEL process
  2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
  3) I added the security variable to the Header Variables for the BPEL process input
  4) I added the security variable to the Input Header Variables for the web service's invoke operation
  This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
  Environment:
  JDeveloper 11.1.1.6.0
  Thanks,
  Bill

  Hi Sri,
  If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
  Thanks,
  Bill

• "error in processing the WS-Security security header" - calling ws OIPM

  Hi All,
  We are trying to integrate Ebiz and OIPM, when we send request from ebiz to AxfSolutionMediatorService WebService we are getting below error
  InvalidSecurity : error in processing the WS-Security security header
  <ns2:exception xmlns:ns2="http://jax-ws.dev.java.net/" class="javax.xml.ws.soap.SOAPFaultException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
  <message>InvalidSecurity : error in processing the WS-Security security header</message>
  <ns2:stackTrace>
  <ns2:frame class="oracle.imaging.common.WSSecurityHandler" file="WSSecurityHandler.java" line="134" method="throwSOAPFaultException"/>
  <ns2:frame class="oracle.imaging.common.WSSecurityHandler" file="WSSecurityHandler.java" line="119" method="processHeader"/>
  <ns2:frame class="oracle.imaging.axf.ws.AxfSolutionMediatorWS" file="AxfSolutionMediatorWS.java" line="66" method="getUserPrincipal"/>
  <ns2:frame class="oracle.imaging.axf.ws.AxfSolutionMediatorWS" file="AxfSolutionMediatorWS.java" line="54" method="execute"/>
  <ns2:frame class="sun.reflect.GeneratedMethodAccessor2261" line="unknown" method="invoke"/>
  <ns2:frame class="sun.reflect.DelegatingMethodAccessorImpl" file="DelegatingMethodAccessorImpl.java" line="25" method="invoke"/>
  <ns2:frame class="java.lang.reflect.Method" file="Method.java" line="597" method="invoke"/>
  <ns2:frame class="weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker" file="WLSInstanceResolver.java" line="92" method="invoke"/>
  <ns2:frame class="weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker" file="WLSInstanceResolver.java" line="74" method="invoke"/>
  <ns2:frame class="com.sun.xml.ws.server.InvokerTube$2" file="InvokerTube.java" line="151" method="invoke"/>
  <ns2:frame class="com.sun.xml.ws.server.sei.EndpointMethodHandlerImpl" file="EndpointMethodHandlerImpl.java" line="268" method="invoke"/>
  <ns2:frame class="com.sun.xml.ws.server.sei.SEIInvokerTube" file="SEIInvokerTube.java" line="100" method="processRequest"/>
  <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="866" method="__doRun"/>
  <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="815" method="_doRun"/>
  <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="778" method="doRun"/>
  <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="680" method="runSync"/>
  <ns2:frame class="com.sun.xml.ws.server.WSEndpointImpl$2" file="WSEndpointImpl.java" line="403" method="process"/>
  <ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit" file="HttpAdapter.java" line="532" method="handle"/>
  <ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter" file="HttpAdapter.java" line="253" method="handle"/>
  <ns2:frame class="com.sun.xml.ws.transport.http.servlet.ServletAdapter" file="ServletAdapter.java" line="140" method="handle"/>
  <ns2:frame class="weblogic.wsee.jaxws.WLSServletAdapter" file="WLSServletAdapter.java" line="171" method="handle"/>
  <ns2:frame class="weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke" file="HttpServletAdapter.java" line="708" method="run"/>
  <ns2:frame class="weblogic.security.acl.internal.AuthenticatedSubject" file="AuthenticatedSubject.java" line="363" method="doAs"/>
  <ns2:frame class="weblogic.security.service.SecurityManager" file="SecurityManager.java" line="146" method="runAs"/>
  <ns2:frame class="weblogic.wsee.util.ServerSecurityHelper" file="ServerSecurityHelper.java" line="103" method="authenticatedInvoke"/>
  <ns2:frame class="weblogic.wsee.jaxws.HttpServletAdapter$3" file="HttpServletAdapter.java" line="311" method="run"/>
  <ns2:frame class="weblogic.wsee.jaxws.HttpServletAdapter" file="HttpServletAdapter.java" line="336" method="post"/>
  <ns2:frame class="weblogic.wsee.jaxws.JAXWSServlet" file="JAXWSServlet.java" line="95" method="doRequest"/>
  <ns2:frame class="weblogic.servlet.http.AbstractAsyncServlet" file="AbstractAsyncServlet.java" line="99" method="service"/>
  <ns2:frame class="javax.servlet.http.HttpServlet" file="HttpServlet.java" line="820" method="service"/>
  <ns2:frame class="weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction" file="StubSecurityHel
  per.java" line="227" method="run"/>
  <ns2:frame class="weblogic.servlet.internal.StubSecurityHelper" file="StubSecurityHelper.java" line="125" method="invokeServlet"/>
  <ns2:frame class="weblogic.servlet.internal.ServletStubImpl" file="ServletStubImpl.java" line="300" method="execute"/>
  <ns2:frame class="weblogic.servlet.internal.TailFilter" file="TailFilter.java" line="26" method="doFilter"/>
  <ns2:frame class="weblogic.servlet.internal.FilterChainImpl" file="FilterChainImpl.java" line="56" method="doFilter"/>
  <ns2:frame class="oracle.security.jps.ee.http.JpsAbsFilter$1" file="JpsAbsFilter.java" line="111" method="run"/>
  <ns2:frame class="java.security.AccessController" file="AccessController.java" line="native" method="doPrivileged"/>
  <ns2:frame class="oracle.security.jps.util.JpsSubject" file="JpsSubject.java" line="313" method="doAsPrivileged"/>
  <ns2:frame class="oracle.security.jps.ee.util.JpsPlatformUtil" file="JpsPlatformUtil.java" line="413" method="runJaasMode"/>
  <ns2:frame class="oracle.security.jps.ee.http.JpsAbsFilter" file="JpsAbsFilter.java" line="94" method="runJaasMode"/>
  <ns2:frame class="oracle.security.jps.ee.http.JpsAbsFilter" file="JpsAbsFilter.java" line="161" method="doFilter"/>
  <ns2:frame class="oracle.security.jps.ee.http.JpsFilter" file="JpsFilter.java" line="71" method="doFilter"/>
  <ns2:frame class="weblogic.servlet.internal.FilterChainImpl" file="FilterChainImpl.java" line="56" method="doFilter"/>
  <ns2:frame class="oracle.dms.servlet.DMSServletFilter" file="DMSServletFilter.java" line="136" method="doFilter"/>
  <ns2:frame class="weblogic.servlet.internal.FilterChainImpl" file="FilterChainImpl.java" line="56" method="doFilter"/>
  <ns2:frame class="weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction" file="WebAppServletContext.java" line="3715" method="wrapRun"/>
  <ns2:frame class="weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction" file="WebAppServletContext.java" line="3681" method="run"/>
  <ns2:frame class="weblogic.security.acl.internal.AuthenticatedSubject" file="AuthenticatedSubject.java" line="321" method="doAs"/>
  <ns2:frame class="weblogic.security.service.SecurityManager" file="SecurityManager.java" line="120" method="runAs"/>
  <ns2:frame class="weblogic.servlet.internal.WebAppServletContext" file="WebAppServletContext.java" line="2277" method="securedExecute"/>
  <ns2:frame class="weblogic.servlet.internal.WebAppServletContext" file="WebAppServletContext.java" line="2183" method="execute"/>
  <ns2:frame class="weblogic.servlet.internal.ServletRequestImpl" file="ServletRequestImpl.java" line="1454" method="run"/>
  <ns2:frame class="weblogic.work.ExecuteThread" file="ExecuteThread.java" line="209" method="execute"/>
  <ns2:frame class="weblogic.work.ExecuteThread" file="ExecuteThread.java" line="178" method="run"/>
  </ns2:stackTrace>
  </ns2:exception>
  The request which we are sending is
  <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Header><Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><UsernameToken> <Username>AXF</Username> <Password>AXF</Password> </UsernameToken> </Security></soap:Header><soap:Body><execute xmlns="http://service.axf.imaging.oracle/"><request xmlns=""><commandNamespace>UCM_Managed_Attachments</commandNamespace><conversationId></conversationId><requestParameters></requestParameters><role>guest</role><solutionNamespace>UCM_Managed_Attachments</solutionNamespace><systemName>Oracle</systemName><userContext><entry><key>RESP_ID</key><value>50554</value></entry><entry><key>RESP_APPL_ID</key><value>200</value></entry><entry><key>ORG_ID</key><value>204</value></entry><entry><key>USR_ID</key><value>1318</value></entry></userContext><username>operations</username></request></execute></soap:Body></soap:Envelope>
  Thanks in Advance,
  Rakesh.

  I know you've probably solved this but I'll post our working soap message below for others.
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:imag="http://imaging.oracle/">
  <soapenv:Header xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:UsernameToken>
  <wsse:Username>Username</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Password</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
  <imag:getDocument>
  <documentId>4.IPM_004280</documentId>
  <sectionSet>
  <flags>HISTORY</flags>
  <flags>FIELDVALUES</flags>
  </sectionSet>
  </imag:getDocument>
  </soapenv:Body>
  </soapenv:Envelope>

• Why is the security header empty in the response when mustUnderstand="1"?

  Hi
  In the response the value of mustUnderstand is equal to "1", but the UsernameToken data is not echoed, the security header is empty.
  It seems that either the credentials should be echoed or mustUnderstand should be equal to "0"
  An Axis 1.4 client threw an Exception because they interpreted the spec as such, and we've dealt with that but now
  I have an external party using some Microsoft stuff and they're having to intercept the response and set it to 0
  before processing the response.
  How should it be dealt with?
  I'm happy to write a handler that does this, and I tested some Oracle sample code but the header is always null.
  Source Code: AuthenticateHandler.java
  This is my test request...
  <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:env="http://www.w3.org/2003/05/soap-envelope" soap:mustUnderstand="1">
  <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Username>TestUser</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security></soap:Header>
      <soap:Body xmlns:ns1="http://webservicehandler/">
          <ns1:echoElement>DSF</ns1:echoElement>
      </soap:Body>
  </soap:Envelope>and my test response
  <env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:env="http://www.w3.org/2003/05/soap-envelope" env:mustUnderstand="1"/>
  </env:Header><env:Body><ans1:echoResponseElement xmlns:ans1="http://webservicehandler/">DSF</ans1:echoResponseElement>
  </env:Body></env:Envelope>

  You aren't addressing Apple here; we are all users like you.
  Please submit to apple.com/feedback

• Custom Policy Step and the WS-Security header attibute "mustUnderstand"

  Hi there,
  I have some issues testing the custom policy step that comes with OWSM (CustomAuthenticationStep), which i describe next.
  I manage to compile/deploy the custom step successfully. I also restart the server and add the brand new step into the request pipeline. The pipeline only has two steps, a log step and a custom authentication step.
  I develop a client for the gateway service which use the "Username to Authenticate" option of the Proxy Security. The other options (inbound/outbound integrity/encryption) are all unchecked.
  When I test the client, the following SOAP message is produced:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ns0="http://agesic.entidad/types/"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  env:mustUnderstand="1">
  <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Username>test</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </env:Header>
  <env:Body>
  <ns0:reverseElement>
  <ns0:aString>Holas!</ns0:aString>
  </ns0:reverseElement>
  </env:Body>
  </env:Envelope>
  Which looks just fine. However I get the following exception:
  javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at agesic.cliente.gateway.proxy.runtime.EchoReverseSoapHttp_Stub.reverse(EchoReverseSoapHttp_Stub.java:78)
       at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.reverse(EchoReverseSoapHttpPortClient.java:44)
       at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.main(EchoReverseSoapHttpPortClient.java:33)
  If i look at the log produced by the custom step, it looks like the step was successfully passed.
  ********** Entering Custom Authentication execute method **********
  Processing stage is Request
  Request SOAP message is <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="h
  ttp://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-ins
  tance" xmlns:ns0="http://agesic.entidad/types/" xmlns:wsu="http://docs.oasis-ope
  n.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><env:Header><wsse
  :Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004
  /01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.or
  g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://sche
  mas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken xmlns:wsse="http://docs.oasi
  s-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http:/
  /docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ws
  se:Username>test</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/
  wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse
  :Password></wsse:UsernameToken></wsse:Security></env:Header><env:Body><ns0:rever
  seElement><ns0:aString>Holas!</ns0:aString></ns0:reverseElement></env:Body></env
  :Envelope>
  User locale is English
  Client ip address is rhel4.tecinfo.com.uy:7777
  Verified user is test
  The problems is with the mustUnderstand attribute. It looks like no step tells the OWSM that he understands the header, so the OWSM pass through the pipeline and when it ends it thinks that that header was not processed properly.
  I try to find documentation on this issue but I didn't find any.
  Any ideas? Is there any way to specify that the step actually understands the ws-security header?
  Thanks!
  Leo

  Ok. Thanks. The problem here is a little bit different. At the client side, we have the following:
  <?xml version="1.0" encoding="UTF-8"?>
  <oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
  <webservice-client>
  <service-qname namespaceURI="http://agesic.entidad/" localpart="EchoReverse"/>
  <port-info>
  <wsdl-port namespaceURI="http://agesic.entidad/" localpart="EchoReverseSoapHttpPort"/>
  <runtime enabled="security">
  <security>
  <inbound/>
  <outbound>
  <username-token password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name='reverse'>
  </operation>
  </operations>
  </port-info>
  </webservice-client>
  </oracle-webservice-clients>
  The <outbound> here is requered in order to use the WSS UserName token profile. I try to remove the <inbound/> to check if it was a problem like yours, but we still have the same exception.
  The problem seems to be with the gateway at the server side.
  Intercepting the communication between the client and the server, we are getting the following response:
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ns0="http://agesic.entidad/types/">
  <env:Body>
  <env:Fault>
  <faultcode>env:MustUnderstand</faultcode>
  <faultstring>SOAP must understand error:
  {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  We need a way to instruct the gateway that he actually understands the wss header.
  Any ideas?
  Thanks!
  Leo

• Missing Security header in SOAP

  Hello!
  I used WSDLs to  generate a few client proxy classes in order to access web services of a 3rd party application. The first call was successfull: I called START_SESSION method passing username and password and got proper response (ticket, session ID). Afterwards, I wanted to call methods of other proxy classes of the same application and always got
  SoapFaultCode:1  WSDoAllReceiver: Request does not contain required Security header
  How do I pass security header and what does it consist of? I suppose ticket and/or session ID, but it is not part of any method's interface.
  What should I do?
  Thanks in advance!
  Kind regards,
  Igor
  Unfortunately, WSDL is not available in public. If necessary; I'll post it, but for the first post I'll try not to occupy space.

  Hi!
  I did research on this topic with server application and I quote what I found:
  <i>The Alfresco web services have always used the WS Security header to pass the ticket information to the server.
  The ticket is plucked out of the password parameter and cross checked within the server to ensure the request can proceed.
  So long as you construct the WS Security header correctly authentication at the repository should occure without problem</i>
  I get the ticket from the successfull call of START_SESSION method of different (authentication) proxy class, but don't know what to do with it. How to include it in security header of another proxy method call? Or should I do something else?
  I'll describe what I tried - please see if I did something wrong:
  1. In SE80 -> Client proxy maintenance, I selected tab Preconfiguration, selected "Session-Oriented communication" -> Checked "Select Feature"
  2. Same tab, selected "Authentication" -> Basic
  3. Activated the proxy
  4. WSSPROFILE -> Created profile based on CHECK_USERNAME template
  5. LPCONFIG -> Selected operation GET_USER, entered the newly created profile both in ProfileIn and ProfileOut, activated
  6. Activated client trace, called method and got SOAP request without any security info in header:
  <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
    <soap-env:Header>
      <n0:Trace xmlns:n0="http://www.sap.com/webas/630/soap/features/runtime/tracing/">
        <TraceLevel xmlns="http://www.sap.com/webas/630/soap/features/runtime/tracing/">Error</TraceLevel>
      </n0:Trace>
    </soap-env:Header>
    <soap-env:Body>
      <nr1:getUser xmlns:nr1="http://www.alfresco.org/ws/service/administration/1.0" xmlns:nr2="http://www.alfresco.org/ws/model/content/1.0">
        <nr1:userName>ADMIN</nr1:userName>
      </nr1:getUser>
    </soap-env:Body>
  </soap-env:Envelope>
  I must have done something wrong.
  Regards,
  Igor