Security token testing with soapUI

Similar Messages

• SAPPI 7.3 testing with SOAPUI

  Hi
  I have generated a WSDL from the SAP Integration builder for a service interface that will start a message flow.
  I am using SOAPUI to test this but I get the error
    com.sap.aii.af.service.cpa.CPAObjectNotFoundException: Couldn't retrieve inbound binding for the given P/S/A values
  Am I missing any parts of this URL that was proposed by the SAP Integration builder when it built me the WSDL
  " http://ABSDSAPPI01.mycompany.co.uk:50100/XISOAPAdapter/MessageServlet?version=3.0&Sender.Service=BC_AB_TESTHARNESS_B1&In… "

  Hi Jonny
  Please generate the WSDL from either sender agreement for classical configuration or from ICO.
  Then used the WSDL in SOAP UI, it will work.

• Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

  Please excuse the lousy table...Its late :-)
  I have a multi-server SP2010 farm.  Patched up to
  Configuration database version: 14.0.6106.5002
  My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
  letter (
  http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
  IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
  Claims Auth log entries:
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  f2ut
  Verbose
  Authenticated with login provider. Validating request security token.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Using membership provider 'ADAMProvider'.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Doing password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Failed password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)               
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Unexpected
  Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
  token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  fo1t
  Monitorable
  SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
  could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  fsq7
  High   
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  8306
  Critical
  An exception occurred when trying to issue security token: The security token username and password could not be validated..
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  f2un
  Verbose
  Form authentication failed.
  I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
   I found plenty out there and nothing directly correlates with this issue. 
  I searched on all parts of the errors I got.
  This contains an interesting blurb about setting up access for the apppool id correctly. 
  That’s not the case for me.  It works in dev and the same id are used there. 
  http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
  This was good but it doesn’t give specs on what the environment looks like:
  http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
  The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
  http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
  Any and all help would be greatly appreciated!

  Hi.
  You say its a multiserver farm, do you have more than one web server then?
  If thats the case, have you tried accessing the site on each server directly?
  Found this for you, maybe that can help?
  Troubleshooting Exceptions: System.ServiceModel.FaultException`1
  http://msdn.microsoft.com/en-us/library/bb907220.aspx
  and this:
  SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
  http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
  and
  This seems to be a good guide:
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  Good luck
  Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com

• Anonymous Level Security Token Error combined with DECOMCNFG errors and finishing big with mmc.exe crash

  Hello
  I'm running on  a brand new system Windows 7 Home Premium 64-Bit.
  I have a problem with Internet Explorer 8. When a javascript tries to open a link into a new window I get the error message: Message: Cannot open an anonymous level security token.
  The solution to this is to go to dcomcnfg -> Expand Componenet Services -> Computers
  Select My Computer -> right click My Computer and select Properties.
  On the Default Properties tab set the Default Authentication level and Default Impersonation level.
  Here is the problem: These values can not be set. There are multiple problems with the DCOMCNFG interface.
  1.  There are no values present in the drop down window. 
  2.  The first time one selects properties from my computer to access the default properties tab, I get only a 2 tab page consisting only of COM Security and MSDTC.  I have to select the properties option a second time to get the correct page to
  pop up containing the additional 4 tabs that include the default Properties. (strange, but I have actually seen this behavior reported elsewhere on the net by a developer)
  3. On the default properties tab, the "enable Distributed COM on this computer" is unchecked, even though registry values indicate DCOM is enabled.
  4. The drop down windows for "Default Authetication Level" and "Default Inpersonation Level" do not populate with any options when I check the "Enable Distributed COM" box.  Registry values appear to have these settings correctly set.
  5.  Regardless of whether I modify any entries or not on the Default Properties tab, every time I close the Default Properties tab by selecting "OK", mmc.exe crashes and an error is generated. No crash if I select "cancel."  Error info below:
  Problem Event Name: APPCRASH
  Application Name: mmc.exe
  Application Version: 6.1.7600.16385
  Application Timestamp: 4a5bc808
  Fault Module Name: comuid.dll
  Fault Module Version: 2001.12.8530.16385
  Fault Module Timestamp: 4a5bdf82
  Exception Code: c000041d
  Exception Offset: 0000000000027eb4
  OS Version: 6.1.7600.2.0.0.768.3
  Locale ID: 1033
  Additional Information 1: c04d
  Additional Information 2: c04dc172367dd59f9f2c3be375fb3e80
  Additional Information 3: ab1b
  Additional Information 4: ab1bd07e62aa9dd1521e9b185bfe43fc
  What have I done to try to remedy the problem?
  Ran fsc scannow and chkdsk with no change. 
  What would I like?
  To eliminate the anonymous level security token  error in IE8, and I assume the DCOMCNFG problem may be the cause.
  Thanks, Jim

  I have the EXACT signature of symptoms as described here, but with Windows XP: 
  [Quote]
  Multiple problems with the DCOMCNFG interface.
  1.  There are no values present in the drop down window. 
  2.  The first time one selects properties from my computer to access the default properties tab, I get only a 2 tab page consisting only of COM Security and MSDTC.  I have to select the properties option a second time to get the correct page to
  pop up containing the additional 4 tabs that include the default Properties. (strange, but I have actually seen this behavior reported elsewhere on the net by a developer)
  3. On the default properties tab, the "enable Distributed COM on this computer" is unchecked, even though registry values indicate DCOM is enabled.
  4. The drop down windows for "Default Authetication Level" and "Default Inpersonation Level" do not populate with any options when I check the "Enable Distributed COM" box.  Registry values appear to have these settings correctly set.
  5.  Regardless of whether I modify any entries or not on the Default Properties tab, every time I close the Default Properties tab by selecting "OK", mmc.exe crashes and an error is generated. No crash if I select "cancel." 
  [/QUOTE]
  I tried the COMFIX tool suggested by Jim Bacon - it does not complete for me however
  (there is no "run as admin" option in Windows XP, just double clicked to run it. 
  Otherwise followed as described (no Norton Ghost) 
  It errors out: 
  In the Command Window, it says Open Service Fail 1060
  Specific Service does not exist as installed service 
  And a Windows Script Host Window that reports error "the system cannot find the file specified" - code:80070002
  Is this because it is XP? 
  Is there something similar I can use for XP, or do I have some other limitation? 
  Appreciate assistance - I was happy to find this issue reported here so pleased that at least I am not unique in that! 

• Security Idenitity 2.0 Email Confirmation Token Create with one account validate with a different account

  Howdy,
  I extended the security model and made it multi-tenant, however when I create a email confirmation token in the admin tool, when I try and validate it, in one of the applications, it fails.  In the admin tool, I create a UserManager with all of
  the settings as if it were the application, but when the validation occures in the application it still fails.  The only way I can get it to work, is if I use the same app pool for both the application and the admin, or if I set the user account of both
  app Pools to the same service account.  How can I get it to work where I create a token in one app, and validate in another app?  Could I use impersonation?  Is there something I can do to the two service accounts to allow one to generate
  a token and the other to validate?

  Let's see if I can answer these in order...
  1.  We built several web applications using MVC 5.2, EF 6.0, Idenity 2.0
  2.  We are using MS Visual Studio 2013, running on VM with Windows Server 2008 R2, .NET 4.5.1
  3.  The problem is we want to have each application have a different service account to make them more secure.  We have an admin tool that allows us to add new applications to the Membership database, and new users to those applications.  The
  problem occurs when I create an email security token in the admin tool, and send it to the use who is then validated on the specific application.  If I make the service account of the application and the admin the same it works, if not it fails.
  I don't think the code is the problem, as it works fine if the service account for the application and the admin are the same.  It only fails when I use seperate service accounts, but here you go.
  Admin snippet:
  Manage Controller - RegisterUser
  varuser =
  newApplicationUser()
  { UserName = model.UserName, Email = model.Email, IsActive = model.SelectedIsActive, IsPswdChgRequired = model.SelectedIsPswdChgRequired, TenantId = model.TenantId };
  UserManager<ApplicationUser,
  int> um = CreateUserManager(Convert.ToInt32(model.SelectedTenantId));
  private UserManager<ApplicationUser, int> CreateUserManager(int TenantId)
              var provider = new Microsoft.Owin.Security.DataProtection.DpapiDataProtectionProvider(GetTenantName(TenantId));
              UserManager<ApplicationUser, int> um = new UserManager<ApplicationUser, int>(new ApplicatonUserStore(new ApplicationDbContext()) { TenantId = TenantId });
              um.UserTokenProvider = new Microsoft.AspNet.Identity.Owin.DataProtectorTokenProvider<ApplicationUser, int>(provider.Create("EmailConfirmation"));
  Application snippet:
  AccountController - constructor
  var
  provider =
  newMicrosoft.Owin.Security.DataProtection.DpapiDataProtectionProvider(ConfigurationManager.AppSettings["TenantName"]);
              userManager.UserTokenProvider =
  newMicrosoft.AspNet.Identity.Owin.DataProtectorTokenProvider<ApplicationUser,
  int>(provider.Create("EmailConfirmation"));
  public async Task<ActionResult> ConfirmEmail(string userId, string ecode, string scode)
              if (userId == null || ecode == null || scode == null)
                  return View("Error");
              var result = await UserManager.ConfirmEmailAsync(Convert.ToInt32(userId), ecode);
              if (result.Succeeded)

• Errors with SharePoint Security Token Service: "The revocation function was unable to check revocation for the certificate"

  I'm getting these errors in the eventlog and ULS, "An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root
  Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS CERTIFICATE THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate."
  The errors point to the SharePoint Security Token Service as the issue ("The revocation function was unable to check revocation for the certificate") reported back by the Topology service.  This is apparent when executing a search, accessing
  the managed metadata service, issuing SPSite commands in Powershell, or anything that needs to run through the "SharePoint Web Services" site.  I've looked at the certificate assigned to that site and everything appears to be in order. 
  It would seem to me to be either an incorrect endpoint configuration (internally cached perhaps?) or related to security access for the configuration database (in order to validate the certificate root).
  What I’ve tried so far:
  I’ve been all over the certificate settings, both in the server store, and within SharePoint Token Service config.  Both appear to be configured correctly such that the root CAs can be validated.
  Re-entered the passwords for the application pool domain accounts to eliminate these as a potential cause.  I’ve also verified the service accounts reporting the error, do have access to the configuration database.
  Re-provisioned the STS service to see if that might clear out any cached issues and validated everything else according to this
  MS Tech note.
  So far nothing has worked.  Is there anything else I could be looking at that I've missed? (Full eventlog detail below)
  Log Name:      Application
  Source:        Microsoft-SharePoint Products-SharePoint Foundation
  Date:          2/20/2015 11:19:41 AM
  Event ID:      8311
  Task Category: Topology
  Level:         Error
  Keywords:      
  User:          <SP SERVICE ACCOUNT>
  Computer:      <SHAREPOINTSERVER>
  Description:
  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS
  CERT THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
      <EventID>8311</EventID>
      <Version>14</Version>
      <Level>2</Level>
      <Task>13</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-20T17:19:41.213852500Z" />
      <EventRecordID>1611121</EventRecordID>
      <Correlation />
      <Execution ProcessID="10212" ThreadID="10328" />
      <Channel>Application</Channel>
      <Computer><SHAREPOINTSERVER></Computer>
      <Security UserID="<SP SERVICE ACCOUNT>" />
    </System>
    <EventData>
      <Data Name="string0">CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string1">CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string2"><STS CERT THUMBPRINT></Data>
      <Data Name="string3">RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  </Data>
    </EventData>
  </Event>

  Hi Darren,
  This problem seems to occur when an administrator deletes the local trust relationship of the farm from the Security section of the Central Administration website
  In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands
  $rootCert = (Get-SPCertificateAuthority).RootCertificate
  New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
  After running the above commands, perform an IISReset on all servers in the farm.
  More information:
  http://support.microsoft.com/kb/2545744
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• Web Service on JCS13.2: InvalidSecurityToken : The security token is not valid.

  Hi,
  I deployed a web service with the security policy @SecurityPolicy(uri = "oracle/wss_username_token_over_ssl_service_policy").  The WSDL file looks fine
  But when I test it with SOAPUI and JDeveloper HTTP Analyzer,  It always throws, InvalidSecurityToken : The security token is not valid.
  The Web Service code is as below,
  import javax.jws.WebMethod;
  import javax.jws.WebService;
  import weblogic.wsee.jws.jaxws.owsm.SecurityPolicies;
  import weblogic.wsee.jws.jaxws.owsm.SecurityPolicy;
  @WebService
  @SecurityPolicy(uri = "oracle/wss_username_token_over_ssl_service_policy")
  public class HelloWorld {
      public HelloWorld() {
          super();
      @WebMethod
      public String sayHi( String name ){
          return "Hello, " + name ;
  What's the valid username and password for the web service deployed on JCS?  Any suggestion and help is highly appreciated.

  The SOAP request payload from SOAP UI is:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws/">
     <soapenv:Header>
        <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
           <wsse:UsernameToken wsu:Id="UsernameToken-3">
              <wsse:Username>[email protected]</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXX</wsse:Password>
           </wsse:UsernameToken>
        </wsse:Security>
     </soapenv:Header>
     <soapenv:Body>
        <ws:sayHi>
           <arg0>Paula</arg0>
        </ws:sayHi>
     </soapenv:Body>
  </soapenv:Envelope>
  but the response is,
  <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
     <S:Body>
        <ns2:Fault xmlns:ns2="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns3="http://www.w3.org/2003/05/soap-envelope">
           <faultcode xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns0:InvalidSecurityToken</faultcode>
           <faultstring>InvalidSecurityToken : The security token is not valid.</faultstring>
        </ns2:Fault>
     </S:Body>
  </S:Envelope>

• WS-Security and proxy service: Unable to add security token for identity

  What the reason of "Unable to add security token for identity" fault in this situation (10.3.1):
  I did simple "hello word" proxy service and tried to apply custom policy binding.
  WS-Policy is next:
  <wsp:Policy wsu:Id="WS-Policy-Siebel"
       xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
       xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
       <wssp:Identity
            xmlns:wssp="http://www.bea.com/wls90/security/policy">
            <wssp:SupportedTokens>
                 <wssp:SecurityToken
                      TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
                      <wssp:UsePassword
                           Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" />
                 </wssp:SecurityToken>
            </wssp:SupportedTokens>
       </wssp:Identity>
  </wsp:Policy>
  Process WS-Security is setted to "yes".
  While debugging I see that all works fine - I can authenticate with defined credentials and breakpoints in proxy service flow works fine.
  But at the end I get the fault:
  Soap fault:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
  <env:Fault>
  <faultcode>env:Server</faultcode>
  <faultstring>Unable to add security token for identity</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  In console:
  <09.06.2010 17:39:18 MSD> <Error> <OSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: F
  ault, message-id: 1721282272521583996--57dc4ccc.1291cc2282d.-7fab, proxy: OSB Project WS-Security/WSSecurityService, operation: NewOperation]
  --- Error message:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault><faultcode>env:Server</faultcode><faultstring>Un
  able to add security token for identity</faultstring></env:Fault></env:Body></env:Envelope>
  weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processIdentity(SecurityPolicyDriver.java:175)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:73)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
  at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:88)
  at weblogic.wsee.security.WssServerHandler.processResponse(WssServerHandler.java:70)
  Truncated. see log file for complete stacktrace
  Incoming soap message is:
  <soapenv:Envelope      xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header      xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:Security      soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken      wsu:Id="unt_TNNp0cBwU7HyPKoq" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>testuser</wsse:Username>
  <wsse:Password      Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testuser</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soap:Header>
  <soapenv:Body>
  <wss:NewOperation      xmlns:wss="http://www.troika.ru/Enterprise/WSSecurityService/">
  <in>string</in>
  </wss:NewOperation>
  </soapenv:Body>
  </soapenv:Envelope>
  Edited by: Andrey L. on Jun 9, 2010 5:55 PM

  I thought you were getting that exception when accessing the proxy.
  No. Authentification works fine. Proxy body works fine. But at the end of proxy appears the exception.
  Sorry for my english - I tried to show this situation on image: http://imglink.ru/show-image.php?id=9c0e0c1719f00289faf11696c6703bc3
  Are you getting this exception when routing to a business service which is configured for WS-Security ??
  I don't use business service in this test project - only simple proxy service with all logic inside.
  PS transformation in replace action is very simple too:
  (:: pragma bea:global-element-parameter parameter="$newOperation1" element="ns0:NewOperation" location="WSSecurityService.wsdl" ::)
  (:: pragma bea:global-element-return element="ns0:NewOperationResponse" location="WSSecurityService.wsdl" ::)
  declare namespace ns0 = "http://www.troika.ru/Enterprise/WSSecurityService/";
  declare namespace xf = "http://tempuri.org/OSB%20Project%20WS-Security/Hello/";
  declare function xf:Hello($newOperation1 as element(ns0:NewOperation))
  as element(ns0:NewOperationResponse) {
  <ns0:NewOperationResponse>
  <out>Hello, { data($newOperation1/in) }!</out>
  </ns0:NewOperationResponse>
  declare variable $newOperation1 as element(ns0:NewOperation) external;
  xf:Hello($newOperation1)
  Edited by: Andrey L. on Jun 10, 2010 12:21 PM

• Lync 2013 Logon Failing (HTTP status code 500) No valid security token

  Hello there,
  I'm in the process of deploying Lync 2013.  I have the pool deployed and everything is at least running.  I can access the control panel and provision users.  However when I try to logon to the Lync Client I get a DNS error.  The DNS
  error appears to be misleading and is a result of the earlier auto-detection methods failing.
  However using the Lync Connectivity Analyzer I get a "No valid security token." error.  This doesnt matter if I use auto-detection or manual pointing the Connectivity Analyzer to the pool servers.
  [3/2/2015 9:34:15 AM] [ERROR] Reason: Internal server error (HTTP status code 500)
  [3/2/2015 9:34:15 AM] [ERROR] Ms-Diagnostics-Fault ErrorId: 28020, Reason: No valid security token.
  [3/2/2015 9:34:15 AM] [CRITICAL] The credentials were not authorized by the server. Please verify your login credentials and try again.
  [3/2/2015 9:34:15 AM] [DEBUG] System.Exception: Exception of type 'System.Exception' was thrown.
  at Microsoft.LyncServer.WebServices.WebTicketManager.WTExceptions(String exText)
  at Microsoft.LyncServer.WebServices.WebTicketManager.<AcquireTicketAsync>d__19.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.LyncServer.WebServices.WebTicketManager.<AcquireOpaqueTicketAsync>d__14.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
  at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<AuthenticationRequired>d__2a.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
  at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<ParseResponse>d__16.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
  Im a bit stumped where to go next.
  Thanks.

  Manually entering the server also fails and does not provide much to help "We're having trouble connecting to the server. If this continues, please contact your support team."
  I found that each time I try to logon it generates a Schannel Error on the server.  "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51.
  The Windows SChannel error state is 1106."
  There seems to be a lot more information on that than the previous "Internal Error" message I was trying to deal with.
  https://social.technet.microsoft.com/Forums/office/en-US/41718327-203f-445f-8657-87b0a8545ead/lync-2013-client-signin-issue-with-lync-2013-server?forum=lyncprofile
  Actually I just found the Lync Server Front-End is stuck "starting" so that would explain why I cannot login.  However I re-issued my certificate to make sure the primary CN matched "lync.domain.tld" and it still wont start.
  https://expertslab.wordpress.com/2014/04/23/lync-server-2013-front-end-service-stuck-on-starting/
  I think my problem is the certificate.  I have been trying to use selfSSL7 to generate the certificate for testing but it does not support creating SAN entries so I have entered all the FQDNs as CN entries.
  Im going to get another method to generate the self-signed certificate for testing.

• Security Token Service application not working

  Trying to use secure store service to access userprofileservice.asmx methods within Infopath 2010 form(doesn't contain any managed code). Created tareget application and using udcx file within the data connection library according to Microsoft tech articles.
  I see errors related to accessing securitytokenservice application.It keeps on erroring out within the ULS logs, something like below
  http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
  TCP error code 10061: No  connection could be made because the target machine actively refused it ::1:32843
  Used below links but no luck.
  Method 2 of http://support.microsoft.com/kb/981684
  http://support.microsoft.com/kb/2493524
  http://www.avanadeblog.com/sharepointasg/iis/
  My http://localhost works but i don't see
  http://localhost:32843 working.
  When i run netstat -a within command prompt i see port 32843 is working since the state of it is shown as "listening".
  When i browse to
  http://localhost:32843/SecurityTokenServiceApplication i see HTTP 404 error.
  It is same with other services  under SharePoint Web Services Site within IIS.
  I see the same HTTP 404 error. The Security Token Service application pool is running.
  I'm trying to make this work within my development envirnoment and  i don't see the security token service application
  working in my Production or test environment either. I have a standalone installation on my personal laptop and i don't see these things working there as well. If i had web.config file of a working Security token service application then i could have compared
  that with the web.config on my developement box. This is the only thing i missed out on.
  I'm kind of stuck with this since last one week and any help is appreciated.
  Thanks, DC SharePointer

  thanks Henrik.
  Farm Servers already have WCF Hotfix (976462) and I also checked the STS authentication settings in IIS. Only windows and Anonymous access is enabled. I did make the change(Authentication mode of spStsActAsBinding to IssuedToken, it was SspiNegotiatedOverTransport) that
  is suggested in the link you provided. But no luck. My STS web.config has below membership and role providers
   <system.web>
      <membership>
        <providers>
          <add connectionStringName="DevSQLConn"
   applicationName="/"
   name="DevAspNetSqlMembershipProvider"
   requiresQuestionAndAnswer="false"
   type="System.Web.Security.SqlMembershipProvider,System.Web,Version=2.0.3600.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
        </providers>
      </membership>
      <roleManager enabled="true">
        <providers>
          <add connectionStringName="DevSQLConn"
   applicationName="/"
   name="DevAspNetSqlRoleManager"
   type="System.Web.Security.SqlRoleProvider,System.Web,Version=2.0.3600.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
        </providers>
      </roleManager>
    </system.web>
  Does this have to do anything with my issue. I think at some point they might have configured to use form based authentication.
  Thanks, DC SharePointer

• Unable to add security token for identity

  Hi all,
  I am trying to implement a web service with username token authentication. I have defined the ws -policies in the wsdl, and checked the Process Security Header checkbox in the proxy configuration. But when I invoke the proxy through test console and pass the full soap envelope , I am getting an "Unable to add security token for identity" error
  This is how the soap header looks from the request document part of the test console:
       <soap:Header>
       <wsse:Security>
       <wsse:UsernameToken>
       <wsse:Username>xxxxx</wsse:Username>
       <wsse:Password      Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yyyyyy</wsse:Password>
       </wsse:UsernameToken>
       </wsse:Security>
       </soap:Header>
       <soap:Body>
  I have configured the user at alsb security configuration and added an acces policy stating that the proxy can be accessed only by user "xxxx"
  Please help
  -Atheek

  Mostafa ,
  This points to a misconfiguration of your security. Possible causes are:
  * There is not a valid RSA key to sign the SAML token with.
  * The SAML CredentialMapper is missing
  * There is no Relying Party (rp) configured for SAML Credential Mapper that matches your producer
  * The producer is using User Name Token and you have no configured the DefaultCredentialMapper to allow for UserNameToken.
  Good Luck,
  Nate
  Edited by: user650654 on Sep 9, 2008 4:31 AM

• How to Use JDeveloper to Secure and Test a Web Service

  When I try this tutorial "http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html", I get this exception:
  javax.xml.rpc.soap.SOAPFaultException: The security token could not be authenticated or authorized
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:578)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:400)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:113)
       at client.proxy.runtime.MyWebService1SoapHttp_Stub.echoMe(MyWebService1SoapHttp_Stub.java:78)
       at com.cmaxwell.secure.MyWebService1SoapHttpPortClient.echoMe(MyWebService1SoapHttpPortClient.java:42)
       at com.cmaxwell.secure.MyWebService1SoapHttpPortClient.main(MyWebService1SoapHttpPortClient.java:31)
  Process exited with exit code 0.
  What am I doing wrong?

  Username and password are "albert" as it is written in the part "Run the Client". The version of JDeveloper is "10.1.3.4.0.4270". The exception scenarios do not help me in this case. I get the exception on this line:
  myPort.echoMe("testing secure service");

• Help Needed for Internet Security Driving Test!

  Hi I came up with a few basic rules for family and friends
  that I put together in order to try to prevent them from
  continually installing spyware, toolbars, keyloggers and viruses on
  their computers (and as a result, to try to prevent them from
  continually calling me and asking for my help and advice when they
  did this and things went wrong).
  To all intents and purposes the rules worked well - for a
  while. I set it up as a simple RTF document and I added this to the
  start up folder of Windows XP, so that it started every time the PC
  started. However, over time some of them simply learned to ignore
  the rules and to close the RTF document as soon as it opened
  without paying any attention to it at all - and then they went
  about their merry business of installing spyware, keyloggers and
  viruses etc. just as they had in the past.
  So OK, I have to admit I found this deeply frustrating - but
  I also realise that this is the same position that many of us geeks
  are in in that on the whole, most average everyday computer users
  don't have a clue about Internet security.
  Now however things have become a lot more serious for me, as
  I have been asked by a local charity to administer a total of 60
  machines over 2 different sites - and I have also been asked if I
  could provide some form of training with regard to basic personal
  Internet security.
  With this in mind I came up with the idea of an interactive
  CDROM, or Flash based Internet security driving test/tutorial that
  basically covers all of the scenarios I touch on in my rules.
  This tutorial would cover basic things like, if you got an
  email from a representative ex President of an African country
  offering you a share in millions of dollars of stolen money, or if
  you got an email from your bank asking you to verify your security
  details and so on, what would you do? Additionally it would cover
  such things as the abundance of viruses that infest many of the
  porn sites on the net, the way that many games on the Internet that
  are listed as being 'free' (particularly those which are in
  executable file format) are often just vehicles for more spyware
  and viruses also - and about the dangers of chat lines, of spoof
  security warnings on web sites and so on.
  I have included my list of rules below which should hopefully
  give you an idea of what I'm trying to do. Be warned though, the
  wording is deliberately harsh and perhaps a little extreme (and as
  a result maybe not entirely 100% accurate) but you must realize
  that I am, or was trying to give myself the easiest time possible
  and the least possible problems. So you may well find things you
  disagree with in it - but overall if someone followed these rules,
  they probably would be less likely to run into problems than
  someone who did not follow them might.
  The thing is however that (as I said) I would like to
  formalise these rules somewhat in the format of some kind of
  interactive tutorial/web security driving test. Unfortunately I
  have no experience with flash - and little knowledge of HTML or
  anything like that. I also know that the language for these rules
  isn't quite right, in that it probably isn't suitable for a formal
  office type environment.
  I had in mind that the tutorial would show some realtime
  examples of some of the things I have been talking about (which I
  assume would only be possible in Flash?) or perhaps rather like a
  readers digest multiple choice type thing, with screenshots
  depicting the various scenarios in question. (Like a screenshot of
  a flash animation on a web page saying 'You have won a prize!!!'
  What would you do? a) click on the ad, b, ignore it, or c) phone
  all of your family and friends informing them of your good fortune
  before doing anything.' etc.
  So I was wondering, are there any good hearted charitable
  souls out there who might be willing to help out to put a tutorial
  like this together?
  Again I remind you that it really is for a charity
  (specifically the Depaul Trust in the UK, which helps young
  vulnerable people find secure accommodation, provides educational
  opportunities and helps them to find employment). The requirement
  would be that all staff and students pass the Internet security
  test before being granted Internet access.
  I know this might be time consuming - but again all I can do
  is appeal to the sense of kindness and helpfulness of this
  community and hope that someone who does have some experience in
  these maters might be willing to help.
  Alternatively could anyone suggest a simple easy to use
  software package that would allow a relative n00b like me to put
  together a tutorial like this on my own? Or perhaps it is possible
  that some free online tutorial like this already exists?
  In any case, any help at all would be appreciated.
  PS,
  Here are the rules I have that I referred to above.
  http://download305.mediafire.com/b6ndmljht1bg/29bbnnbz2uz/internet+rules.rtf

  Dennis, when I look at the subject three clips (EI 1250, EI 640, and EI 320, respectively, and in that order) as presented in the camera, I see exactly what I have expected all along -- three different-brightness images that are progressively brighter from the EI 1250 exposure to the EI 320 exposure.   So, am mystified why when I open these images (clips), say, in RAW Viewer, wherein I have thought that I would see the same progressive brightness differences allowing me to experiment with reducing brightness to deal with noise reduction, all three of the images present completely alike in brightness.

• How to get security token from a URL in BPM

  Hi,
  I need to get a security token from a url in a business process.
  The URL is like:
  https://services.sapo.pt/STS/GetToken?ESBUsername=test&ESBPassword=test1
  If I paste it on the browser i get the token in the form:
  <ESBToken>
  a7d1cd4e20c9c1b437513d434abbfee83b1f8f32839b54e6632f2865631303b815547cf898...
  </ESBToken>
  What is the best way to get and map the token in an Integration Process in SAP XI? Is it possible by user defined function in mapping? How?
  Thanks in advance.

  I am not sure what you want to do!? Do you want to display the image file, save the image file? When you say you don't want it to exit, do you want it to be a persistant application?

• SAS Token failed with 403 error while generating for each request using ARR module

  Hi,
  We are doing an e-Learning application, which plays a course on the browser (inside a div control). The course contains list of static contents such as html, js, css etc., and media files .mp4. We are hosting the static contents (.html, .js, .css etc) into
  Azure blob storage and media files into Media Service and CDN.
  When user triggers to take a course, the browser first request the Web Role with landing page (Ex: FirstPage.html) and with Course Unique Id - Ex:
  https://cloudservice1.cloudapp.net/course/courseid/firstpage.html. We have written a custom ARR Module (http://www.iis.net/learn/extensions/url-rewrite-module/developing-a-custom-rewrite-provider-for-url-rewrite-module),
  which receives the request, parse it and generate blob storage url with SAS token using C# code for each file. Then route to blob storage. (we have already passing storage account details to ARR Module using Web.config)
  For single user, the course plays fine. But we do the load testing with > 400 user load (with 5 instances), we are getting many 403 errors (and not all files). If the load is less than 200, we don’t get such issue.
  Also, we are using REST code to generate the SAS token. When the SAS token expiration time extending more than 60 min, getting error “Access without signed identifier cannot have time window more than 1 hour”. As the code is exist in ARR Module, unable to
  refer the Storage Client assembly. This 60 min time interval is for each file request – so there could not be an issue on expiration, but feeling this might be an issue?
  Can you please point me what could be the issue and how to solve this. Is the ARR Module caching the SAS token and providing the same even after the expiration time?
  Many Thanks, Thirumalai M

  hi,
  There is a similar thread (http://stackoverflow.com/a/17572316 ), I recommend you could refer to it.
  And I'd like to know how to set the expiry time in your code, and you could see this page (http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.