Web Service Security Username Token Issue

Similar Messages

• Web Service Security X509 token issue...

  Hi All,
  I have an issue with using X509 certificates. Please find the details attached below:-
  I used the following link to create a simple keystore using 3rd party tools:-
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/CreateKeyStore_howto.htm
  NOTES:
  1) I think the above link creates self signed certificates.
  2) The signature and encryption key for both the web service and proxy created below are the same.
  As can be seen from this link, two certificates are created with aliases sam and dave. I then used the following link to secure the web service and proxy:-
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
  This link uses the OAS manager to set the keytoll related properties. These entries are already into system-jazn-data.xml. A point to note here is that the aliases of the certificates are stored in system-jazn-data.xml.
  My oracle-webservices.xml has the mapping attribute of the verify-x509-token token set to CN (Common Name). Hence I changed the above entries in system-jazn-data to reflect the common names instead of the aliases.
  However the standalone OC4J server still throws the following error whether I try to run the proxy with the mapping attr set to alias or CN in the jazn file:-
  07/07/05 20:58:14 Oracle Containers for J2EE 10g (10.1.3.1.1) initialized
  2007-07-05 20:58:39.876 ERROR Cannot authenticate X509 certificate, User CN=Sam
  Cooke, OU=samDept, EMAILADDRESS=[email protected], O=samOrg, L=samCity, ST=samState
  , C=US does not exist in our system
  07/07/05 20:58:39 javax.security.auth.login.LoginException: Cannot authenticate
  X509 certificate, User CN=Sam Cooke, OU=samDept, EMAILADDRESS=[email protected], O=
  samOrg, L=samCity, ST=samState, C=US does not exist in our system
  I have not exported any certificates from client to serve or vice versa.
  Please could someone help out? This is urgent.
  Regards,
  Lester.

  I had the same issue and solved it like this:
  Create a signed certificate, import it into your keystore and use that as Signature Key alias in both the client as the server security. Make sure the user with the same name exists in the realm on the server.
  Hope this helps,
  Lonneke

• Web Service Security username token...

  Hi All,
  I am presently trying to build in security authentication into my web service using the username-token and the verify-username-token tokens.
  My WS_stub.xml on the proxy side looks like the following:-
  other tokens
  <security>
  <inbound/>
  <outbound>
  <username-token name="NAME" password="PASS" password-type="DIGEST" add-nonce="true" add-created="true"/>
  </outbound>
  </security>
  other tokens
  and my oracle-webservices.xml on hte web service side looks like the following:-
  other tokens
  <security>
  <inbound>
  <verify-username-token name="NAME" password="PASS" password-type="DIGEST"
  require-nonce="true"
  require-created="true"/>
  </inbound>
  <outbound/>
  </security>
  other tokens
  I have set the javacache.xml for the embedded OC4J location as follows:-
  </persistence>
  <max-objects>1000</max-objects>
  <max-size>48</max-size>
  <clean-interval>60</clean-interval>
  </cache-configuration>
  When I run the web service followed by the proxy I get the following error at the proxy side.
  javax.xml.rpc.soap.SOAPFaultException: Policy requires DIGEST passwords
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:60)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:47)
  Also it gives exceptions with repect to nonces such as "Policy requires nonce". Please could someone tell me how to setup an nonce in the xml files above and how to use nonce in web services?
  Regards,
  Lester.

  Hi All,
  Presently I am trying to set the security for my web service and am receiving the following error when doing so at the proxy side:-
  oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: java.lang.NullPointerException
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.createSoapFaultException(InterceptorChainImpl.java:338)
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleException(InterceptorChainImpl.java:256)
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleRequest(InterceptorChainImpl.java:128)
       at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorPipeline.handleRequest(AbstractInterceptorPipeline.java:87)
       at oracle.j2ee.ws.client.StubBase._preRequestSendingHook(StubBase.java:699)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:147)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:62)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:49)
  Process exited with exit code 0.
  My WS_Stub.xml file under runtime of the proxy project looks as follows:-
  <?xml version="1.0" encoding="UTF-8"?>
  <oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
  <webservice-client>
  <service-qname namespaceURI="http://trailerinfo/" localpart="TrailerWS"/>
  <port-info>
  <wsdl-port namespaceURI="http://trailerinfo/" localpart="TrailerWSSoapHttpPort"/>
  <runtime enabled="security">
  <security>
  <key-store name="mytestkeystore" store-pass="mytestkeystore" path="C:\Temp\mytestkeystore.jks"/>
  <signature-key key-pass="sampwd" alias="sam"/>
  <encryption-key key-pass="davepwd" alias="dave"/>
  <inbound>
  <verify-signature>
  <signature-methods>
  <signature-method>DSA-SHA1</signature-method>
  <signature-method>RSA-MD5</signature-method>
  <signature-method>RSA-SHA1</signature-method>
  </signature-methods>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <verify-timestamp created="true" expiry="28800"/>
  </verify-signature>
  <decrypt>
  <encryption-methods>
  <encryption-method>AES-128</encryption-method>
  <encryption-method>AES-256</encryption-method>
  <encryption-method>3DES</encryption-method>
  </encryption-methods>
  <tbe-elements>
  <tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
  </tbe-elements>
  </decrypt>
  </inbound>
  <outbound>
  <username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800"/>
  </signature>
  <encrypt>
  <recipient-key alias="dave"/>
  <encryption-method>3DES</encryption-method>
  <keytransport-method>RSA-1_5</keytransport-method>
  <tbe-elements>
  <tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
  </tbe-elements>
  </encrypt>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name='addtrailerinfo'>
  <runtime>
  <security>
  <inbound/>
  <outbound>
  <username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800"/>
  </signature>
  <encrypt>
  <recipient-key alias="test"/>
  <encryption-method>3DES</encryption-method>
  <keytransport-method>RSA-1_5</keytransport-method>
  <tbe-elements>
  <tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
  </tbe-elements>
  </encrypt>
  </outbound>
  </security>
  </runtime>
  </operation>
  </operations>
  </port-info>
  </webservice-client>
  </oracle-webservice-clients>
  My oracle-webservices.xml file looks like the following:-
  <oracle-webservices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/oracle-webservices-10_0.xsd">
  <webservice-description name="TrailerWS">
  <port-component name="TrailerWSSoapHttpPort">
  <runtime enabled="security">
  <security>
  <key-store name="mytestkeystore" store-pass="mytestkeystore"
  path="META-INF/mytestkeystore.jks"/>
  <signature-key key-pass="sampwd" alias="sam"/>
  <encryption-key key-pass="davepwd" alias="dave"/>
  <inbound>
  <verify-username-token password-type="PLAINTEXT"
  require-nonce="false"
  require-created="true"/>
  <verify-signature>
  <signature-methods>
  <signature-method>DSA-SHA1</signature-method>
  <signature-method>RSA-MD5</signature-method>
  <signature-method>RSA-SHA1</signature-method>
  </signature-methods>
  <tbs-elements>
  <tbs-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <verify-timestamp created="true" expiry="28800"/>
  </verify-signature>
  <decrypt>
  <encryption-methods>
  <encryption-method>AES-128</encryption-method>
  <encryption-method>AES-256</encryption-method>
  <encryption-method>3DES</encryption-method>
  </encryption-methods>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbe-elements>
  </decrypt>
  </inbound>
  <outbound>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800"/>
  </signature>
  <encrypt>
  <recipient-key key-pass="" alias="dave"/>
  <encryption-method>3DES</encryption-method>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbe-elements>
  </encrypt>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name="addtrailerinfo"
  input="{http://trailerinfo/}addtrailerinfoElement">
  <runtime>
  <security>
  <inbound>
  <verify-username-token require-nonce="false"
  require-created="true"
  password-type="PLAINTEXT"/>
  <verify-signature>
  <signature-methods>
  <signature-method>DSA-SHA1</signature-method>
  <signature-method>RSA-MD5</signature-method>
  <signature-method>RSA-SHA1</signature-method>
  </signature-methods>
  <tbs-elements>
  <tbs-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <verify-timestamp created="true" expiry="28800"/>
  </verify-signature>
  <decrypt>
  <encryption-methods>
  <encryption-method>AES-128</encryption-method>
  <encryption-method>AES-256</encryption-method>
  <encryption-method>3DES</encryption-method>
  </encryption-methods>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"
  mode="CONTENT"/>
  </tbe-elements>
  </decrypt>
  </inbound>
  <outbound/>
  </security>
  </runtime>
  </operation>
  </operations>
  </port-component>
  </webservice-description>
  </oracle-webservices>
  I checked this exception out at hte following link
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html#keystore
  which lists hte instructions to secure a web service. The trouble shooting section lists this exception and says it might be due to a timestamp created flag being set to false. However I have made sure that both the client and service side xml files above have this set to true and are matching.
  However I am still not able to eliminate this error. Please could someone help me out? This is urgent.
  Regards,
  Lester.

• Unable to call Web Service with Username Token

  -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
  I posted this in the JDeveloper forum but got no response.
  -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
  I have JDeveloper 10g release 3.
  I created a regular Java application. Added a Web service proxy with no special mappings or anything. Right clicked on the proxy and said "Secure Proxy". I only used basic plain text username token. Added a method to my class that call instantiates a client, and called the operation.
  However when I run this I get the following error message.
  SEVERE: No username found
  Error::oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: No username found
  The Web Service Security Proxy Wizard created an xml in my src file, that I updated to put the username and password of the web service. Below is the xml file.
  <oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
  <webservice-client>
  <service-qname namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1"/>
  <port-info>
  <wsdl-port namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1Soap"/>
  <runtime enabled="security">
  <security>
  <inbound/>
  <outbound>
  <username-token name="myusername" password="xxxxx" password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name='TryMe'>
  </operation>
  </operations>
  </port-info>
  </webservice-client>
  </oracle-webservice-clients>
  And this configuration file is processed in the stub file.
  setupConfig("project2/runtime/Service1Soap_Stub.xml");
  What am I doing wrong. I cannot find any documentation on the secure web service client wizard and it's generated code.
  Thanks, MIke L.

  Mike,
  I updated the 3 xml files with the name and password and I get a different error now ...
  WARNING: Unable to connect to URL: https://dssd001.ca.boeing.com:443/bartinterface/SOAP/resSetup.cgi due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
  java.rmi.RemoteException: ; nested exception is:
       HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
  I am using the simple text based username auth, but jdev for some reason still goes and looks for the x509 cert? How did you get yours to work?
  Thanks
  Sriram

• WS-Security Username Token issue with soap receiver

  Hi All,
  I have Proxy to SOAP scenario. Receiver web service is expecting below message in the soap header for authentication purpose.
  <soapenv:Header>
        <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>username</wsse:Username>
  <wsse:Password Type="PasswordText">Password< wsse:Password>
  </wsse:UsernameToken>
        </wsse:Security>
     </soapenv:Header>
  User will trigger the message from ECC using some transaction. I need to pass this triggering person’s username and password to soap header dynamically. There are more than 2000 users in the system.
  How can I retrieve this username and password and bind it to <wsse:Security> node?
  Is it possible to achieve?
  Please note: User’s details will not come in the message payload. I cannot user look up here.
  Regards,
  Muni

  Asked web service team to use one service account for authentication. Used this blog How to Configure AXIS Framework for Authentication Using the "wsse" Security Standard in SAP PI to configure axis framework. Now we are able to send message to web service.
  Regards,
  Muni.

• Web service security policies interoperability issue with WCF

  Hi,
  I've created a web service in Jdeveloper 11g which I have deployed to a stand alone weblogic server 10.3. I also created a web service proxy in Jdeveloper 11g that works perfectly. The service is using Wssp1.2-2007-Https.xml policy.
  I have the requirement of a C# consumer, but when I run svcutil to generate the client class and config, it throws the following warning:
  A security policy was imported for the endpoint. The security policy contains requirements that cannot be represented in a Windows Communication Foundation configuration. Look for a comment about the SecurityBindingElement parameters that are required in the configuration file that was generated. Create the correct binding element with code. The binding configuration that is in the configuration file is not secure.
  What security policy is compatible with WCF?
  Thanks,
  Miguel.

  I had the same issue and solved it like this:
  Create a signed certificate, import it into your keystore and use that as Signature Key alias in both the client as the server security. Make sure the user with the same name exists in the realm on the server.
  Hope this helps,
  Lonneke

• Oracle Service Registry - UserName Token profile

  Hi,
  My web services use UserName Token profile for authentication. It also supports encryption. Is there a way to publish these information along with the wsdl?
  Steve

  Thank you for your helpful reply!
  Although the installation appears to fail, the db schema is actually created.
  Thus, when I run installation the next time, having selected an existing db schema, all appears to go well.
  NA
  http://nickaiva.blogspot.com
  Edited by: Nick Aiva on Dec 29, 2010 10:20 AM

• Consuming Web Service using WS-Security: USERNAME Token

  Hi ABAP Experts,
  we like to consume a self defined web service between to SAP systems (ECC6 701/006). Without any security settings the connection is successfully.  But we like to setup a message security like USERNAME Token.
  The wss profiles are already created by using TX: WSSPROFILE. Therefore we used the templates "SET_USERNAME" and "CHECK_USERNAME". The service user "DELAY_L<sid>" has been generated as well. The problem is in SOAMANAGER we can't find the related configuration (For Provider and Consumer) to set the parameters "PROFILE In" and "Profile Out" like it was in the obsolete TX "LPCONFIG".
  Can anybody help me to find out how to configure USERNAME Token using SOAMANAGER.
  Thank you very much in advance.
  Kind regards
  Axel

  Hi,
  The following articles would be helpful:
  .net call WS-Security enabled web service (created in java)
  http://stackoverflow.com/questions/2138129/net-call-ws-security-enabled-web-service-created-in-java
  WS-Security Protocol with .NET – A Overview
  http://www.c-sharpcorner.com/UploadFile/mahesha/WSSecurityProtocol11232005052243AM/WSSecurityProtocol.aspx
  An introduction to Web Service Security using WSE - Part I
  http://www.codeproject.com/Articles/7062/An-introduction-to-Web-Service-Security-using-WSE
  As this question is not relate to SharePoint, I suggest you post it to a suitable Forum, you will get more help and confirmed answers from there.
  Best Regards
  Dennis Guo
  TechNet Community Support

• Attach WS Security (Username Token) to web service

  Dear All,
  I would like to attach WS security from Weblogic Side. Please can you suggest for me a good tutorial.
  Thanks

  You can refer this article
  web services security in weblogic

• Log4j.jar issue under Web Service Security Module

  I am running into an issue with log4j.jar for WebLogic OES PDP. there is a custom appender class that extends org.apache.log4j.AppenderSkeleton, if we packed into one jar file under \bea\ales32-ssm\webservice-ssm\lib\log4j.jar everthing is fine. if we split this class with another jar file(sth like patch.jar) and add a entry in the config file WLESws.wrapper.conf under bea\ales32-ssm\webservice-ssm\instance\WSSM\config and it failed with this error,
  but an error is
  generated when starting the WSSM(Web Service Security Module):
  log4j:ERROR A "com.foo.AuditJMSQueueAppender" object is not assignable to a "org.apache.log4j.Appender" variable.
  log4j:ERROR The class "org.apache.log4j.Appender" was loaded by
  log4j:ERROR [com.bea.security.providers.utils.InverseURLClassLoader@5f7d3f] whereas object of type
  log4j:ERROR "com.foo.AuditJMSQueueAppender" was loaded by [sun.misc.Launcher$AppClassLoader@a18aa2].
  log4j:ERROR Could not instantiate appender named "JMS_AUDIT".
  130
  ARME is started now
  Rendering object type: AuditAtzEvent
  I have tried add java option:log4j.ignoreTCL=true. in this WLESws.wrapper.conf file, but does not work.
  How to resolve this issue, Thanks for your help!

  hi
  Can anyone help with this...

• Issue with Web Service Security

  Dear Forum Members and Readers,
  I am a beginner to Web Services, and facing an issue with WS-Security.
  My issue seemingly is quite specific to my projects though, It will be great if you can provide me your views.
  Context Description:
  I am developing a Java Web Service application that is deployed on JBoss Application Server.
  This application will communicate with two other applications those are not deployed in same JBoss Application Server.
  These 2 applications are third party applications, one is C++ based web services and other is Java based web services.
  My application gives a call to Third Party Application1 and receives the response back form it. It then passes this received response to Third Party Application 2.
  Issue Description:
  I now need to enable https paradigm among these 3 applications. (I need to implement web service security model here)
  I started with looking in to JBoss specific WS-Security but found it not suitable in my case, as it requires to configure both the client and server. I have the control over my application but not on other 2 third party applications.
  To this extent, I am unable to identify a solution that can address my issue.
  Can anybody please provide me with initial thoughts or any reference material that might help me to give this a start.
  Any clue will be highly appreciated!
  Thanks in advance
  Mukul

  mukul.object wrote:
  Actually, my SOAP messages contains some critical information that needs to be encrypted.You think that its critical information however your third party doesn't. If they would have had same thought they would have enabled the security. As I said earlier, you will have to discuss this with them.
  Another solution (however I don't know the viability in your case) could be to deploy one component before each third party service. Your web service will call this new component (Which is installed in their environment i.e. local to third party web service) and new component will forward the request to third party service. Now you can apply security/encryption/decryption between your web service and your component.
  I have had a look in to XMLEncrytion using that I can encrypt my SOAP messages but I wonder how would other tools decrypt that.My above comments answers this.
  Is there anyway I can encrypt my SOAP messages (without having to customize third party tools) in this scenario ??My above comments answers this.

• "Define Web Service" - Security Issues

  Hello all,
  I have successfully defined a Web service with the wizard in ID. So I already have my WSDL file.
  Now, I need to use this WSDL file from a Web Application that exposed to all public internet. 
  Now my question is, how is security managed for this web service? I mean, if the web service is exposed to any user of the web application in the internet, how can I assure that, the information in the WSDL file will not be used to access the XI Server with out authorization?
  Who should be in charge of the security, the web application? the web service? or xi?
  Thanks,
  Felipe

  If you are using the SOAP Adapter for receiving the information it provides the features like
  1. HTTP without Client Authentication
  2. HTTP with Client Authentication
  Even you can select Security Prameters like
  1. Web Service Security
  2. S/MIME
  If you configure all this then which other kind of security you are looking for.
  Gaurav Jain
  Reward Point if answer is helpful

• Web service security in PI

  Mine is PROXY to SOAP asynchronous.
  PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
  so that at receiver statem they can validate the user using these.
  When i am calling webservice from soapui with the header parameters
  Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>xxxxx</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
  <wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
  <wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  What configuration needs to be done in PI.

  I got this in Runtime work bench
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
  - <SOAP:Header>
  - <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
    <sap:MessageClass>ApplicationMessage</sap:MessageClass>
    <sap:ProcessingMode>asynchronous</sap:ProcessingMode>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
  - <sap:Sender>
    <sap:Party agency="" scheme="" />
    <sap:Service>test2310</sap:Service>
    </sap:Sender>
  - <sap:Receiver>
    <sap:Party agency="" scheme="" />
    <sap:Service>test_serivce</sap:Service>
    </sap:Receiver>
    <sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
    </sap:Main>
  - <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
    </sap:ReliableMessaging>
  - <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:TraceLevel>Fatal</sap:TraceLevel>
    <sap:Logging>On</sap:Logging>
    </sap:Diagnostic>
  - <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
  - <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
    <sap:Engine type="BS">test_serivce</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
    <sap:Engine type="IS">is.68.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
    <sap:Engine type="AE">af.dxi.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    </sap:Hop>
    </sap:HopList>
    </SOAP:Header>
  Edited by: Vamsi on Jul 15, 2009 7:06 PM

• SOAP Request with Web Service Security

  Hi masters of XI,
  the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
  I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  How can we send UserNameToken's elements inside SOAP web service envelope
  signing with X.509 certificate also? There are any way to do it in the
  receiver agreement or receiver SOAP adapter?
  thanks.

  Hi,
  thank you very much for your answers.
  I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
  This is my Request:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>     
        <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>
  And this is the request I need:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>
  <!-- THIS IS THE PART I NEED -->
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
          <wsse:Username>xxxxxxx</wsse:Username>
          <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
        </wsse:UsernameToken>
  <!--  -->
  <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>

• Oracle Service Bus 11gR1 - missing Web Services Security Configuration?

  I am trying to configure a web service which uses username token policy.
  The below option is missing in Proxy Service --> Security
  Web Services Security Configuration
  Process WS-Security Header     Yes     NoIs there anything that needs to be enabled for the above to show up in Proxy Service-->Security.

  This option was enabled by removing the username token policy from the wsdl file.
  Thanks for looking.