wsse:SecurityTokenReference vs. SecurityTokenReference xmlns="..."

Similar Messages

• Saml - signinfo - securitytokenreference should have  what ?

  <wsse:SecurityTokenReference wsu:Id=?q01obcQc22Occlbrou7GRA22? xmlns:wsu=?http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd?> <*wsse:KeyIdentifier* ValueType=?mQXwNktATaW29IAV7bfulw22http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID?>mQXwNktATaW29IAV7bfulw22</wsse:KeyIdentifier></wsse:SecurityTokenReference>
  or
  <wsse:SecurityTokenReference wsu:Id=?STRSAMLId-24964246? xmlns:wsu=?http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd?> <*wsse:Reference URI*=?#f73942eda6dc8241481afb037074883e? ValueType=?http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertion-1.1?/></wsse:SecurityTokenReference>.
  should SecurityTokenReference have <wsse:KeyIdentifier> or <wsse:Reference URI> for saml token ?
  which one is correct for saml token ?

  The web server which is hosting that website is sending that message. <br />http://en.wikipedia.org/wiki/POST_%28HTTP%29 <br />
  "It is often used when uploading a file or '''submitting a completed web form.''' "
  Basically the web server is warning you about ''(and preventing you from)'' resending information which you have already sent by re-directing your request using the Back button.
  Don't use the Back button. Reload the previous page from the "Back" button's history.

• WSDL Wizard w/ SOAP, RequestContext, ComplexType and WSSE

  Is it possible to run the wizard against a WSDL that uses a Request Context, SOAP, WSSE security and required input as a complexType?
  I've tried it and while it generated all the service and value objects, any time I try invoking the service, I get the following error:
  Array of input arguments did not contain a required parameter at position 1
  I don't even think the document is being sent to the server.
  I've read that in FB3, the wizard didn't handle SOAP services right and would ignore headers - I'm just trying to establish if it works at all and if I should continue trying to sort this out.
  The request document should look something like this:
  <soapenv:Envelope
      xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
     <soapenv:Header>
        <wsse:Security
            xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:xsd="http://www.w3.org/2001/XMLSchema"
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
           <wsse:UsernameToken>
              <wsse:Username>12345</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">12345</wsse:Password>
           </wsse:UsernameToken>
        </wsse:Security>
        <rc:RequestContext
            xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:xsd="http://www.w3.org/2001/XMLSchema"
            xmlns:rc="http://www.mydomain.com/crme/request-context.xsd">
           <rc:Property rc:key="username">12345</rc:Property>
           <rc:Property rc:key="sourceapp">12345</rc:Property>
        </rc:RequestContext>
     </soapenv:Header>
     <soapenv:Body>
        <s0:getAssociatePortfolioByNBID
            xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
            xmlns:s0="http://www.mydomain.com/wsdl/gpbs/associatePortfolio/AssociatePortfolioService/v001"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:xsd="http://www.w3.org/2001/XMLSchema">
           <s0:nbid>NBD2ZXN</s0:nbid>
           <s0:attributeGroup>PARTYID</s0:attributeGroup>
        </s0:getAssociatePortfolioByNBID>
     </soapenv:Body>
  </soapenv:Envelope>
  Thanks!

  I was running into similar issues attempting to send a complex-typed request to a SOAP service.  Right up to the same error message, actually.  After a lot of googling and a little experimentation, I came up with an adjustment to the generated code that makes it work.
  (OBVersionDisclosure:  Flash Builder 4, Flex 4 SDK.)
  The generator produced an ActionScript class called [servicename], along with one named _Super_[servicename].  This service class gives you asynchronous RPC-style access to your SOAP methods.  For what we're doing, though, ignore the [servicename] class -- all the action is in the _Super_[servicename] class.
  Anyway, for each of these SOAP methods there is a same-named method on the Super class.  So if your SOAP method is named [mycall] and takes a data structure named [mycallstruct], it made an AS method that looks like this:
      public function [mycall]([mycallparam]:valueObjects.[mycallstruct]) : AsyncToken
          model_internal::loadWSDLIfNecessary();
          var _internal_operation:AbstractOperation = _serviceControl.getOperation("[mycall]");
          var _internal_token:AsyncToken = _internal_operation.send([mycallparam]) ;
          return _internal_token;
  Which should be fine, except that it's throwing that "did not contain a required parameter" fault.
  Long story short:  It looks like the send(args) form of the remote operation call is a little broken.  Because all I had to do to make this method work as advertised is this:
      public function [mycall]([mycallparam]:valueObjects.[mycallstruct]) : AsyncToken
          model_internal::loadWSDLIfNecessary();
          var _internal_operation:AbstractOperation = _serviceControl.getOperation("[mycall]");
          _internal_operation.arguments = [mycallparam];
          var _internal_token:AsyncToken = _internal_operation.send() ;
          return _internal_token;
  which is the call form I found in posted code for previous versions of Flex.
  Well, that's the extent of my knowledge on the subject.  Hope it's helpful.

• Invalid security error when invoking secure webservice using SAML tokens

  I have deployed a JAX-WS webservice using a stateless session bean to wl 10.3.2 that uses a custom policy. The service deploys fine, but weblogic returns an HTTP error 500 with a SOAP fault. The fault states wsse:InvalidSecurity. The webservice security policy reqires SAML holder of key assertions and attributes. I have tried everything from running weblogic with Metro 1.5 to configuring SAML Identity Asserter Providers, etc with no luck. I even tried using the built in SAML 2.0 assymetric holder of key policy. What am I doing wrong? The XML of interest is attached.
  Thanks;
  -Dave.
  *[Sample message from client]*
  <?xml version="1.0" encoding="UTF-8"?>
  <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
       <S:Header>
            <To xmlns="http://www.w3.org/2005/08/addressing">https://localhost:7002/NHINAdapterDocQuerySecured/AdapterDocQuerySecured</To>
            <Action xmlns="http://www.w3.org/2005/08/addressing">urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage</Action>
            <ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
                 <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
            </ReplyTo>
            <MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:fec656f8-a2be-4129-8412-34d9453e7cb2</MessageID>
            <wsse:Security S:mustUnderstand="1">
                 <wsu:Timestamp xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
                      <wsu:Created>2010-02-24T21:38:56Z</wsu:Created>
                      <wsu:Expires>2010-02-24T21:43:56Z</wsu:Expires>
                 </wsu:Timestamp>
                 <saml2:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="96cdfb70-91a3-4baf-9da1-3ff07d249926" IssueInstant="2010-02-24T21:38:56.671Z" Version="2.0">
                      <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
                      <saml2:Subject>
                           <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">UID=kskagerb*DoD</saml2:NameID>
                           <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
                                <saml2:SubjectConfirmationData>
                                     <ds:KeyInfo>
                                          <ds:KeyValue>
                                               <ds:RSAKeyValue>
                                                    <ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZiqM1BAFp9F73hMHsNrc=</ds:Modulus>
                                                    <ds:Exponent>AQAB</ds:Exponent>
                                               </ds:RSAKeyValue>
                                          </ds:KeyValue>
                                     </ds:KeyInfo>
                                </saml2:SubjectConfirmationData>
                           </saml2:SubjectConfirmation>
                      </saml2:Subject>
                      <saml2:AuthnStatement AuthnInstant="2009-04-16T13:15:39.000Z" SessionIndex="987">
                           <saml2:SubjectLocality Address="158.147.185.168" DNSName="cs.myharris.net"/>
                           <saml2:AuthnContext>
                                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
                           </saml2:AuthnContext>
                      </saml2:AuthnStatement>
                      <saml2:AttributeStatement>
                           <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
                                <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Karl S Skagerberg</saml2:AttributeValue>
                           </saml2:Attribute>
                           <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
                                <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">InternalTest2</saml2:AttributeValue>
                           </saml2:Attribute>
                           <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
                                <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
                           </saml2:Attribute>
                           <saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId">
                                <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
                           </saml2:Attribute>
                           <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
                                <saml2:AttributeValue>
                                     <hl7:Role xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="307969004" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED_CT" displayName="Public Health" xsi:type="hl7:CE"/>
                                </saml2:AttributeValue>
                           </saml2:Attribute>
                           <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
                                <saml2:AttributeValue>
                                     <hl7:PurposeForUse xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="TREATMENT" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Use or disclosure of Psychotherapy Notes" xsi:type="hl7:CE"/>
                                </saml2:AttributeValue>
                           </saml2:Attribute>
                           <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
                                <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">500000000^^^&amp;1.1&amp;ISO</saml2:AttributeValue>
                           </saml2:Attribute>
                      </saml2:AttributeStatement>
                      <saml2:AuthzDecisionStatement Decision="Permit" Resource="https://158.147.185.168:8181/SamlReceiveService/SamlProcessWS">
                           <saml2:Action Namespace="urn:nhin:names:hl7:rbac:4.00:operation">EXECUTE</saml2:Action>
                           <saml2:Evidence>
                                <saml2:Assertion ID="40df7c0a-ff3e-4b26-baeb-f2910f6d05a9" IssueInstant="2009-04-16T13:10:39.093Z" Version="2.0">
                                     <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=Harris,O=HITS,L=Melbourne,ST=FL,C=US</saml2:Issuer>
                                     <saml2:Conditions NotBefore="2009-04-16T13:10:39.093Z" NotOnOrAfter="2010-12-31T12:00:00.000Z"/>
                                     <saml2:AttributeStatement>
                                          <saml2:Attribute Name="AccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
                                               <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Ref-1234</saml2:AttributeValue>
                                          </saml2:Attribute>
                                          <saml2:Attribute Name="InstanceAccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
                                               <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Instance-1</saml2:AttributeValue>
                                          </saml2:Attribute>
                                     </saml2:AttributeStatement>
                                </saml2:Assertion>
                           </saml2:Evidence>
                      </saml2:AuthzDecisionStatement>
                      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                           <ds:SignedInfo>
                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                                <ds:Reference URI="#96cdfb70-91a3-4baf-9da1-3ff07d249926">
                                     <ds:Transforms>
                                          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                     </ds:Transforms>
                                     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                     <ds:DigestValue>VnukKqb4Bt1KWDKfy8SDfk1Hp2s=</ds:DigestValue>
                                </ds:Reference>
                           </ds:SignedInfo>
                           <ds:SignatureValue>DUwjh/H3XSfUG250rTlLdihstDXY1+qkY9GaY81Iu7Ag4MgoGvGBrGjZOJ7YnssPdrqUGiURxf6k
  IBH7vaeXk24XvXP3F85WP9nBm+2M4BvGTplgOmAo0yuwze+90FvwILzFNmmX/tvy3QKTDHlh1rEx
  /Jqfm6q/56WW1suAbRY=</ds:SignatureValue>
                           <ds:KeyInfo>
                                <ds:KeyValue>
                                     <ds:RSAKeyValue>
                                          <ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l
  0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZ
  iqM1BAFp9F73hMHsNrc=</ds:Modulus>
                                          <ds:Exponent>AQAB</ds:Exponent>
                                     </ds:RSAKeyValue>
                                </ds:KeyValue>
                           </ds:KeyInfo>
                      </ds:Signature>
                 </saml2:Assertion>
                 <ds:Signature xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" Id="_2">
                      <ds:SignedInfo>
                           <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <exc14n:InclusiveNamespaces PrefixList="wsse S"/>
                           </ds:CanonicalizationMethod>
                           <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                           <ds:Reference URI="#_1">
                                <ds:Transforms>
                                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                          <exc14n:InclusiveNamespaces PrefixList="wsu wsse S"/>
                                     </ds:Transform>
                                </ds:Transforms>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                <ds:DigestValue>oo99UrPhAcwla4Qbkdd9jAPn0cE=</ds:DigestValue>
                           </ds:Reference>
                      </ds:SignedInfo>
                      <ds:SignatureValue>ds4vqts8uCdJcNGo0uTPzId5UBX+GVrdztQPv823c1Zy9ZZGSfQC/GsBPM/EMbFInDPFsyT4e1QYZMCzmqLYnifWHlDQJb7oMJBokafavAqZda1B55Zzh3TSm6BqKWtB/DX17d6rLx/HPiLNZ9qsBfuGn3aTlUCpNsYA8ObBtp8=</ds:SignatureValue>
                      <ds:KeyInfo>
                           <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
                                <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">96cdfb70-91a3-4baf-9da1-3ff07d249926</wsse:KeyIdentifier>
                           </wsse:SecurityTokenReference>
                      </ds:KeyInfo>
                 </ds:Signature>
            </wsse:Security>
       </S:Header>
       <S:Body>
            <ns3:AdhocQueryRequest xmlns:ns2="urn:gov:hhs:fha:nhinc:gateway:samltokendata" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" xmlns:ns4="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns5="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0" maxResults="-1" startIndex="0" federated="false">
                 <ns3:ResponseOption returnComposedObjects="true" returnType="LeafClass"/>
                 <ns4:AdhocQuery home="urn:oid:2.16.840.1.113883.4.349" id="urn:uuid:14d4debf-8f97-4251-9a74-a90016b0af0d">
                      <ns4:Slot name="$XDSDocumentEntryStatus">
                           <ns4:ValueList>
                                <ns4:Value>('urn:oasis:names:tc:ebxml-regrep:StatusType:Approved')</ns4:Value>
                           </ns4:ValueList>
                      </ns4:Slot>
                      <ns4:Slot name="$XDSDocumentEntryPatientId">
                           <ns4:ValueList>
                                <ns4:Value>'1012581676V377802^^^&amp;2.16.840.1.113883.4.349&amp;ISO'</ns4:Value>
                           </ns4:ValueList>
                      </ns4:Slot>
                 </ns4:AdhocQuery>
            </ns3:AdhocQueryRequest>
       </S:Body>
  </S:Envelope>
  *[Response from server:]*
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
       <env:Body>
            <env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                 <faultcode>wsse:InvalidSecurity</faultcode>
                 <faultstring>weblogic.xml.crypto.api.MarshalException: weblogic.xml.dom.marshal.MarshalException: Failed to unmarshal {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}SecurityTokenReference, no SecurityTokenReference factory found for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier ValueType: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID</faultstring>
            </env:Fault>
       </env:Body>
  </env:Envelope>
  *[webservice WSDL]*
  <?xml version="1.0" encoding="UTF-8"?>
  <!--
  Adapter Document Query WSDL
  -->
  <definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
  xmlns="http://schemas.xmlsoap.org/wsdl/"
  xmlns:tns="urn:gov:hhs:fha:nhinc:adapterdocquerysecured"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:query="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
  xmlns:plnk="http://docs.oasis-open.org/wsbpel/2.0/plnktype"
  xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
  xmlns:wsaws="http://www.w3.org/2005/08/addressing"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
  xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
  xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
  xmlns:vprop="http://docs.oasis-open.org/wsbpel/2.0/varprop"
  xmlns:sxnmp="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/NMProperty"
  name="AdapterDocQuerySecured"
  targetNamespace="urn:gov:hhs:fha:nhinc:adapterdocquerysecured">
  <documentation>Adapter Document Query</documentation>
  <types>
  <xsd:schema>
  <xsd:import namespace="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
  schemaLocation="../schemas/ebRS/query.xsd"/>
  <xsd:import namespace="urn:gov:hhs:fha:nhinc:gateway:samltokendata"
  schemaLocation="../schemas/nhinc/gateway/SamlTokenData.xsd"/>
  </xsd:schema>
  </types>
  <message name="RespondingGateway_CrossGatewayQueryRequestMessage">
  <part name="body"
  element="query:AdhocQueryRequest"/>
  </message>
  <message name="RespondingGateway_CrossGatewayQueryResponseMessage">
  <part name="body"
  element="query:AdhocQueryResponse"/>
  </message>
  <portType name="AdapterDocQuerySecuredPortType">
  <operation name="RespondingGateway_CrossGatewayQuery">
  <input name="RespondingGateway_CrossGatewayQueryRequest"
  message="tns:RespondingGateway_CrossGatewayQueryRequestMessage"
  wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage"/>
  <output name="RespondingGateway_CrossGatewayQueryResponse"
  message="tns:RespondingGateway_CrossGatewayQueryResponseMessage"
  wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryResponseMessage"/>
  </operation>
  </portType>
  <binding name="AdapterDocQuerySecuredBindingSoap11" type="tns:AdapterDocQuerySecuredPortType">
  <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
  <wsp:PolicyReference URI="#RespondingGateway_Query_Binding_SoapPolicy"/>
  <operation name="RespondingGateway_CrossGatewayQuery">
  <soap:operation soapAction="urn:RespondingGateway_CrossGatewayQuery"/>
  <input name="RespondingGateway_CrossGatewayQueryRequest">
  <soap:body use="literal"/>
  <wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Input_Policy"/>
  </input>
  <output name="RespondingGateway_CrossGatewayQueryResponse">
  <soap:body use="literal"/>
  <wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Output_Policy"/>
  </output>
  </operation>
  </binding>
  <service name="AdapterDocQuerySecured">
  <port name="AdapterDocQuerySecuredPortSoap11"
  binding="tns:AdapterDocQuerySecuredBindingSoap11">
  <soap:address
  location="https://localhost:7002/NHINAdapterDocQuerySecured" />
  </port>
  </service>
  <!-- Define action property on each receiving message -->
  <vprop:property name="action" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:action"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>action</vprop:query>
  </vprop:propertyAlias>
  <!-- Define resource property on each receiving message -->
  <vprop:property name="resource" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:resource"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>resource</vprop:query>
  </vprop:propertyAlias>
  <!-- Define purposeForUseRoleCode property on each receiving message -->
  <vprop:property name="purposeForUseRoleCode" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:purposeForUseRoleCode"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>purposeForUseRoleCode</vprop:query>
  </vprop:propertyAlias>
  <!-- Define purposeForUseCodeSystem property on each receiving message -->
  <vprop:property name="purposeForUseCodeSystem" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:purposeForUseCodeSystem"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>purposeForUseCodeSystem</vprop:query>
  </vprop:propertyAlias>
  <!-- Define purposeForUseCodeSystemName property on each receiving message -->
  <vprop:property name="purposeForUseCodeSystemName" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:purposeForUseCodeSystemName"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>purposeForUseCodeSystemName</vprop:query>
  </vprop:propertyAlias>
  <!-- Define purposeForUseDisplayName property on each receiving message -->
  <vprop:property name="purposeForUseDisplayName" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:purposeForUseDisplayName"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>purposeForUseDisplayName</vprop:query>
  </vprop:propertyAlias>
  <!-- Define userFirstName property on each receiving message -->
  <vprop:property name="userFirstName" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:userFirstName"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>userFirstName</vprop:query>
  </vprop:propertyAlias>
  <!-- Define userMiddleName property on each receiving message -->
  <vprop:property name="userMiddleName" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:userMiddleName"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>userMiddleName</vprop:query>
  </vprop:propertyAlias>
  <!-- Define userLastName property on each receiving message -->
  <vprop:property name="userLastName" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:userLastName"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>userLastName</vprop:query>
  </vprop:propertyAlias>
  <!-- Define userName property on each receiving message -->
  <vprop:property name="userName" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:userName"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>userName</vprop:query>
  </vprop:propertyAlias>
  <!-- Define userOrganization property on each receiving message -->
  <vprop:property name="userOrganization" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:userOrganization"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>userOrganization</vprop:query>
  </vprop:propertyAlias>
  <!-- Define userRoleCode property on each receiving message -->
  <vprop:property name="userRoleCode" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:userRoleCode"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>userRoleCode</vprop:query>
  </vprop:propertyAlias>
  <!-- Define userRoleCodeSystem property on each receiving message -->
  <vprop:property name="userRoleCodeSystem" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:userRoleCodeSystem"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>userRoleCodeSystem</vprop:query>
  </vprop:propertyAlias>
  <!-- Define userRoleCodeSystemName property on each receiving message -->
  <vprop:property name="userRoleCodeSystemName" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:userRoleCodeSystemName"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>userRoleCodeSystemName</vprop:query>
  </vprop:propertyAlias>
  <!-- Define userRoleCodeDisplayName property on each receiving message -->
  <vprop:property name="userRoleCodeDisplayName" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:userRoleCodeDisplayName"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>userRoleCodeDisplayName</vprop:query>
  </vprop:propertyAlias>
  <!-- Define expirationDate property on each receiving message -->
  <vprop:property name="expirationDate" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:expirationDate"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>expirationDate</vprop:query>
  </vprop:propertyAlias>
  <!-- Define signDate property on each receiving message -->
  <vprop:property name="signDate" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:signDate"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>signDate</vprop:query>
  </vprop:propertyAlias>
  <!-- Define contentReference property on each receiving message -->
  <vprop:property name="contentReference" type="xsd:string"/>
  <vprop:propertyAlias propertyName="tns:contentReference"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>contentReference</vprop:query>
  </vprop:propertyAlias>
  <!-- Define content property on each receiving message -->
  <vprop:property name="content" type="xsd:base64Binary"/>
  <vprop:propertyAlias propertyName="tns:content"
  messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
  sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
  <vprop:query>content</vprop:query>
  </vprop:propertyAlias>
  <wsp:Policy wsu:Id="RespondingGateway_Query_Binding_SoapPolicy">
  <wsp:ExactlyOne>
  <wsp:All>
  <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
  <sc:KeyStore wspp:visibility="private"
  aliasSelector="gov.hhs.fha.nhinc.callback.KeyStoreServerAliasSelector"
  callbackHandler="gov.hhs.fha.nhinc.callback.KeyStoreCallbackHandler"/>
  <sc:TrustStore wspp:visibility="private"
  callbackHandler="gov.hhs.fha.nhinc.callback.TrustStoreCallbackHandler"/>
  <sp:TransportBinding>
  <wsp:Policy>
  <sp:TransportToken>
  <wsp:Policy>
  <sp:HttpsToken>
  <wsp:Policy>
  <sp:RequireClientCertificate/>
  </wsp:Policy>
  </sp:HttpsToken>
  </wsp:Policy>
  </sp:TransportToken>
  <sp:Layout>
  <wsp:Policy>
  <sp:Strict/>
  </wsp:Policy>
  </sp:Layout>
  <sp:IncludeTimestamp/>
  <sp:AlgorithmSuite>
  <wsp:Policy>
  <sp:Basic128/>
  </wsp:Policy>
  </sp:AlgorithmSuite>
  </wsp:Policy>
  </sp:TransportBinding>
  <sp:EndorsingSupportingTokens>
  <wsp:Policy>
  <sp:SamlToken
  sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
  <wsp:Policy>
  <sp:WssSamlV20Token11/>
  </wsp:Policy>
  </sp:SamlToken>
  </wsp:Policy>
  </sp:EndorsingSupportingTokens>
  <sp:Wss11>
  <wsp:Policy>
  <sp:MustSupportRefKeyIdentifier/>
  <sp:MustSupportRefIssuerSerial/>
  <sp:RequireSignatureConfirmation/>
  </wsp:Policy>
  </sp:Wss11>
  </wsp:All>
  </wsp:ExactlyOne>
  </wsp:Policy>
  <wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Input_Policy">
  <wsp:ExactlyOne>
  <wsp:All>
  </wsp:All>
  </wsp:ExactlyOne>
  </wsp:Policy>
  <wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Output_Policy">
  <wsp:ExactlyOne>
  <wsp:All>
  </wsp:All>
  </wsp:ExactlyOne>
  </wsp:Policy>
  <plnk:partnerLinkType name="AdapterDocQuerySecured">
  <!-- A partner link type is automatically generated when a new port type is added.
  Partner link types are used by BPEL processes. In a BPEL process, a partner
  link represents the interaction between the BPEL process and a partner service.
  Each partner link is associated with a partner link type. A partner link type
  characterizes the conversational relationship between two services. The
  partner link type can have one or two roles.-->
  <plnk:role name="AdapterDocQuerySecuredPortTypeRole"
  portType="tns:AdapterDocQuerySecuredPortType"/>
  </plnk:partnerLinkType>
  </definitions>
  Edited by: dvazquez1027 on Feb 25, 2010 5:10 PM
  Edited by: dvazquez1027 on Feb 25, 2010 5:22 PM

  Hi
  yes, I had the same issue and I found a solution.
  You need to request a patch for BUG 9212862 (already corrected in WLS 10.3.3) and do the follwing:
  javax.xml.ws.BindingProvider provider = (javax.xml.ws.BindingProvider)port;
  java.util.Map context = provider.getRequestContext();
  context.put(weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_PREFERENCE, weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_MSFT);      
  This will cause the SecurityMessageArchitect class of WLS to not send the SecurityTokenReference in the Soap security header.
  Please note that is evidently a non-comformity to the specs of microsoft:
  Please give a look at
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf (8.3 Signing Tokens)
  and also at:
  http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf
  (3.4 Identifying and Referencing Security Tokens)
  A SAML key identifier reference MUST be used for all (local and remote) references to SAML 1.1
  assertions. [...]
  All conformant implementations MUST be able to process SAML assertion references occurring in a
  <wsse:Security> header or in a header element other than a signature to acquire the corresponding
  assertion. A conformant implementation MUST be able to process any such reference independent of the
  confirmation method of the referenced assertion.
  It follows that the .NET 3.5 is a non conformat implementation: I would gladly know which is the position of Microsoft on that.
  ciao
  carlo

• Soap receiver adapter payload with certficate signature

  I have a requirement.. where XI calls external webservice using SOAP.
  I have configured SOAP receiver adapter, but the webservice wants the certificate authentication.. From XI we sent the certficate to external webservice and then in the comm channel I did activate the 'certficate' check box. It did not work.
  For test purpose now they have deactivated the certficate authentication in their end.. it works if they deactivate. It means there is no issue with request structure.. purely the issue is when I use the certficate.
  External webservice sent me the copy of the soap request which works for them.. <b>that has security signature inside the payload.</b>  ( I have atteched below).
  If anybody has done it have an idea how to do it please let me know.
  - <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  - <soapenv:Header>
  - <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-62149565">MIIGOzCCBaSgAwIBAgIQIKVRaj76KNaG5Dl6P5X7wzANBgkqhkiG9w0BAQUFADCBnjEPMA0GA1UEChMGaHAuY29tMRowGAYDVQQLExFJVCBJbmZyYXN0cnVjdHVyZTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21wYW55MUAwPgYDVQQDEzdIZXdsZXR0LVBhY2thcmQgUHJpbWFyeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MDMyMzAwMDAwMFoXDTA4MDMyMjIzNTk1OVowUDEgMB4GA1UEChQXSGV3bGV0dC1QYWNrYXJkIENvbXBhbnkxEDAOBgNVBAsUB1NlcnZlcnMxGjAYBgNVBAMTEWl0Zy5lcHJpbWUuaHAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGa1x5j/RJHHkqYzEb9NIQGChffTb1D0LiYAP5arbxz0trCp8ZeG4FCH71jc6x9Ks3gC4YdWgQbOCz64wnpM8NvEVCZBHuxvdnPZpziPWQqDr0yvwSoCXg8mkeJrHql0MSm7TNiyhzCAzlmB9JgmoHrRtArJdXMRpHjdZQK3QIDAQABo4IDxTCCA8EwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0jBBgwFoAUSlYfvIpRj/SDE8naXHlUyAK6q58wHQYDVR0OBBYEFE99o7D6AITUcqWVmeYzu/2k66VEMIIBKAYDVR0fBIIBHzCCARswggEXoIIBE6CCAQGUWh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL0hld2xldHRQYWNrYXJkQ29tcGFueUlUSW5mcmFzdHJ1Y3R1cmUvTGF0ZXN0Q1JMLmNybIaBuWxkYXA6Ly9sZGFwLmhwLmNvbS9DTj1IZXdsZXR0LVBhY2thcmQlMjBQcmltYXJ5JTIwQ2xhc3MlMjAyJTIwQ2VydGlmaWNhdGlvbiUyMEF1dGhvcml0eSxPPUhld2xldHQtUGFja2FyZCUyMENvbXBhbnksQz1VUyxPVT1JVCUyMEluZnJhc3RydWN0dXJlLE89aHAuY29tP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q7YmluYXJ5MCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwQwggEWBgNVHSAEggENMIAwgAYKKwYBBAELBAMCATCAMCkGCCsGAQUFBwIBFh1odHRwOi8vZGlnaXRhbGJhZGdlLmhwLmNvbS9jcDCABggrBgEFBQcCAjCAMB4WF0hld2xldHQtUGFja2FyZCBDb21wYW55MAMCAQIagZVBdXRob3JpdHkgdG8gYmluZCBIZXdsZXR0LVBhY2thcmQgQ29tcGFueSBkb2VzIG5vdCBjb3JyZXNwb25kIHdpdGggdXNlIG9yIHBvc3Nlc3Npb24gb2YgdGhpcyBjZXJ0aWZpY2F0ZS4gSXNzdWVkIHRvIGZhY2lsaXRhdGUgY29tbXVuaWNhdGlvbiB3aXRoIEhQLgAAAAAAAAAAAAAwge4GCCsGAQUFBwEBBIHhMIHeMCsGCCsGAQUFBzABhh9odHRwOi8vb25zaXRlLW9jc3AudmVyaXNpZ24uY29tMIGuBggrBgEFBQcwAqSBoTCBnjEPMA0GA1UEChMGaHAuY29tMRowGAYDVQQLExFJVCBJbmZyYXN0cnVjdHVyZTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21wYW55MUAwPgYDVQQDEzdIZXdsZXR0LVBhY2thcmQgUHJpbWFyeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4GBAMB3vOFZYe26MaZ8mpnoZwhWbLBFV/lxtefZT1uT7mKZiaHjVqwu3tN1eAYAUXtJQHVJTnCnbDm9zFunlvuEzGMt9PwXS61MK6GwPmtjEsevRnGIA7arvpjSJ1/EQlD620I7icM9BNXbElYFfsnZjlWKFTZz3VX1OT2qmJtVWpD</wsse:BinarySecurityToken>
  - <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  - <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
  - <ds:Reference URI="#id-24819136">
  - <ds:Transforms>
    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    <ds:DigestValue>6Mzpm7P8k3f8UuxbBMP4ZTC83Yc=</ds:DigestValue>
    </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>HcqMChOzlHFXTRRAf7kyTSQ5Jd53Yiu7oFLjkh5P3vayo2G4sjFv/qFKHX0E6a5xkBMTIRrW+30t7IdB4X0x35FPO1dTulz37KM1/jpLSGVxnjnWWeFZvseVjJsk5NTPiSE6GAjO7rFW/Vled2djATTmZsIgJCIfhLYVp112Uis=</ds:SignatureValue>
  - <ds:KeyInfo Id="KeyId-21369792">
  - <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-29015968">
    <wsse:Reference URI="#CertId-62149565" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
    </wsse:SecurityTokenReference>
    </ds:KeyInfo>
    </ds:Signature>
    </wsse:Security>

  go through this webinar and follow the steps...It will solve your problem..
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1b657d59-0c01-0010-4fa8-f792fa412823
  Regards,
  Ravi

• Problem verifying xml signature

  We have a problem with verifying XML Signatures which are part of a SOAP message. Thanks a lot for helping! Hope my problem is understandable - otherwise ask.
  We use the following enviroment:
  Java6
  Axis 2 V1.2 with XML Beans
  Step 1:
  The Java 6 XML Signature is an enveloped signature over an element called payload with exclusive XML canonicalization. We sign the payload and send the payload including signature to the server. At first I discovered the following namespace problem.
  DigesterOutputstream Create Signature:
  FEINER: <Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp><Created>UNDO</Created></Timestamp></Payload>
  DigesterOutput Verify Signature:
  FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
  31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
  FEIN: Expected digest: 71PfJ/xxn38TtQrpZOpRdqTZsBw=
  31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
  FEIN: Actual digest: B1Qdei/0yW1mqR2T50LXKFfxhl0=
  Soap request with payload:
  <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>71PfJ/xxn38TtQrpZOpRdqTZsBw=</DigestValue></Reference></SignedInfo><SignatureValue>FuhOdrz9kHR0MeAUq9Rxkg6w++7foR77s9AYQUQxb8qPJ44Ba6By8R/H+CCn5JP5cPFz8/mGOgOD NGKLgZp66xbVSWe1UeehmZLH1a2kvHsx/VvYo3Lr5foHsl6YikUBMXCBdhI4ukKJTuwBOK/7m3lu 7Zl07SFo0zWL73gUTxc=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>     
  The problem is the namespaces under the elements payload and timestamp. For verification the namespaces are inherited from parent element. I wonder why this happens - I thought this should not happen when using exclusive canonicalization, or?
  Step 2:
  Then I added the namespaces before creating the signature , e.g.
  payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
  for all attributes that are not part of the create signature log. Then the xml signature was verify successfully when I tested this against my own server. See log files:
  DigesterOutputstream for create signature:
  31.10.2007 11:16:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
  FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
  DigesterOutputstream verify signature:
  31.10.2007 11:19:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
  FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
  The whole soap request:
  <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-3596382">MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIGA1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGluZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBLbmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayvHO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2qxJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vaiZst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6fMqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupivlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-8331318"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#id-28000914"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>Q2LregRFO//cXlkcThu9Bx0jal4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-10464309"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>BX651XEWk4u4pGgshQhocYxPkSo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-7651652"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>ezisLn/pGWNqMHbT6UlHyM4Ez64=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Xl4SSEwrtyUnsqf8xOmfzojLLU18tOrikOhK+HRyqHqv0lPF+AqANLU6yygNdhbfI5qyef9BLr6I CmSPIX4QQR+Hq45l/Ewa+M2K1OOjqvBUGYyQqrKCqUFtsISr9xPudB8ZmaVfaUu5chjIvy/sPYYx TuYv2Ma6uEwek1YZpbE= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-1823783"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-17125267"><wsse:Reference URI="#CertId-3596382" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-7651652"><wsu:Created>2007-10-31T10:16:00.474Z</wsu:Created><wsu:Expires>2007-10-31T10:21:00.474Z</wsu:Expires></wsu:Timestamp></wsse:Security><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-10464309"><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-28000914"><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>XHIiHK4NYczByvAJSZH8u3hSvuQ=</DigestValue></Reference></SignedInfo><SignatureValue>JQnTQJ1TidrMuWmSmpHE3ZR5M728A3tlvKjrM3GxFPuy5YOmmybxR0T7xe72WSdWsqvFT9QGE+iP GL5POuc3s8lLc1QGZRKhZvjHAKFldDNyxAMWRL7ZXmhpjsRXT3HethKWew3669SKjJFkZ1IYEnZz QrJOmgt1MMjWx99CgaQ=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>
  As you can see in the soap request on top of the xml signature there is a Webservice Security signature (WSSE) over three elements. This should be no problem altough WSSE adds the wsu:id attribute to the body element. WSSE was omitted in step 1 for simplicity.
  I wonder that the attributes which have been set to the payloadElement are not part of the actual message. But it works!
  Step 3:
  The same request was sent to an external webservice server and the server reports a xml signature verification problem. I don't have any logs or further information. But I have to get this to work against this server.
  Java Files for Create + Verify Signature. For Create I get a DOM Node from a XML Bean. For step 1 the attribute setting should be in comments. I use VerifySignature for step 1 + 2.
  SignPayload.java:
  package de.tk.signature;
  import java.io.ByteArrayOutputStream;
  import java.io.FileInputStream;
  import java.io.FileOutputStream;
  import java.io.OutputStream;
  import java.security.KeyStore;
  import java.security.cert.X509Certificate;
  import java.util.ArrayList;
  import java.util.Collections;
  import java.util.List;
  import javax.xml.crypto.dsig.CanonicalizationMethod;
  import javax.xml.crypto.dsig.DigestMethod;
  import javax.xml.crypto.dsig.Reference;
  import javax.xml.crypto.dsig.SignatureMethod;
  import javax.xml.crypto.dsig.SignedInfo;
  import javax.xml.crypto.dsig.Transform;
  import javax.xml.crypto.dsig.XMLSignature;
  import javax.xml.crypto.dsig.XMLSignatureFactory;
  import javax.xml.crypto.dsig.dom.DOMSignContext;
  import javax.xml.crypto.dsig.keyinfo.KeyInfo;
  import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
  import javax.xml.crypto.dsig.keyinfo.X509Data;
  import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
  import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
  import javax.xml.crypto.dsig.spec.TransformParameterSpec;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.transform.OutputKeys;
  import javax.xml.transform.Transformer;
  import javax.xml.transform.TransformerFactory;
  import javax.xml.transform.dom.DOMSource;
  import javax.xml.transform.stream.StreamResult;
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  import org.w3c.dom.NamedNodeMap;
  import org.w3c.dom.Node;
  import org.apache.xmlbeans.XmlObject;
  import de.tk.schemaTools.TkSchemaHandler;
  import de.tk.util.ClientProperties;
  public class SignPayload {
       public static void signDocument(XmlObject telematikExecuteXmlObject, String payloadId) {
            try {
                 // get Document
                 org.w3c.dom.Node node = telematikExecuteXmlObject.getDomNode();
                 Document documentTo = node.getOwnerDocument();
                 XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
                 Reference ref = fac.newReference("#"+payloadId, fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac
                           .newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
                 // Create the SignedInfo.
                 SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                           Collections.singletonList(ref));
                 KeyStore keyStore = KeyStore.getInstance("JKS");
                 String keyStoreFilename = ClientProperties.getKeystorefile();
                 FileInputStream keyStoreFile = new FileInputStream(keyStoreFilename);
                 keyStore.load(keyStoreFile, "storePwd".toCharArray());
                 keyStoreFile.close();
                 KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("harris", new KeyStore.PasswordProtection("keyPwd".toCharArray()));
                 X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
                 // Create the KeyInfo containing the X509Data.
                 KeyInfoFactory kif = fac.getKeyInfoFactory();
                 List x509Content = new ArrayList();
                 x509Content.add(cert.getSubjectX500Principal().getName());
                 x509Content.add(cert);
                 X509Data xd = kif.newX509Data(x509Content);
                 KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
                 Node payloadNode = new TkSchemaHandler().getNode(documentTo, "Payload");
                 String prefix = payloadNode.getPrefix();
                 NamedNodeMap nameNodeMap = payloadNode.getAttributes();
                 // String baseUri = payloadNode.getBaseURI(); not implemented
                 boolean attributes = payloadNode.hasAttributes();
                 Element payloadElement = (Element) payloadNode;
                 //xmlns is the prefix and first parameter the namespaceURI
                 // xmlns existiert ohne WSSE, beim Create XMLOutputter ausgegeben
                 payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
                 // existiert ohne WSSE
                 // bei Create nicht; aber bei Verify im DigestOutputter mit drin
                 payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:soapenv", "http://schemas.xmlsoap.org/soap/envelope/");
                 // existiert nur bei WSSE
                 payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                 Node timestampNode = new TkSchemaHandler().getNode(documentTo, "Timestamp");
                 Element timestampElement = (Element) timestampNode;
                 // existiert ohne WSSE
                 // beim Create Outputter angegeben sowie beim Verify
                 timestampElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                 // existiert nur bei WSSE, war wohl nur notwendig da bei WSSE Signature auf falschen Timestamp zugegriffen worden ist.
                 // Create a DOMSignContext and specify the RSA PrivateKey and
                 // location of the resulting XMLSignature's parent element.
                 DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),payloadNode);
                 // Create the XMLSignature, but don't sign it yet.
                 XMLSignature signature = fac.newXMLSignature(si, ki);
                 // DomInfo.visualize(document);
                 SAXBuilderDemo2.print(documentTo);
                 // Marshal, generate, and sign the enveloped signature.
                 signature.sign(dsc);
            } catch (Exception exc) {
                 throw new RuntimeException(exc.getMessage());
  VerifySignature.java:
  import java.io.FileInputStream;
  import java.io.FileOutputStream;
  import java.io.OutputStream;
  import java.security.Key;
  import java.security.KeyStore;
  import java.security.cert.X509Certificate;
  import java.util.ArrayList;
  import java.util.Collections;
  import java.util.Enumeration;
  import java.util.Iterator;
  import java.util.List;
  import javax.xml.crypto.dsig.CanonicalizationMethod;
  import javax.xml.crypto.dsig.DigestMethod;
  import javax.xml.crypto.dsig.Reference;
  import javax.xml.crypto.dsig.SignatureMethod;
  import javax.xml.crypto.dsig.SignedInfo;
  import javax.xml.crypto.dsig.Transform;
  import javax.xml.crypto.dsig.XMLSignature;
  import javax.xml.crypto.dsig.XMLSignatureFactory;
  import javax.xml.crypto.dsig.dom.DOMSignContext;
  import javax.xml.crypto.dsig.dom.DOMValidateContext;
  import javax.xml.crypto.dsig.keyinfo.KeyInfo;
  import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
  import javax.xml.crypto.dsig.keyinfo.X509Data;
  import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
  import javax.xml.crypto.dsig.spec.TransformParameterSpec;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.transform.Transformer;
  import javax.xml.transform.TransformerFactory;
  import javax.xml.transform.dom.DOMSource;
  import javax.xml.transform.stream.StreamResult;
  import org.w3c.dom.Document;
  import org.w3c.dom.Node;
  import org.w3c.dom.NodeList;
  public class VerifySignature {
       * @param args
       public static void main(String[] args) {
            // TODO Auto-generated method stub
            try {
                 String filename = args[0];
                 System.out.println("Verify Document: " + filename);
                 XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
                 DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
                 dbf.setNamespaceAware(true);
                 Document doc = dbf
                 .newDocumentBuilder()
                 .parse(
                           new FileInputStream(filename));
  //               Find Signature element.
  //               NodeList nl =
  //               doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
                 Node node = TkSchemaHandler.getNode(doc,"/*[local-name()='Envelope' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/']/*[local-name()='Body' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'][1]/*[local-name()='TelematikExecute' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Payload' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Signature' and namespace-uri()='http://www.w3.org/2000/09/xmldsig#'][1]");
                 if (nl.getLength() == 0) {
                 throw new Exception("Cannot find Signature element");
                 Node node = nl.item(0); */
  //               Create a DOMValidateContext and specify a KeySelector
  //               and document context.
                 DOMValidateContext valContext = new DOMValidateContext
                 (new X509KeySelector(), node);
  //               Unmarshal the XMLSignature.
                 XMLSignature signature = fac.unmarshalXMLSignature(valContext);
  //               Validate the XMLSignature.
                 boolean coreValidity = signature.validate(valContext);
                 // sample 6
  //               Check core validation status.
                 if (coreValidity == false) {
                 System.err.println("Signature failed core validation");
                 boolean sv = signature.getSignatureValue().validate(valContext);
                 System.out.println("signature validation status: " + sv);
                 if (sv == false) {
                 // Check the validation status of each Reference.
                 Iterator i = signature.getSignedInfo().getReferences().iterator();
                 for (int j=0; i.hasNext(); j++) {
                 boolean refValid = ((Reference) i.next()).validate(valContext);
                 System.out.println("ref["+j+"] validity status: " + refValid);
                 } else {
                 System.out.println("OK! Signature passed core validation!");
            } catch (Exception exc) {
                 exc.printStackTrace();
  Questions:
  1. Do I really have to set all the namespace attributes? I thought with exclusive xml this should not be necessary. Is there any other solution?
  2. Do you think I got all the settings right in SignPayload.java?
  Thanks a lot in advance.
  Cheers !
  Nils

  It seems to be a bug with the JDK you are using. What is the JDK version you are using?

• Error Reading Soap Response

  Hi,
  We are having a problem reading Soap Response:
  Scenario: From XI/PI we are calling a webservice with Synchronous
  message with WS-Security including Authentication, Signature, TimeStamp
  and Encryption using SOAP Receiver Adapter. We are able to send the
  request successfully and also the webServer is able to understand the
  request and sending the response back. The problem is the PI is unable
  to read the response and giving a below error:
  com.sap.aii.af.ra.ms.api.DeliveryException: expecting end tag:
  Transform, but found
  InclusiveNamespaces at state 1
  We tested successfully end-end with NON-Secured sites with out WS-
  Security.
  Please let me know if you have seen this error or any thoughts.
  Thanks,
  Laxman
  This is the actual Request Message:
    <?xml version="1.0" encoding="UTF-8" ?>
            <ns0:getUser xmlns:ns0="http://csa -namespace:8090/ddsssaws/IdentityManagementService">
    <string>XYZ123</string>
    </ns0:getUser>
  Also we extracted raw traffic using TCPMon:
  Below is the raw-traffic of SOAP adapter (used TCPGateway to capture the traffic)
  Request:
  POST /edsssaws/IdentityManagement HTTP/1.0
  Accept: /
  Host: 999.97.19.45:9999
  User-Agent: SAP-Messaging-com.sap.aii.messaging/1.0505
  Content-ID: <soap-1f3af770018111ddc0d300144f2515b0Atsap.com>
  Content-Disposition: attachment;filename="soap-1f3af770018111ddc0d300144f2515b0Atsap.com.xml"
  Content-Type: text/xml; charset=utf-8
  Content-Description: SOAP
  Content-Length: 5530
  SOAPACTION:
  <SOAP:Envelope xmlns:SOAP='http://schemas.xmlsoap.org/soap/envelope/'><SOAP:Header><wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' SOAP:mustUnderstand='1'><wsse:BinarySecurityToken xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='sap-9' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>MIIFFTCCBH6gAwIBAgIKZptrmQABAAALBTANBgkqhkiG9w0BAQUFADByMRMwEQYKCZImiZPyLGQBGRYDY29tMRMwEQYKCZImiZPyLGQBGRYDZWRzMRQwEgYKCZImiZPyLGQBGRYEY29ycDEUMBIGCgmSJomT8ixkARkWBGFtZXIxGjAYBgNVBAMTEUVEUyBFbnRlcnByaXNlQ0ExMB4XDTA4MDQwMTIxMjMyN1oXDTEwMDQwMTIxMjMyN1owIjELMAkGA1UEBhMCVVMxEzARBgNVBAMTCklUQVBJTlRERVYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALjKvScjIEmp5Q1X3/gfR0WZO22KiEAOAx9kM0q3kpT/0dk2ZVit5YCBT4Zkt6Tttyh21xmnCcVgcRo0YOxXcXrLq25HRsSbxY3Zu37qq4tqExX5gQCtfR1pRjRrhQfDPmPGzFOrTzSjxJ5BH49p3KZcUhj7KpWQEakDBvJAgMBAAGjggMAMIIC/DAdBgNVHQ4EFgQUadHS0gj0CBQymaNnAlGJphSCB/YwHwYDVR0jBBgwFoAULNVTI/CtjM0k4MlzJLuQI4tVUy8wggEaBgNVHR8EggERMIIBDTCCAQmgggEFoIIBAYaBxWxkYXA6Ly8vQ049RURTJTIwRW50ZXJwcmlzZUNBMSgxKSxDTj11c3Bsc3NjYTAwMixDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERDPWVkcyxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hjdodHRwOi8vd3d3LmVkcy5jb20vY3J0cmV2bHN0L0VEUyUyMEVudGVycHJpc2VDQTEoMSkuY3JsMIIBDwYIKwYBBQUHAQEEggEBMIHMIG2BggrBgEFBQcwAoaBqWxkYXA6Ly8vQ049RURTJTIwRW50ZXJwcmlzZUNBMSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERDPWVkcyxEQz1jb20/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwQwYIKwYBBQUHMAKGN2h0dHA6Ly93d3cuZWRzLmNvbS9jcnRyZXZsc3QvRURTJTIwRW50ZXJwcmlzZUNBMSgxKS5jcnQwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBLAwPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUIh4qV4WN/hPFkRuHwclug63SWS2GpOIihPT8LwIBZAIBBDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAGzyuh56APinQtmE9oWsT8NHcQqMASHZnN26RAofnxuIUH1VyBK2CGyiiDnCS0cDIGBl45sqOO8uRClE7CngeZEAV9JL5bhpUF6rywmFKvqe5FyqnrScczeaODV0g9sO4vUrwdGlReA5ncvtSN/u82MWDqtHAHBfpYQxZUrW</wsse:BinarySecurityToken><wsu:Timestamp xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='wsu-targetID-1f10b320-0181-11dd-aebd-00144f2515b0'><wsu:Created ValueType='xsd:dateTime'>2008-04-03T13:23:17Z</wsu:Created><wsu:Expires ValueType='xsd:dateTime'>2008-04-03T13:25:17Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' Id='EK52789332'><xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5'/><ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'><wsse:SecurityTokenReference><wsse:KeyIdentifier ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier' EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>ykCivrkfwQdj30aJid9VGnjtY=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Fi5B3uBMSp4nAKh3rLAs4DJQ5iCLoupE1oq3VOFueea1Y90xI200OFraV2mRS2ywsejH36nwy
  XYPuB5ZQScJampqZDtTR28cq890s4sEKFpycsNyNM9VScWaVoi4nKBKRIdGVoLgLf+NrmzJnXD
  6eb4F6tWWyw8g2FJel4=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI='#ED13608949'/></xenc:ReferenceList></xenc:EncryptedKey><ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'><ds:SignedInfo><ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/><ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/><ds:Reference URI='#wsuid-body-1f108c10-0181-11dd-838e-00144f2515b0'><ds:Transforms><ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/></ds:Transforms><ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/><ds:DigestValue>UaW58GCrg/nrA/EfW+OyHP2DCio=</ds:DigestValue></ds:Reference><ds:Reference URI='#wsu-targetID-1f10b320-0181-11dd-aebd-00144f2515b0'><ds:Transforms><ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/></ds:Transforms><ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/><ds:DigestValue>LFuszgJ412Fe8PRtK3W69RTXndY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>K4iZoVGhuI41fj9BdXx7wUz/JEi2pqh60gZZta8tOfaVmC1PfNtPg61N0sYescfM4RmkQpDorS1d
  VB/DAJKz173HTD5rn/SuwmYgql4aVKPNlIDD90ZXoJ/mfzwT/Kei6yjWtvCYthCxaUtP/LFDB/dA
  mr1OUAj9X2DHkzF6g=</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI='#sap-9'/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></SOAP:Header><SOAP:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='wsuid-body-1f108c10-0181-11dd-838e-00144f2515b0'><xenc:EncryptedData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Content' Id='ED13608949'><xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc'/><xenc:CipherData><xenc:CipherValue>lZkC7zZZfqBUg5rnqMZypi5ZvnPBvw36fjeFmCDQ5DMDjKXShO4apBjBE3gUsLGL1TMli18D0NWK
  dmVHQTePitGhvQ7YiyaXgjekZckS2P91Qv/9Zut5/hzCYhgVarnUgGmr8Qi4aSYXCY0oBD6SzVXy
  /UoQHPASF3mhYPaFBtmTJu2dHmV6v4HTKC+Om0</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></SOAP:Body></SOAP:Envelope>
  Response:
  HTTP/1.1 200 OK
  Date: Thu, 03 Apr 2008 13:23:54 GMT
  Content-Length: 9511
  Content-Type: text/xml
  Set-Cookie: JSESSIONID=cTPmH0hKYvKqK427JJb573FT1RWZhHY5l7XnLlsjsk6yRkS2g5y6!1973031667; path=/
  Connection: close
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><env:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><wsse:KeyIdentifier xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" wsu:Id="Id-dgdMMmsGkjae8aSYF_59_xwe" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">adHS0gj0CBQymaNnAlGJphSCB/Y=</wsse:KeyIdentifier></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue>mbOmTXSiYuEiWHbP3dbrDXFpZaSoQ084wMBt7uRxNo49p1fpQBkDpr/H2wPNbHy4qzSTVzP7EESzWFjFEb/7BH3dt4JuyzBFH1M0X77YBW5YHNGpiUmj934ziydojqcU6jWBsUaFxXsAPmvy0q3vVk8xnZcQHxMNhPS5ebK9o=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#Id-yMgwZrtQctSvW1mT1sDWdZ8D"></xenc:DataReference></xenc:ReferenceList></xenc:EncryptedKey><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="Id-2DXBQHwdRE0oquWQV0mjtw1U" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIFVjCCBLgAwIBAgIKfps5MgABAAADHjANBgkqhkiG9w0BAQUFADByMRMwEQYKCZImiZPyLGQBGRYDY29tMRMwEQYKCZImiZPyLGQBGRYDZWRzMRQwEgYKCZImiZPyLGQBGRYEY29ycDEUMBIGCgmSJomT8ixkARkWBGFtZXIxGjAYBgNVBAMTEUVEUyBFbnRlcnByaXNlQ0ExMB4XDTA2MDUyMzIzMDY0OVoXDTA4MDUyMjIzMDY0OVowYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMQ4wDAYDVQQHEwVQbGFubzEMMAoGA1UEChMDRURTMQwwCgYDVQQLEwNTRFMxGzAZBgNVBAMTElNTQVdlYlNlcnZpY2VzLURFVjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0qRmvQkxnPnEZQNSabPVwM6sEf8vFUOAlgQ9uuiDImVmDw4Afg45zbmTBeDdv4wsIap7kI4VJhv60SdOQg6i1mIEi83Qk7UJYD8XvKuOalSLYhHu92lsp0kIZlAdzipVd1Pp0cI3wSvP6o9zfX0gALpisf8rGJ1CkVWbtHaVp0CAwEAAaOCAwAwggL8MB0GA1UdDgQWBBTKT4KKuR/7BB2PfRomJ31UaeO1jAfBgNVHSMEGDAWgBQs1VMj8K2MzSTgyXMku5Aji1VTLzCCARoGA1UdHwSCAREwggENMIIBCaCCAQWgggEBhoHFbGRhcDovLy9DTj1FRFMlMjBFbnRlcnByaXNlQ0ExKDEpLENOPXVzcGxzc2NhMDAyLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWNvcnAsREM9ZWRzLERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGN2h0dHA6Ly93d3cuZWRzLmNvbS9jcnRyZXZsc3QvRURTJTIwRW50ZXJwcmlzZUNBMSgxKS5jcmwwggEPBggrBgEFBQcBAQSCAQEwgf4wgbYGCCsGAQUFBzAChoGpbGRhcDovLy9DTj1FRFMlMjBFbnRlcnByaXNlQ0ExLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWNvcnAsREM9ZWRzLERDPWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTBDBggrBgEFBQcwAoY3aHR0cDovL3d3dy5lZHMuY29tL2NydHJldmxzdC9FRFMlMjBFbnRlcnByaXNlQ0ExKDEpLmNydDAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIEsDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHir5XhY3E8WRG4fByW6DrdJZLYak4iKE9PwvAgFkAgEEMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEALsVozc1aVcPNBVsRXRbAiStchxG2fKDOt9kRzL6BHtQa/fkp81EjOBhETn8N1IHLUsINn05wGgdDA2UszjLtRIpQmdpCyh2gzFW8Dlx5X7vJyvJsoDOPDBArv55dTjCEfok1oz3ux3mrVotuvr1pKIVTr7ylpRM8p8GBXw=</wsse:BinarySecurityToken><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></dsig:CanonicalizationMethod><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsig:SignatureMethod><dsig:Reference URI="#Id-wS1xP_ArcYYXY4qkqYznI7_W"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>tr3NrozQWsKrvH38naIEnQXrzgQ=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Id-1vPAqVSMhSLH3WiBQkTTfldz"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><c14n:InclusiveNamespaces xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd n1"></c14n:InclusiveNamespaces></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>AUWlqeyq6w5LQnggK5dT6flLUU=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Yx5Pre8VChTLOhPVln5xhO21dM93a2FPxQTsZY1BBIWlqeHkAEQqXvhI/EU459QZIGDOubLK0Z9AT0SRmDOgtnWNBT0duqveQ1Ippbd0hXaehW48ObrMIKnYfq5ub1kNYv9mslybPRZw9OaiijNmLfIty8qc8ctRV0lFwAjcQyk=</dsig:SignatureValue><dsig:KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#Id-2DXBQHwdRE0oquWQV0mjtw1U"></wsse:Reference></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-wS1xP_ArcYYXY4qkqYznI7_W"><wsu:Created>2008-04-03T13:23:55.459Z</wsu:Created></wsu:Timestamp></wsse:Security></env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" wsu:Id="Id-1vPAqVSMhSLH3WiBQkTTfldz"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content" Id="Id-yMgwZrtQctSvW1mT1sDWdZ8D"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>LB6IKwEJgvTPdPGNeIzcpjPjC9GXi3sou5PaCnF3m4x6ToA6gDV5Sw/ODnCEeqFURgWFX8ZgxYF9YJdyj7ERAifs8MNBh/rHCitT02mU8pirwGdqSXlfCX4KYsHtUnyiGKbbMCwvCCs4LgBPnx8tCN39aazA1Ge/5JPfwupYMU/lAbyajdP1qva/gxhMCqGkgAnQgB1TJDfARvDsJnx6p2zqKsnRnNreBFClyBG7GHeMvpnzg4poPCFlj2baIoK2CSQmVbPdcPk4rgg1PAWDQwIIzBCKpZjysHeb/sW9jObekbnn4mCnUdzjRERoklstpZNeWKi/jLEaNsIX1ixhsUyWIyknYGaBjDiiGqmS6BIO1RHu0SydiMv1L/FzIWgyO9VhilGdTWsVDP6CxljxTqg41bobuPazkjQHyBK9rCGQI9J/bjSiA2S6FBDHxhA6SfDjyhvGzDhGNLMd/***2ieUGQWg/atFbqItqW2HZzb7T0cuIiROBYaGLUbWnghcUXAn9dV38GbCMfWk65OhpkD5EQXr/5bPxK41L3sPIrAs2JnMM9nLuj6gLo35VMlsdVQ1c0o3JYQ4JARnSlnUrgW20Cilwf3Fn2m7Yj4QicC6RUhChEudnbgYIjqq0Ypc8BsjJWAPYRuVAUVArINqgUjCNuOxQKV3dyEayS0lZ8UOBfopGBnIlEDS9h62ZIiIKfRhCD6xLsY1PED7K5ZHRvj2TEtQtYoZxeTNDH7/IdukO/cATF9B0DhSvx2YK8EzlG3pygcLGeHZ4DfwmGC5lnO5NZrqFaHXa1LNNgZ9H1rezZyOfizbvT/O5mC8tvINNvP5Ik37OdD6Lmjnc4u0gAKee6QqQ7uk8A6xbrjrnOWp46vnoNmvMZxyAMAD8xFBz9b8MVHu0IJX5etLdRbjsSsMYNpUomqFjfweFe3NeHESUA5IhkYUQVNNwJJ3MCpJDWWHFNLEbzRoUolXVOQhC0PC6j6KmHQH2yib0KWKKJn7kLrUtgGazJMatLDhWDU5oEtZbDJzauxikxto0R6ZirhjKqmVCeVu51yrbW4lgC2upXxJsQ2q5igBaX7Qvz4D1ICkp1m7CRG7cWrU6MfBSXusRsPIp/7wJsdBpXSPb97cZi6y82EP6iQhsyRJ9YODUr22WObb4CvIYo8bDFW1Sw6BImoqkgsoXB/j2oNp0g6vLhYy0OjF5LAdDbhDk23WA00KGj9xAHEPVkqfXdivfc3quxWdpIBri0JnQGA/T1GsxwM4YKvhp5hPl28sgLeo7/I0DstkK6Jispkt5/03N364bRQBAHykAqUAyDvMHz8jiZK0Jo2cnTDTzoDtDi9q2wbSI25lh31FZ68kKJ1t399VRdF4JlSKvaXE8pj1ljE3J6GsII6haD3W17Kns2hmnduL0pEeChUgq0VrXaK8k5e0CR1JdmzVEHNo7WKWwB901cOrtRfxh1yQWvw0dHCSlxzAlISAb7Y2t0MlIoITIKi9XzJSpbxtp5zCQiup3PPDni1wQWotYd9WVZ2Zs2KxDkusDbENOAu68RjtWoOQxGXPrek73CQ9ja2D6doNjdbwX9Exrhqlek9507Sn0J2RO5kJG6huXD3TTXcBcBlD8HYq76JfSNtqgpUwKztPCxaECMmvTm4n1YRT5pkpKfOmlx262TJllv1l2B5cs3f6ODWf/ULarjwMPT2ajviYvCDXl4Kl8HNcmXKhR3W8IzCvWCsPwwDoFbjCk5Xkdd6IVPAX9i0LP5hZqS1bMrJnTreNTVd4glne7T6SdjkFt2MR1UJnsNHlVDoeGhb5VhfphgPg2r1DUyY7k3QlXHGxCBctjlkTUVg9D0NgWf4JrE2KXtdCPR/gX7HjrR6wq24UsibqOH5yi2Zh2hGwP2OWrPRQ6QMqIdW2voAux0GOkL7Ip8GCRml5eilopmRyh8D3PxWw8CwfC81slylodVHvGP8AjGE9cddQhMzQ2s96ZPQVTLEo734UQFkH511HtJGWVCTbxGBmtpEyoJZSJJ9CeG2sXuwEGF7YXR31xJJZbtOKFyskQw3BJGb1SE35iF5lr0hshYB1/gm2YmlTX68nZtux9NWRIKnJ3EHvWUc9UIudzoEMf0LyLZm5pFtkZAUQ16F4BfqEVJekVlUBOs1dCSYN6lUcsVzinhUcY1eBni75vEXaO8zSTy4ZwcOiGYvR9QK2bSuzYen1LKBaFK6UIAVstr29avGAGp5nk3qM63/05rUv2jnDM6XYIoFSx1lpE7SwtvbiRUQjgUA4ZX7Oa7Mp9HJj5W0o7ZVViKbYTtxux5/2AXgXxLo/i3YsHd7BUE/2KTjUrKokTYUzCgTlXkSmYOfRY1wdxeixrLfbSWBD1Y4ZbcMw3l/57XIPmGl42HrRyEFIxGnt7kQHR9A3abfJ93E0Y8AMiQuhG2/WTZho/IzxQ/OfDJm78o97K10pbe7OUIrfpPNTfM3cenEd37ZFWI67yPNwYfiZw8E7uks8GIKSAqrt7q55C10EpmizEcydD5EKtGyElXk6ifr3GO6WbHJNUp6FvgyHQTF6VXRiC91Rv/ZvUQggxRDyF6HibOq5BqDwTbMY0OnbB6nR3KlGYfhkBfEUiqbd10HYzCzWx0uGv54swAwsRUtOQFMpbr5B17yXdE5vGN2uTm02Bgr3EwOUyuw2ttgdUedDH8APmOlDr23wPiFljsTgWbbX/UZQGCyhNxa8avQtDdlymu8e8PS5tMupjMSkJtULUUXQyoKGwcXwwvp25iubNODEt5aZNt45bGKwOW5P3Xzu2ZJ6tAtW/zh7NfN1EHVZIwIlxWgPaag0ComeirsmZfNu3W2wge7Cg9aOYws81iIRaLa0YgYWZwH3C6yTRRQcM8fx1U1TiK2tIkFcc4iAjefZKMHBsodtTzo4EYaYvb9SyjGgZLTMYSlTbpx31Ot0T/t8kFxpML/ObDgoKoxWUVXxfD74HDW/0Uo9JDgdaV/lxJ2CJ7y8gb4ayKsVRNB4BmP5OzA/q9vzZWgtfoM4ODu//vsAed9Dvi4f1pJt5Cf8WWxv1PtWS4gvFe87a03kyhwSzI4obai23oYlCcyrUyL9LBZCwcBgn4tDcno6HPIHT2iEpi00sTuTD2bqXyTkXrxgzGSwlfBzCXr7xczoZDJoU5oj5t59cyq/faUZZkhc0bb8dhOH2/oYcanpfdtNS64VeO42eXaPbkMP00IrHTAUb2KxXQa7h80vB3LMA29cS3EBaJ8pnIJ/sPh0bT5A/FiiiJVJNm8g7EBcvd2nbJWRAkVNp1SxLPoUKF1dRt3OiJwhbdOASOnmJS8IXRjskuIYRsMgXSNdlMGxadedsdB9TKRvgzGkutWu9mQ3+0XJJIp7S23E8b3OLH1CAxhH3wyWu8TmeksImbGc0VY7oSTTtNNWOdeRDQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>

  Any thoughts???
  Appreciate your input.
  Thanks,
  Laxman

• SOAP Request with Web Service Security

  Hi masters of XI,
  the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
  I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  How can we send UserNameToken's elements inside SOAP web service envelope
  signing with X.509 certificate also? There are any way to do it in the
  receiver agreement or receiver SOAP adapter?
  thanks.

  Hi,
  thank you very much for your answers.
  I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
  This is my Request:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>     
        <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>
  And this is the request I need:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>
  <!-- THIS IS THE PART I NEED -->
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
          <wsse:Username>xxxxxxx</wsse:Username>
          <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
        </wsse:UsernameToken>
  <!--  -->
  <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>

• Exception while accessing web service secure through web services Manager

  Hi All,
  I deployed sime Hello World web service on JWSDP1.6 and secure it through web service manager(gateway) using Certificate based security.But when I try to access this web service using JWSDP client,I got the following Error while monitoring the soap messages through TCP-Monitor:
  /////////////////////////////////Request///////////////////////////////////////////////////////////////
  POST /gateway/services/SID0003009 HTTP/1.1
  Content-Type: text/xml; charset=utf-8
  Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Content-Length: 5631
  SOAPAction: ""
  User-Agent: Java/1.5.0_05
  Host: ivy.cs.ucl.ac.uk:8082
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://hello.org/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <wsse:SecurityTokenReference>
  <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">eN9famBBWzHNUIwWRhMPktcM+VQ=</wsse:KeyIdentifier>
  </wsse:SecurityTokenReference>
  </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>MHjtgA4wOtvI1B+SuRVEmD07yE+jl6axd4XbJ0nvQ3EzSuVVoST9vHzURh+B47yj41187s8T+yjt
  Bmpk9OB278Jghonkacv6r+q+LVlxRrQDudNGir7plzFeM6bUadMxf+FLgn5O0a44vU/tvy6V9+zi
  yqFdhTvS21No/aW62No=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#XWSSGID-1155126003241-1198323932"/></xenc:ReferenceList></xenc:EncryptedKey><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-11551260018331598979688">MIIC3TCCAkagAwIBAgIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzEMMAoGA1UECBMD
  U0NBMQwwCgYDVQQKEwNTVU4xHjAcBgNVBAMTFWNlcnRpZmljYXRlLWF1dGhvcml0eTAeFw0wNjAz
  MTkxMzQ5MDJaFw0xNjAzMTYxMzQ5MDJaMEcxCzAJBgNVBAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAK
  BgNVBAoTA1NVTjEcMBoGA1UEAxMTeHdzLXNlY3VyaXR5LWNsaWVudDCBnzANBgkqhkiG9w0BAQEF
  AAOBjQAwgYkCgYEAzNDPKUz1MhUH1LsrLqXKxciOKSWeTrdoe/SVwe/4uy5eobAWSsSTposaOYFy
  uxf3cGCCIs7u0jMAXLQ9jzobDbt9XQ4tXPoBzKKzS+yU6hDk2TcOCkioeT9A9db5LF8yevhwXKB4
  AJ1Eh//Dp/djoonXCCxsxupQZp3ueRJrR98CAwEAAaOB1jCB0zAJBgNVHRMEAjAAMCwGCWCGSAGG
  +EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUECH05VC3/WGW
  H4AGD6tnH0h+kFUweQYDVR0jBHIwcIAUdry1wGRZ2fyJSKisVSxpMEmIiaahTaRLMEkxCzAJBgNV
  BAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAKBgNVBAoTA1NVTjEeMBwGA1UEAxMVY2VydGlmaWNhdGUt
  YXV0aG9yaXR5ggkA4HaEvd6hq8YwDQYJKoZIhvcNAQEEBQADgYEA0RhOk67pCrO6MgZZGqrmAMW6
  76fZowBxTKlFq88nrf8v1MUxV8H9wgbTDrwR0HtxY3TGpDFw2tNAww2pyDX/pQ2Wt46ichluGxjf
  aEV53loKTOM7syAmlicWqViGzBfgzriIl918TzFaX9BD/Y55bKZQk057maBCSkUuFfF453s=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse enc env ns0 xsd xsi"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#XWSSGID-1155126002593447652186"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>UJ1kuwI+WuF/RkrQpZrj1GvraLI=</ds:DigestValue></ds:Reference><ds:Reference URI="#XWSSGID-1155126002602761294100"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>sKG/z5OIGgqJ2nw7JtpXyJzr8pY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SBc65VTG1xpEkRUTz70H0fVGIgoBJ0QnNad0k07RMSfw4vG1WHJdt19R05pO2AvU5aoYuBSaguJe
  ZGEjmWzw8mnSWKBi+zeDMeJiwgqwW6HHHX9P7JDslxuTIqoJIVUbSjUTSVz6ww8siIK65quXdkMT
  ZzLfp7Cd0gBuA3EEZpg=</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-11551260025411896275738">
  <wsse:Reference URI="#XWSSGID-11551260018331598979688" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
  </wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002602761294100"><wsu:Created>2006-08-09T12:20:02Z</wsu:Created><wsu:Expires>2006-08-09T12:20:07Z</wsu:Expires></wsu:Timestamp></wsse:Security></env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002593447652186"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-1155126003241-1198323932" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><xenc:CipherData><xenc:CipherValue>XNqEzHNp47ILtOagAUNCXYkxOCWv4CjHqmZ7j6VKN/NO96ce4BsNSL6lKzqa9dPxHB1sTVGZQ8KA
  COQ6DGwyWCP8ip+CU2hor3uUAml7nzHTx1LUw3Db+0p31VAT3EqKJA3aFy38GQrBTr9ojMOUA6tm
  Cj71yucN3UCKRUl3RpE8qU68y7AwNxPsyAZeSa2AVm2cmWvSDZlxgMsx+JCEZaf3+D0o1zMp0Fxb
  MSISPt/JrEolt1H5UM1AoFGU4QkckWrQNLPyEF9oxEgZ8oCE5U8v/YJwZIAHFrx67XfaLwQLjzXw
  VPigsH9gLkfbP2BU8Vp31GsPwBZtUeNz9S35+CZPD7EiqoAB1QuAxZkJV7n00VChYH+scT64tNja
  c81bcD8tf4sAr7toCMNDAU6+74+Qy0EyPqgwLtotDxErn4kF8e72cONMMQBQ91tQs+iI+D6C1I6+
  f9UiSfgtm/MTuKQK1CRqarEtI9N6lpqVH8k7ulUwH/jFstihxmhMJ3aZY+qQgSwSs3pwSSim+e18
  eR7dOEq4vG8ivKuGvTDO4sSV2RP/nL/3eXr0y7eM0kMFKwTUA4JqL4Y/l8Bo/rie/ZXkkbF6hwEu
  dX1QmB0gf5k=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>
  ////////////////////////////////Response///////////////////////////////////////////////////////////////
  HTTP/1.1 100 Continue
  Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
  Date: Wed, 09 Aug 2006 12:28:47 GMT
  HTTP/1.1 500 Internal Server Error
  Date: Wed, 09 Aug 2006 12:28:47 GMT
  Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
  Connection: Keep-Alive
  Keep-Alive: timeout=15, max=100
  Content-Type: text/xml
  Transfer-Encoding: chunked
  157
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
  0
  So basically, what I am doing here as follows:
  HelloClient(using JWSPD1.6)->gateway(web service manager for securing the web service using message level security through certificate )->helloservice(deployed using JWSDP1.6)
  I would appreciate if someone could tell me the cause of this errror.Thanks.
  Kashif

  time to look into the gateway logs as stated by the fault ..
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
  looks like the cipher step might have failed

• SOAP message format after signing

  Experts,
  Can any one tell me the format of the soap message after the message is signed with certificate issued by third party?
  I am getting signed soap message as follows :
  - <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
  - <SOAP:Header>
  - <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP:mustUnderstand="1">
    <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sap-6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIE1TCCA72gAwIBAgICGyQwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCU0ExDTALBgNVBAoTBFNBTUExGzAZBgNVBAsTElNBTUEgZVRydXN0IENlbnRlcjEfMB0GA1UEAxMWU0FNQSBTdGFnaW5nIFNoYXJlZCBDQTAeFw0wODA5MTYxMDUyNDJaFw0xMDA5MTYxMDUyMzdaMIGUMQswCQYDVQQGEwJTQTEoMCYGA1UEChMfTkNCQiAtIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuazEoMCYGA1UECxMfTkNCQiBXZWIgUmVnaXN0cmF0aW9uIEF1dGhvcml0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMTG2UtZGhxLXMyMDF3ZWIuc2VjLnNlLmNvbS5zYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2JDBfb/o41YV7/JOBKa0H/zCIF6Szpn5oEEPjIu63UoD2t3uKZgL0pDpKTrl8hNgSfnbePsn9te0sqmstflIUV8OYv6VCUKIL6ZsxcZliFP7LTWcN7VHa5J80zwJpuZI0lSOTmssRfTczT5wbRiJuf/z/ZUsc9VvP7hMT93Vc0CAwEAAaOCAewwggHoMIIBPAYDVR0gBIIBMzCCAS8wggErBg0rBgEEAYGHHQEBBgUBMIIBGDCB1QYIKwYBBQUHAgIwgcgagcVUaGlzIGNlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBieSBTQU1BIGVUcnVzdCBDZW50ZXIgb24gYmVoYWxmIG9mIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuayAoTkNCQikuIE5laXRoZXIgU0FNQSBub3IgTkNCQiBhY2NlcHQgYW55IGxpYWJpbGl0eSBmb3IgYW55IGNsYWltIGV4ZXB0IGFzIGV4cHJlc3NseSBwcm92aWRlZCBpbiB0aGlzIENQLjABggrBgEFBQcCARYyaHR0cDovL3d3dy5lVHJ1c3RjZW50ZXIuY29tLnNhL2RvY3Mvcm9vdGNhX2Nwcy5wZGYwMAYIKwYBBQUHAQEEJDAiMCAGCCsGAQUFBzABhhRodHRwOi8vMTAuMTMxLjEuNjo4MDALBgNVHQ8EBAMCA7gwJwYDVR0lBCAwHgYIKwYBBQUHAwQGCCsGAQUFBwMHBggrBgEFBQcDATAfBgNVHSMEGDAWgBSgYJsSh4qnwzTjhepPMHVJj9ncDAdBgNVHQ4EFgQUXWMeLP/opd8VqdnCf/xSX0/dD8wDQYJKoZIhvcNAQEFBQADggEBAJ2Pjv0V8ke9Vxe4FAOVJ7Hi67STUnad6gIIeT2wTUYwZD9dFf2g4NJnqJ2SF3Q9QKw5rBofU1SjuFw11hnQ3G3UK6Erkn7klS0/vVrAEAg55nzDhYPU3uZyVoobJmtLgNk507U7qkIL86p8tPCDlZoN23od1RG8uAP4K3TyiYgFozVA9tUIUGDDFbqOSACZ6tSrXDzHTfmA2l7zz4tizi/yX57SLjg3kIXKWfwo3nOEJm9xGL/4PyxaXQlNsd3srBrYl9/L78563ExKJ0UvnqKTjvuhRIsm3+E9eFhYAq1Wd/xBIXKPZEK8VwcrEQJqBnEi/2RL0jDULYMR8=</wsse:BinarySecurityToken>
  - <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsu-targetID-eed81bc1-2818-11de-a649-000e0cf559d1">
    <wsu:Created ValueType="xsd:dateTime">2009-04-13T10:50:41Z</wsu:Created>
    <wsu:Expires ValueType="xsd:dateTime">2009-04-13T10:55:41Z</wsu:Expires>
    </wsu:Timestamp>
  - <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  - <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
  - <ds:Reference URI="#wsuid-body-eed81bc0-2818-11de-cc6a-000e0cf559d1">
  - <ds:Transforms>
    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    <ds:DigestValue>ybxqsfOoHwh8eItwlr2GgCzrN8Y=</ds:DigestValue>
    </ds:Reference>
  - <ds:Reference URI="#wsu-targetID-eed81bc1-2818-11de-a649-000e0cf559d1">
  - <ds:Transforms>
    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    <ds:DigestValue>Kdki/tVoqS6zmkF7x8nA19QouzM=</ds:DigestValue>
    </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>a60173OR4QNYvp/0nEFjPaR2wR6glTj1FQO31YNGn0NR5XKuB2Ye3dfsfwfB6bdDEmXwvOcEfNln grH7hjoItDC1z8luCpXjs7Gy2viF4XCOdgqxC6MnFOwdZpKodrjESYTjzsNUiXcHUEntGzv4Ry8U zCEw9lLT7koAcTXk/NM=</ds:SignatureValue>
  - <ds:KeyInfo>
  - <wsse:SecurityTokenReference>
    <wsse:Reference URI="#sap-6" />
    </wsse:SecurityTokenReference>
    </ds:KeyInfo>
    </ds:Signature>
    <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sap-6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIE1TCCA72gAwIBAgICGyQwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCU0ExDTALBgNVBAoTBFNBTUExGzAZBgNVBAsTElNBTUEgZVRydXN0IENlbnRlcjEfMB0GA1UEAxMWU0FNQSBTdGFnaW5nIFNoYXJlZCBDQTAeFw0wODA5MTYxMDUyNDJaFw0xMDA5MTYxMDUyMzdaMIGUMQswCQYDVQQGEwJTQTEoMCYGA1UEChMfTkNCQiAtIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuazEoMCYGA1UECxMfTkNCQiBXZWIgUmVnaXN0cmF0aW9uIEF1dGhvcml0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMTG2UtZGhxLXMyMDF3ZWIuc2VjLnNlLmNvbS5zYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2JDBfb/o41YV7/JOBKa0H/zCIF6Szpn5oEEPjIu63UoD2t3uKZgL0pDpKTrl8hNgSfnbePsn9te0sqmstflIUV8OYv6VCUKIL6ZsxcZliFP7LTWcN7VHa5J80zwJpuZI0lSOTmssRfTczT5wbRiJuf/z/ZUsc9VvP7hMT93Vc0CAwEAAaOCAewwggHoMIIBPAYDVR0gBIIBMzCCAS8wggErBg0rBgEEAYGHHQEBBgUBMIIBGDCB1QYIKwYBBQUHAgIwgcgagcVUaGlzIGNlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBieSBTQU1BIGVUcnVzdCBDZW50ZXIgb24gYmVoYWxmIG9mIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuayAoTkNCQikuIE5laXRoZXIgU0FNQSBub3IgTkNCQiBhY2NlcHQgYW55IGxpYWJpbGl0eSBmb3IgYW55IGNsYWltIGV4ZXB0IGFzIGV4cHJlc3NseSBwcm92aWRlZCBpbiB0aGlzIENQLjABggrBgEFBQcCARYyaHR0cDovL3d3dy5lVHJ1c3RjZW50ZXIuY29tLnNhL2RvY3Mvcm9vdGNhX2Nwcy5wZGYwMAYIKwYBBQUHAQEEJDAiMCAGCCsGAQUFBzABhhRodHRwOi8vMTAuMTMxLjEuNjo4MDALBgNVHQ8EBAMCA7gwJwYDVR0lBCAwHgYIKwYBBQUHAwQGCCsGAQUFBwMHBggrBgEFBQcDATAfBgNVHSMEGDAWgBSgYJsSh4qnwzTjhepPMHVJj9ncDAdBgNVHQ4EFgQUXWMeLP/opd8VqdnCf/xSX0/dD8wDQYJKoZIhvcNAQEFBQADggEBAJ2Pjv0V8ke9Vxe4FAOVJ7Hi67STUnad6gIIeT2wTUYwZD9dFf2g4NJnqJ2SF3Q9QKw5rBofU1SjuFw11hnQ3G3UK6Erkn7klS0/vVrAEAg55nzDhYPU3uZyVoobJmtLgNk507U7qkIL86p8tPCDlZoN23od1RG8uAP4K3TyiYgFozVA9tUIUGDDFbqOSACZ6tSrXDzHTfmA2l7zz4tizi/yX57SLjg3kIXKWfwo3nOEJm9xGL/4PyxaXQlNsd3srBrYl9/L78563ExKJ0UvnqKTjvuhRIsm3+E9eFhYAq1Wd/xBIXKPZEK8VwcrEQJqBnEi/2RL0jDULYMR8=</wsse:BinarySecurityToken>
    <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sap-6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIE1TCCA72gAwIBAgICGyQwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCU0ExDTALBgNVBAoTBFNBTUExGzAZBgNVBAsTElNBTUEgZVRydXN0IENlbnRlcjEfMB0GA1UEAxMWU0FNQSBTdGFnaW5nIFNoYXJlZCBDQTAeFw0wODA5MTYxMDUyNDJaFw0xMDA5MTYxMDUyMzdaMIGUMQswCQYDVQQGEwJTQTEoMCYGA1UEChMfTkNCQiAtIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuazEoMCYGA1UECxMfTkNCQiBXZWIgUmVnaXN0cmF0aW9uIEF1dGhvcml0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMTG2UtZGhxLXMyMDF3ZWIuc2VjLnNlLmNvbS5zYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2JDBfb/o41YV7/JOBKa0H/zCIF6Szpn5oEEPjIu63UoD2t3uKZgL0pDpKTrl8hNgSfnbePsn9te0sqmstflIUV8OYv6VCUKIL6ZsxcZliFP7LTWcN7VHa5J80zwJpuZI0lSOTmssRfTczT5wbRiJuf/z/ZUsc9VvP7hMT93Vc0CAwEAAaOCAewwggHoMIIBPAYDVR0gBIIBMzCCAS8wggErBg0rBgEEAYGHHQEBBgUBMIIBGDCB1QYIKwYBBQUHAgIwgcgagcVUaGlzIGNlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBieSBTQU1BIGVUcnVzdCBDZW50ZXIgb24gYmVoYWxmIG9mIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuayAoTkNCQikuIE5laXRoZXIgU0FNQSBub3IgTkNCQiBhY2NlcHQgYW55IGxpYWJpbGl0eSBmb3IgYW55IGNsYWltIGV4ZXB0IGFzIGV4cHJlc3NseSBwcm92aWRlZCBpbiB0aGlzIENQLjABggrBgEFBQcCARYyaHR0cDovL3d3dy5lVHJ1c3RjZW50ZXIuY29tLnNhL2RvY3Mvcm9vdGNhX2Nwcy5wZGYwMAYIKwYBBQUHAQEEJDAiMCAGCCsGAQUFBzABhhRodHRwOi8vMTAuMTMxLjEuNjo4MDALBgNVHQ8EBAMCA7gwJwYDVR0lBCAwHgYIKwYBBQUHAwQGCCsGAQUFBwMHBggrBgEFBQcDATAfBgNVHSMEGDAWgBSgYJsSh4qnwzTjhepPMHVJj9ncDAdBgNVHQ4EFgQUXWMeLP/opd8VqdnCf/xSX0/dD8wDQYJKoZIhvcNAQEFBQADggEBAJ2Pjv0V8ke9Vxe4FAOVJ7Hi67STUnad6gIIeT2wTUYwZD9dFf2g4NJnqJ2SF3Q9QKw5rBofU1SjuFw11hnQ3G3UK6Erkn7klS0/vVrAEAg55nzDhYPU3uZyVoobJmtLgNk507U7qkIL86p8tPCDlZoN23od1RG8uAP4K3TyiYgFozVA9tUIUGDDFbqOSACZ6tSrXDzHTfmA2l7zz4tizi/yX57SLjg3kIXKWfwo3nOEJm9xGL/4PyxaXQlNsd3srBrYl9/L78563ExKJ0UvnqKTjvuhRIsm3+E9eFhYAq1Wd/xBIXKPZEK8VwcrEQJqBnEi/2RL0jDULYMR8=</wsse:BinarySecurityToken>
    </wsse:Security>
    </SOAP:Header>
  - <SOAP:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-body-eed81bc0-2818-11de-cc6a-000e0cf559d1">
  - <ns0:MasterData xmlns:ns0="http://s24dh043/SA2SEC/WSD/SATOSEC">
  - <MasterData_Input>
    <PARTNER_ID>XYZ</PARTNER_ID>
    </MasterData_Input>
    </ns0:MasterData>
    </SOAP:Body>
    </SOAP:Envelope>
  In the above soap envelope tag "BinarySecurityToken" repeated thrice. So is it the standard method or I am missing any configuration. Becacuse our partner(webmethods) understands only one occurance of "BinarySecurityToken" in soap message.
  Edited by: Santhosh on Apr 13, 2009 1:42 PM

  Hi ,
  Just a few pointers:
  "Element caching should not be used at the top levels of an XML document by a generic encoder, since it is
  unlikely that the full document would be repeated. With SOAP, it is typically wise to start element caching at the
  third level, i.e. leave Envelope and Body alone. Of course, if the encoder has more knowledge of the messages
  sent, going further up may pay off."
  regards
  joel

• [OSB] Calling a secured proxy from another secured proxy

  Hi,
  I would like to call a secured proxy from another secured proxy. However, the call fails.
  I'm making a call from a Java stand alone Web Service client. The client uses policy "oracle/wss11_message_protection_client_policy".
  The call is made to a proxy secured with a "oracle/wss11_x509_token_with_message_protection_service_policy". The secured proxy routes to a non secured proxy, which does not process WSS Security Header. The non-secured proxy then routes to a non-secured business service. The call is a success.
  Then I add a policy to the second proxy, say "oracle/log_policy". Also I set the value of "Process WS-Security Header" to yes. The call fails.
  I'm getting
  java.lang.NullPointerException
       at oracle.wsm.agent.handler.WSMEngineInvoker.createWsmMessageContextFromInvokerContext(WSMEngineInvoker.java:733)
  in the osb logs.
  I have tried adding an empty WSS Security Header in the Soa headers before calling the second proxy. It didn't change anything.
  Do you have any ideas?
  I have also came up with a super simplified sitution when this error comes up. This happens when I'm calling a pass through proxy (no policy, process WSS security header set to no). Then when this proxy calls a secured proxy with "oracle/log_policy", the call results in this error. Why??
  Here is the OSB output when the problem occurs:
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846831> <BEA-398077> <
  [OSB Tracing] Entering proxy MyProject/ProxyServices/MyFirstProxyService with message context:
  [MessageContextImpl  body="<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>"
  operation="null"
  attachments="<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>"
  outbound="null"
  fault="null"
  inbound="<con:endpoint name="ProxyService$MyProject$ProxyServices$MyFirstProxyService" xmlns:con="http://www.bea.com/wli/sb/context">
    <con:service/>
    <con:transport/>
    <con:security/>
  </con:endpoint>"
  header="<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>"
  ]>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846832> <BEA-398200> <
  [OSB Tracing] Inbound request was received.
  Service Ref = MyProject/ProxyServices/MyFirstProxyService
  URI = /MyProject/ProxyServices/MyFirstProxyService
  Message ID = 3657493765399211266-5215cc49.133c5a81e20.-7f81
  Request metadata =
  <xml-fragment>
  <tran:headers xsi:type="http:HttpRequestHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <http:Accept>text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2</http:Accept>
  <http:Connection>keep-alive</http:Connection>
  <http:Content-Length>7614</http:Content-Length>
  <http:Content-Type>text/xml;charset="utf-8"</http:Content-Type>
  <http:Host>myLaptop:8011</http:Host>
  <http:SOAPAction>"execute"</http:SOAPAction>
  <http:User-Agent>Oracle JAX-WS 2.1.5</http:User-Agent>
  </tran:headers>
  <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
  <http:client-host xmlns:http="http://www.bea.com/wli/sb/transports/http">myLaptop</http:client-host>
  <http:client-address xmlns:http="http://www.bea.com/wli/sb/transports/http">192.168.148.155</http:client-address>
  <http:http-method xmlns:http="http://www.bea.com/wli/sb/transports/http">POST</http:http-method>
  </xml-fragment>
  Payload =
  <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-Tt0jQKXTNFAd6lUGgmYuPA22"><wsu:Created>2011-11-21T12:00:46Z</wsu:Created><wsu:Expires>2011-11-21T20:00:46Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1" wsu:Id="BST-q10SkWxeoYTKKaeyCSmomA22">MIICpDCCAYwCAQcwDQYJKoZIhvcNAQEEBQAwdDELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQHEwZXYXJzYXcxETAPBgNVBAoTCGluNG1hdGVzMQswCQYDVQQDEwJDQTEeMBwGCSqGSIb3DQEJARYPY2FAaW40bWF0ZXMuY29tMB4XDTExMTExODEyMzgyN1oXDTEyMTExNzEyMzgyN1owQDELMAkGA1UEBhMCUEwxDzANBgNVBAcTBldhcnNhdzERMA8GA1UEChMISW40bWF0ZXMxDTALBgNVBAMTBGFwcGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJdFSnlREuzVIQKvmzcD6YCgzvvshHXGG6MQJtM8HvkYUcwEP7xIn1TYfD/A6J6+lIpxa7SBqQ2PO/Y4OCSeOJDbhm2bkwLWPWlcy1CCxfQcup/ylrkWVO5EYT+5dg+LxBcHAzh4trzICvy8Qxw81AsEVsy0O6un6qanx8/gcNWXAgMBAAEwDQYJKoZIhvcNAQEEBQADggEBADqMZWnIeOPhycUE4S5zaFp50cYMR/0wb89k0iOTD/k3Fmy4SHqpvmx3AJQ1vBrlP6z7TyycOTA7yVUXDfy6xdLWg26W+5SdQNCv/vf1OIS2cwIXrxcUgrOs4TNmdubzSqO6WCQCngUz+oGQbAqRr/gmiYukT7oW7DmsXKMdsd9vI9gHSqpy3kGrqvTOO3MYkS50xdS59aKoMA9OYKbBp3sjCGJT7h5pytTARH6BfPuKNR+r6bUZ6sq3BScY7umjVO3egkDGqAD/PFI5UCSi3qic2cfHQn1+nnME7AJ2zqEGTKD5ASevZE95ndkFVqZt6YFNQ9SHf6Jx4jNC5FSFCaI=</wsse:BinarySecurityToken><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-N74ve0QpUQxEpFgJc9YR0A22"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/></xenc:EncryptionMethod><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:KeyIdentifier xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">rbWc2O0Y7yBBsPYkcHOgqxuF3t4=</wsse:KeyIdentifier></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue>RGltJV8OQehqBg9EDaae0SO1lH1zBrlrn3/JwSljOPzwwFum9zCzFsu8Gpz05Q9R+Yaz2QXMDpghYuDvcomqDmkANYBrmIQHKKyWCCu8xvGF78jcwEp+RS+e3oy9suejGwUViYGlU4zkIRpGba6xjdkAQsRkX1mWRYMQvrfs/cM=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#_igoSptS7UdOzwe4gYy18qg22"/></xenc:ReferenceList></xenc:EncryptedKey><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#BST-q10SkWxeoYTKKaeyCSmomA22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>GBpMSv85l75tSIZDG9WiKp3rHvM=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#XSIG-eKzAOdtEBafB7pzBx01wMw22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>mEMP/yHb3k474vnbgn3IBvhJqZM=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>ELM50yvmDvJzIH/jpId3LSae1cCtboFau5I4Z8Cws+vZU6JD994hRnaWIFqxxK5vVVIUVu9mKg9+p/QJp8g7SMvhOYBIqRsHKY/2vKGZ36BrcUSXOofDNwV7l9QUzWw0dyV51N/pHX7+PTF9whPgZh48SXdpmU6MV0UkPCXAixA=</dsig:SignatureValue><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="KeyInfo-SLUCjT2uaAlI9n0spmTgnw22"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#BST-q10SkWxeoYTKKaeyCSmomA22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1"/></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="XSIG-eKzAOdtEBafB7pzBx01wMw22"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><dsig:Reference URI="#Timestamp-Tt0jQKXTNFAd6lUGgmYuPA22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>AliE9el9Dmmw3U5W69/zn6QVZEo=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Body-ogLysWiLTgk5UjAaaIhIvg22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>wJaIENiwWQg/B2MW6Q0xdLAzCRM=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>4k1bNpdK7AaAk296wzFi63dRgwA=</dsig:SignatureValue><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#EK-N74ve0QpUQxEpFgJc9YR0A22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature></wsse:Security></S:Header><S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body-ogLysWiLTgk5UjAaaIhIvg22"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_igoSptS7UdOzwe4gYy18qg22" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#EK-N74ve0QpUQxEpFgJc9YR0A22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue>vcPRlrky4U7GunHF3pYWFCGrEofmAecajIXIT1+YgBdIJTb8gt7g0GMZyBXGqu29WY+rQajArCajet+pTUeKkUHA3qi9oRmL8wEJkFM858fAyejzxeBWDPBI9C1sjcf+OKGAP4jr3nQzSfzl58d8IhH2uT0uUHD3h/i1pcQuSI/sXAgBb+YblR4+SwQJ6LLBHMTyuymEngoY4KVyI3UYMqePQQQjmD0dXt87Ld1xAOXgWhWRTrnoc48Nq85HQf0qWLyrdXIq9MvXeKc0CDmbLMdKUFWaGdTdNaTNH2iBM5ZEtk4qO4hbJFVU3zczKUhyYa+JzBFi0NCMHKnKCpF2TQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></S:Body></S:Envelope>
  >
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846832> <BEA-000000> <WssHandlerImpl.doInboundRequest>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846833> <BEA-000000> <WsmInboundHandler.processRequest>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846833> <BEA-000000> <Got SOAP Message Factory from the Provider: oracle.j2ee.ws.saaj.soap.MessageFactoryImpl@1a99544>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[oracle.integration.platform.request.processed.headers]=[]>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.metadata.http.client-host]=myLaptop>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.MessageId]=3657493765399211266-5215cc49.133c5a81e20.-7f81>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.CharacterEncoding]=utf-8>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.TransportProvider]=http>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.ServiceVersion]=-8022206267159469084>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.headers.http.Content-Type]=text/xml;charset="utf-8">
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.ServiceUri]=/MyProject/ProxyServices/MyFirstProxyService>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.metadata.http.client-address]=192.168.148.155>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.ProxyService]=MyProject/ProxyServices/MyFirstProxyService>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.headers.http.SOAPAction]="execute">
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.MessagePattern]=SYNCHRONOUS>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.wli.Message]=org.apache.xmlbeans.impl.store.Saver$InputStreamSaver@211082>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.IsTransactional]=false>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <invoking WSM Engine's handleRequest()...>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846856> <BEA-000000> <storing the new message in the router message context>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846856> <BEA-000000> <getting subject out of WSSecurityContext>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846856> <BEA-000000> <doing message-level access control (wss-active-intermediary: true; has-custom-message-level-authentication: false)>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846857> <BEA-000000> <calling isAccessAllowed; resource: 'type=<alsb-proxy-service>, path=MyProject/ProxyServices, proxy=MyFirstProxyService, action=wss-invoke, operation=execute', Subject: 1
       Principal = class weblogic.security.principal.WLSUserImpl("myPrincipal")
  >
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Security> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846857> <BEA-387027> <Message-level access control policy grants access to proxy "MyProject/ProxyServices/MyFirstProxyService", operation "execute", message-id: 3657493765399211266-5215cc49.133c5a81e20.-7f81, subject: Subject: 1
       Principal = class weblogic.security.principal.WLSUserImpl("myPrincipal")
  .>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846858> <BEA-398078> <
  [OSB Tracing] Entering route node RouteToMySecondProxyService with message context:
  [MessageContextImpl  body="<S:Body wsu:Id="Body-ogLysWiLTgk5UjAaaIhIvg22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <processRequest xmlns="http://www.in4mates.com/targetNamespace"/>
  </S:Body>"
  operation="execute"
  messageID="3657493765399211266-5215cc49.133c5a81e20.-7f81"
  attachments="<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>"
  outbound="null"
  fault="null"
  inbound="<con:endpoint name="ProxyService$MyProject$ProxyServices$MyFirstProxyService" xmlns:con="http://www.bea.com/wli/sb/context">
    <con:service>
      <con:operation>execute</con:operation>
    </con:service>
    <con:transport>
      <con:uri>/MyProject/ProxyServices/MyFirstProxyService</con:uri>
      <con:mode>request-response</con:mode>
      <con:qualityOfService>best-effort</con:qualityOfService>
      <con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
          <http:Accept>text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2</http:Accept>
          <http:Connection>keep-alive</http:Connection>
          <http:Content-Length>7614</http:Content-Length>
          <http:Content-Type>text/xml;charset="utf-8"</http:Content-Type>
          <http:Host>myLaptop:8011</http:Host>
          <http:SOAPAction>"execute"</http:SOAPAction>
          <http:User-Agent>Oracle JAX-WS 2.1.5</http:User-Agent>
        </tran:headers>
        <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
        <http:client-host>myLaptop</http:client-host>
        <http:client-address>192.168.148.155</http:client-address>
        <http:http-method>POST</http:http-method>
      </con:request>
      <con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
          <http:Content-Type>text/xml</http:Content-Type>
        </tran:headers>
        <tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
      </con:response>
    </con:transport>
    <con:security>
      <con:transportClient>
        <con:username>&lt;anonymous></con:username>
      </con:transportClient>
      <con:messageLevelClient>
        <con:username>myPrincipal</con:username>
      </con:messageLevelClient>
    </con:security>
  </con:endpoint>"
  header="<S:Header xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"/>"
  ]>
  Edited by: user13604541 on Nov 21, 2011 4:27 AM

  This is the rest of log:
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-398072> <
  [OSB Tracing] Routing to MyProject/ProxyServices/MySecondProxyService with message context:
  $body = <S:Body wsu:Id="Body-ogLysWiLTgk5UjAaaIhIvg22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
  <processRequest xmlns="http://www.in4mates.com/targetNamespace"/>
  </S:Body>
  $header = <S:Header xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"/>
  $attachments = <con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
  >
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <WssHandlerImpl.doOutboundRequest>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <WsmOutboundHandler.processRequest>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <target operation: execute>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <Got SOAP Message Factory from the Provider: oracle.j2ee.ws.saaj.soap.MessageFactoryImpl@1a99544>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <invoking WSM Engine's Client Agent.>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846861> <BEA-000000> <invoking WSM Engine's handleRequest()>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846861> <BEA-000000> <unexpected exception
  java.lang.NullPointerException
       at oracle.wsm.agent.handler.WSMEngineInvoker.createWsmMessageContextFromInvokerContext(WSMEngineInvoker.java:733)
       at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:359)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:141)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:139)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler.processRequest(WsmOutboundHandler.java:138)
       at com.bea.wli.sb.security.wss.WssHandlerImpl.doOutboundRequest(WssHandlerImpl.java:992)
       at com.bea.wli.sb.context.BindingLayerImpl.createTransportSender(BindingLayerImpl.java:532)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.doDispatch(PipelineContextImpl.java:521)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.dispatch(PipelineContextImpl.java:501)
       at stages.routing.runtime.RouteRuntimeStep.processMessage(RouteRuntimeStep.java:128)
       at com.bea.wli.sb.pipeline.debug.DebuggerRuntimeStep.processMessage(DebuggerRuntimeStep.java:74)
       at com.bea.wli.sb.stages.StageMetadataImpl$WrapperRuntimeStep.processMessage(StageMetadataImpl.java:346)
       at com.bea.wli.sb.pipeline.RouteNode.doRequest(RouteNode.java:106)
       at com.bea.wli.sb.pipeline.Node.processMessage(Node.java:67)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.execute(PipelineContextImpl.java:922)
       at com.bea.wli.sb.pipeline.Router.processMessage(Router.java:214)
       at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:99)
       at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:593)
       at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:591)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:590)
       at com.bea.wli.sb.transports.TransportManagerImpl.receiveMessage(TransportManagerImpl.java:375)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase$1.run(RequestHelperBase.java:154)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase$1.run(RequestHelperBase.java:152)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase.securedInvoke(RequestHelperBase.java:151)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase.service(RequestHelperBase.java:107)
       at com.bea.wli.sb.transports.http.wls.HttpTransportServlet.service(HttpTransportServlet.java:127)
       at weblogic.servlet.FutureResponseServlet.service(FutureResponseServlet.java:24)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3686)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  ####<2011-11-21 13:00:46 CET> <Error> <OSB Security> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846861> <BEA-387024> <An error ocurred during web service security outbound request processing [error-code: InternalError, message-id: 3657493765399211266-5215cc49.133c5a81e20.-7f81, proxy: MyProject/ProxyServices/MyFirstProxyService, target: MyProject/ProxyServices/MySecondProxyService, operation: execute]
  --- Error message:
  java.lang.NullPointerException
       at oracle.wsm.agent.handler.WSMEngineInvoker.createWsmMessageContextFromInvokerContext(WSMEngineInvoker.java:733)
       at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:359)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:141)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:139)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler.processRequest(WsmOutboundHandler.java:138)
       at com.bea.wli.sb.security.wss.WssHandlerImpl.doOutboundRequest(WssHandlerImpl.java:992)
       at com.bea.wli.sb.context.BindingLayerImpl.createTransportSender(BindingLayerImpl.java:532)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.doDispatch(PipelineContextImpl.java:521)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.dispatch(PipelineContextImpl.java:501)
       at stages.routing.runtime.RouteRuntimeStep.processMessage(RouteRuntimeStep.java:128)
       at com.bea.wli.sb.pipeline.debug.DebuggerRuntimeStep.processMessage(DebuggerRuntimeStep.java:74)
       at com.bea.wli.sb.stages.StageMetadataImpl$WrapperRuntimeStep.processMessage(StageMetadataImpl.java:346)
       at com.bea.wli.sb.pipeline.RouteNode.doRequest(RouteNode.java:106)
       at com.bea.wli.sb.pipeline.Node.processMessage(Node.java:67)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.execute(PipelineContextImpl.java:922)
       at com.bea.wli.sb.pipeline.Router.processMessage(Router.java:214)
       at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:99)
       at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:593)
       at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:591)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:590)
       at com.bea.wli.sb.transports.TransportManagerImpl.receiveMessage(TransportManagerImpl.java:375)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase$1.run(RequestHelperBase.java:154)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase$1.run(RequestHelperBase.java:152)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase.securedInvoke(RequestHelperBase.java:151)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase.service(RequestHelperBase.java:107)
       at com.bea.wli.sb.transports.http.wls.HttpTransportServlet.service(HttpTransportServlet.java:127)
       at weblogic.servlet.FutureResponseServlet.service(FutureResponseServlet.java:24)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3686)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846871> <BEA-398102> <
  [OSB Tracing] Exiting route node with fault:
  <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
  <con:errorCode>BEA-386400</con:errorCode>
  <con:reason>General outbound web service security error</con:reason>
  <con:location>
  <con:node>RouteToMySecondProxyService</con:node>
  <con:path>request-pipeline</con:path>
  </con:location>
  </con:fault>>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846873> <BEA-398074> <
  [OSB Tracing] The following variables are added:
  $outbound = <con:endpoint name="ProxyService$MyProject$ProxyServices$MySecondProxyService" xmlns:con="http://www.bea.com/wli/sb/context">
  <con:service>
  <con:operation>execute</con:operation>
  </con:service>
  <con:transport>
  <con:mode>request-response</con:mode>
  <con:qualityOfService>best-effort</con:qualityOfService>
  <con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
  <http:Content-Type>text/xml</http:Content-Type>
  <http:SOAPAction>"execute"</http:SOAPAction>
  </tran:headers>
  </con:request>
  </con:transport>
  <con:security>
  <con:doOutboundWss>true</con:doOutboundWss>
  </con:security>
  </con:endpoint>
  >
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846874> <BEA-398076> <
  [OSB Tracing] The following variables are changed:
  $inbound = <con:endpoint name="ProxyService$MyProject$ProxyServices$MyFirstProxyService" xmlns:con="http://www.bea.com/wli/sb/context">
  <con:service>
  <con:operation>execute</con:operation>
  </con:service>
  <con:transport>
  <con:uri>/MyProject/ProxyServices/MyFirstProxyService</con:uri>
  <con:mode>request-response</con:mode>
  <con:qualityOfService>best-effort</con:qualityOfService>
  <con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
  <http:Accept>text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2</http:Accept>
  <http:Connection>keep-alive</http:Connection>
  <http:Content-Length>7614</http:Content-Length>
  <http:Content-Type>text/xml;charset="utf-8"</http:Content-Type>
  <http:Host>myLaptop:8011</http:Host>
  <http:SOAPAction>"execute"</http:SOAPAction>
  <http:User-Agent>Oracle JAX-WS 2.1.5</http:User-Agent>
  </tran:headers>
  <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
  <http:client-host>myLaptop</http:client-host>
  <http:client-address>192.168.148.155</http:client-address>
  <http:http-method>POST</http:http-method>
  </con:request>
  <con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
  <http:Content-Type>text/xml</http:Content-Type>
  </tran:headers>
  <tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
  </con:response>
  </con:transport>
  <con:security>
  <con:transportClient>
  <con:username>&lt;anonymous></con:username>
  </con:transportClient>
  <con:messageLevelClient>
  <con:username>myPrincipal</con:username>
  </con:messageLevelClient>
  </con:security>
  </con:endpoint>
  >
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846874> <BEA-398104> <
  [OSB Tracing] Exiting pipeline pair>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb8> <1321876846879> <BEA-398096> <
  [OSB Tracing] Exiting MyProject/ProxyServices/MyFirstProxyService>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb8> <1321876846881> <BEA-398201> <
  [OSB Tracing] Inbound response was sent.
  Service Ref = MyProject/ProxyServices/MyFirstProxyService
  URI = /MyProject/ProxyServices/MyFirstProxyService
  Message ID = 3657493765399211266-5215cc49.133c5a81e20.-7f81
  Response metadata =
  <xml-fragment>
  <tran:headers xsi:type="http:HttpResponseHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
  </tran:headers>
  <tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">1</tran:response-code>
  <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
  </xml-fragment>
  Payload =
  <?xml version="1.0" encoding="UTF-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>BEA-386400: General outbound web service security error</faultstring><detail><con:fault xmlns:con="http://www.bea.com/wli/sb/context"><con:errorCode>BEA-386400</con:errorCode><con:reason>General outbound web service security error</con:reason><con:location><con:node>RouteToMySecondProxyService</con:node><con:path>request-pipeline</con:path></con:location></con:fault></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
  >

• Signed SAML assertion verification

  Hi,
  I am new to SAML configuration in weblogic. I have configured my asserting party to check for signature.
  I am sending a SAML request whose assertion is signed.
  Still I am getting the following in the log file: "Assertion is not signed"
  Any idea why it is not reading the signature?
  My SAML request is below.
  Any help is appreciated.
  Thanks,
  rabi
  <?xml version="1.0" encoding="UTF-8"?>
  <soapenv:Envelope xmlns:quer="http://www.xyzcorp/procureservice/QueryGDS_US/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="SecurityToken-6104382507547943490" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICTzCCAbgCBEb60nAwDQYJKoZIhvcNAQEEBQAwbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNVElCQ09Tb2Z0d2FyZTERMA8GA1UECxMIU2VjdXJpdHkxCzAJBgNVBAMTAkNBMB4XDTA3MDkyNjIxNDMxMloXDTM3MDkxODIxNDMxMlowbzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEXMBUGA1UEChMOQUJDIEJvb2sgU3RvcmUxDjAMBgNVBAsTBUFkbWluMQ4wDAYDVQQDEwVBZG1pbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwbPFg87bOmFN4JWMfHxP9XPuuNxc+CNssVs2D4fERNEF1P//JFNGJeP4F2eVyAxvGIH07XcVdal3GNjtzZlDVAT+fNtYXNIs86a1MV2vrSrCfKzO/nj8Py8ey04mygzVboeLmzuv18NmfZy3eMySnypg1LZa1Uw2vp5DTf8OwhECAwEAATANBgkqhkiG9w0BAQQFAAOBgQAPwQBOHwjPalmSnUIvifqZZjeEFf5z6hMKpw2XoN3FV/ioLMt2yfmggmV8ic8B6XxnhVJBTC4PVp+nt86wXHwdgn0TMLWiHJLLVXHCBtrTGrmpRjaM/v3Gv3yG73XmKZ0y9g64lNC3RHqFdnKIFL3UVZ5e6KFd+YCNolj0vvtBRQ==</wsse:BinarySecurityToken>
  <Assertion AssertionID="/iEncjfEQdaj4R/lpzUI2qqSQGE=" IssueInstant="2008-10-31T00:00:02.687Z" Issuer="www.xxx.com" MajorVersion="1" MinorVersion="1" wsu:Id="/iEncjfEQdaj4R/lpzUI2qqSQGE=" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <Conditions NotBefore="2008-10-31T00:00:02.687Z" NotOnOrAfter="2008-10-31T00:05:02.687Z" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"/>
  <AuthenticationStatement AuthenticationInstant="2008-10-31T00:00:02.687Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">john</NameIdentifier>
  <SubjectConfirmation xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
  </SubjectConfirmation>
  </Subject>
  </AuthenticationStatement>
  <AttributeStatement xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">john</NameIdentifier>
  <SubjectConfirmation xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
  </SubjectConfirmation>
  </Subject>
  <Attribute AttributeName="roles" AttributeNamespace="http://namespace.amberpoint.com/amf" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <AttributeValue>Accounting Managers</AttributeValue>
  <AttributeValue>AddGroup</AttributeValue>
  <AttributeValue>CredentialTest</AttributeValue>
  </Attribute>
  </AttributeStatement>
  </Assertion>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#/iEncjfEQdaj4R/lpzUI2qqSQGE=">
  <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <ds:DigestValue>f4dfLpF6DdIE3cTf+sGjl6G/yBI=</ds:DigestValue>
  </ds:Reference>
  <ds:Reference URI="#SecurityToken-6104382507547943490">
  <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <ds:DigestValue>ll+krZmSgjLyIzVSF60xhsGrCfU=</ds:DigestValue>
  </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>
  ivD8jDZacvY3LpFbd9c1LAVULwbG6AvGGkqEImkmxGsg+okCTj7xb8e/+wTQBFJ0WD/h5Ts8GnYO
  7/UupD/PDPE/7X/P4UwDjM8R4KJQH85sGgs11Z+1q6GeHR89UVKekfoeUSAR6vEklmdW9G5GefEG
  PisX58KR9jATY16aGHo=
  </ds:SignatureValue>
  <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <wsse:SecurityTokenReference wsu:Id="com-amberpoint-generated-SecurityTokenReference-element_id-23999404" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Reference URI="#SecurityToken-6104382507547943490" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
  </wsse:SecurityTokenReference>
  </ds:KeyInfo>
  </ds:Signature>
  </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
  <quer:searchCar>
  <quer:country>JPN</quer:country>
  <quer:state>JPN</quer:state>
  <quer:pickUpCity>Tokyo</quer:pickUpCity>
  <!--Optional:-->
  <quer:dropOffCity>?</quer:dropOffCity>
  <quer:pickUpDate>?</quer:pickUpDate>
  <quer:dropOffDate>?</quer:dropOffDate>
  <!--Optional:-->
  <quer:rentalAgency>?</quer:rentalAgency>
  <!--Optional:-->
  <quer:carType>?</quer:carType>
  <!--Optional:-->
  <quer:carMake>?</quer:carMake>
  <!--Optional:-->
  <quer:nonSmoking>?</quer:nonSmoking>
  </quer:searchCar>
  </soapenv:Body>
  </soapenv:Envelope>

  Hi,
  I was able to past my original problem, and can now sign the assertion which has the AssertionID attribute. I had to set the SAML version to 1.1 using initialize().
  Unfortunately, when I run the resulting signed assertion through a signature validation, it is failing to verify.
  I'm not sure why, but it is failing when it tries to verify the hash/digest on the reference.
  I am using a separate application that I wrote that uses Java6 and the security API that Java6 has, and with debugging enabled, I can see the dereferenced data that is being fed into the digester, and that looks correct, but the calculated digest doesn't match what my OSDT-based application generated.
  Anyone have any idea about what the problem might be?
  Thanks,
  Jim

• SAML Sender-Vouches errors when using with OWSM

  Hi,
  We have configured OWSM Policy 'SAML - Verify WSS 1.0 Token' with Allow signed assertions only. We have created jks Trust store location and configured policy to refer to the file with appropriate password.
  We have created proxy security to Sender-Voches signed and to sign outbound message.
  We are getting following error when we try to run the proxy.
  javax.xml.rpc.soap.SOAPFaultException: SAML token verification failed
  at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:555)
  at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
  at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
  at vigni4.oracle.srtutorial.datamodel.proxy.runtime.TimeServiceSoap_Stub.getTime(TimeServiceSoap_Stub.java:79)
  at vigni4.oracle.srtutorial.datamodel.proxy.TimeServiceSoapClient.getTime(TimeServiceSoapClient.java:41)
  at vigni4.oracle.srtutorial.datamodel.proxy.TimeServiceSoapClient.main(TimeServiceSoapClient.java:29)
  Process exited with exit code 0.
  and Error in gateway.log is
  2007-09-01 18:58:56,561 WARNING [RMICallHandler-58] saml.VerifySAMLStep - SAML Token verification failed:
  Can any provide information on how to resolve the issue?

  We have also noticed that correct message is reaching OWSM.
  Attaching the same.
  <?xml version="1.0" encoding="UTF-8" ?>
  - <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="urn:Test:GetTime">
  - <env:Header>
  - <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="_FNfXFOVi1OcPKSyRUAHDyw22" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICQjCCAasCBEbZZN4wDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEDAOBgNVBAcTB3NhbUhvbWUxDzANBgNVBAoTBnNhbU9yZzEQMA4GA1UECxMHc2FtRGVwdDESMBAGA1UEAxMJU2FtIE1vb3JlMB4XDTA3MDkwMTEzMTA1NFoXDTA3MTEzMDEzMTA1NFowaDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEDAOBgNVBAcTB3NhbUhvbWUxDzANBgNVBAoTBnNhbU9yZzEQMA4GA1UECxMHc2FtRGVwdDESMBAGA1UEAxMJU2FtIE1vb3JlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOrVJbJ/sPvZsgZEDUSIolP1UDT8hfyajfIaPqYHBLBK+FlywrhhrxESyzAsG/k7FSIRZvFg5vAk/W3LB+nPBtrbI2bBMEsQbznuSjzEVkQJVxZMlDjR4yNMHPLbniL64BKuTFnLEhWrnZTmpiThjwoWMPL9eK7/x7su9iDCP5NwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADWjdaRz0FBNHxXPiV9Ad0Kkm2Eag5LQXQoXUuC/VTXk56uQktVLtorp5fYAUsRD2o7ZuPGPJ6Q+5Owe8wXbxrCOX1diI5fxpH5TsS0k8Y/7/Hx3gq67JuPy8x8ApgNd+NagAKHKC0rgEP9ng1FGyhzuHICapPxmjrt2VI3SW2cJ</wsse:BinarySecurityToken>
  - <dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  - <dsig:SignedInfo>
  <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
  - <dsig:Reference URI="#mvDwzM5hZWAdG6n5tKLufA22">
  - <dsig:Transforms>
  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <dsig:DigestValue>zBFquf+Y0ngNapyK4Xq0Jws1FPM=</dsig:DigestValue>
  </dsig:Reference>
  - <dsig:Reference URI="#nwWnNm69TPcdyp0yT8fa7g22">
  - <dsig:Transforms>
  - <dsig:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
  - <wsse:TransformationParameters xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  </wsse:TransformationParameters>
  </dsig:Transform>
  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <dsig:DigestValue>rgHU/BWcaOiwuP/Q72oybFcEQO8=</dsig:DigestValue>
  </dsig:Reference>
  </dsig:SignedInfo>
  <dsig:SignatureValue>R+RGFjzRYpGVPGINbzsFbXSQ7Slc04/mzQ+BX57oD7NhMKxCcO1C9cV2cJzWAeN5WuDlfsh3RZR/5sTsyEi3yO69ECcLUNDlbjey57GBr5W9PRRIWPs2fZVk2EH4+KOnXVghcAsrXPgm1Ai9UZQUXh0aPiOkQMDplnnhENTkKUo=</dsig:SignatureValue>
  - <dsig:KeyInfo>
  - <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Reference URI="#_FNfXFOVi1OcPKSyRUAHDyw22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
  </wsse:SecurityTokenReference>
  </dsig:KeyInfo>
  </dsig:Signature>
  - <wsse:SecurityTokenReference wsu:Id="nwWnNm69TPcdyp0yT8fa7g22" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">YFfqXnq2xlt426HB9uDInw22</wsse:KeyIdentifier>
  </wsse:SecurityTokenReference>
  - <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="YFfqXnq2xlt426HB9uDInw22" IssueInstant="2007-09-01T13:40:06Z" Issuer="https://phaos.com/idp" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
  <saml:Conditions NotBefore="2007-09-01T13:40:06Z" NotOnOrAfter="2007-09-02T13:40:06Z" />
  - <saml:AuthenticationStatement AuthenticationInstant="2007-09-01T13:40:06Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
  - <saml:Subject>
  <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">oc4jadmin</saml:NameIdentifier>
  - <saml:SubjectConfirmation>
  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
  </saml:SubjectConfirmation>
  </saml:Subject>
  </saml:AuthenticationStatement>
  </saml:Assertion>
  </wsse:Security>
  </env:Header>
  - <env:Body wsu:Id="mvDwzM5hZWAdG6n5tKLufA22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  - <ns0:getTime env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <format xsi:type="xsd:string" />
  </ns0:getTime>
  </env:Body>
  </env:Envelope>

• JDeveloper WS Security Client Proxy - Axis WS

  Hi everybody
  i'm using JDeveloper 10.1.3.3.0.
  I'm trying to connect to a webservice developed by a external provider. The external provider used axis (i dont know what is its version nor nothing about its configuration) to create the ws. When i test the ws client proxy, the ws developed in axis returns the following fault:
  javax.xml.rpc.soap.SOAPFaultException: WSDoAllReceiver: security processing failed (actions mismatch)
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:555)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
  Reading the axis documentation, i found that the problem could be the order and the quantity of the ws security header elements. In my case, i'm trying with only the Signature and Timestamp elements (In that order). The external provider told me that those are the actions expected by them. So, the logical alternative than probably solve this problem is to switch the order of the ws security header elementes (Firts Timestamp, then Signature).
  I created the ws proxy using the jdeveloper wizard. Then, i modified the xxxSoapBinding_Stub.xml like this:
  <oracle-webservice-clients xmlns:....
  <runtime enabled="security">
  <security>
  <key-store name="myks" path="c:/temp/cert/myks.jks" store-pass="password"/>
  <signature-key alias="test" key-pass="password"/>
  <encryption-key alias="test" key-pass="password"/>
  <inbound/>
  <outbound>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800" />
  </signature>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name="queryDeclarations">
  </operation>
  </operations>
  </port-info>
  </webservice-client>
  </oracle-webservice-clients>
  This is the ws security header generated by my proxy client in this moment:
  <wsse:Security
       xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
       xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
       xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
       env:mustUnderstand="1">
       <wsse:BinarySecurityToken
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
            xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
            ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
            EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
            wsu:Id="_6F60NR6IXB2dYJCgIYy9JA22"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            MIIGLzCCBRegAwIBAg...
       </wsse:BinarySecurityToken>
       <dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
            xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
            <dsig:SignedInfo>
                 <dsig:CanonicalizationMethod
                      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                 <dsig:SignatureMethod
                      Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                 <dsig:Reference URI="#MOmq8nF2iGaNEXc4TEN0ew22">
                      <dsig:Transforms>
                           <dsig:Transform
                                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                      </dsig:Transforms>
                      <dsig:DigestMethod
                           Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                      <dsig:DigestValue>
                           ExIbc9ws2rIxB4j8DD64y3kjSoA=
                      </dsig:DigestValue>
                 </dsig:Reference>
            </dsig:SignedInfo>
            <dsig:SignatureValue>
                 ieZtnbn2ytnmyE8fL9lO10nwzYARHu...
            </dsig:SignatureValue>
            <dsig:KeyInfo>
                 <wsse:SecurityTokenReference
                      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                      xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                      <wsse:Reference
                           xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                           xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                           URI="#_6F60NR6IXB2dYJCgIYy9JA22"
                           ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                 </wsse:SecurityTokenReference>
            </dsig:KeyInfo>
       </dsig:Signature>
       <wsu:Timestamp
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2010-04-29T23:17:38Z</wsu:Created>
            <wsu:Expires>2010-04-30T07:17:38Z</wsu:Expires>
       </wsu:Timestamp>
  </wsse:Security>
  is there any way to switch the ws security header elements using jdeveloper or does exist some diferent thing that i can do?
  I try using Handlers to capture the SOAPMessage object with the request before it were send. But, on that moment the ws security headers are not present yet in the request. It seems that the request is proceced later behind the scenes :(.... maybe far away from my develpment workspace scope :).
  Anyone has tried to do something like i trying to do??
  any suggestion?
  Thanks in advance
  Javier Murcia

  I thought you were getting that exception when accessing the proxy.
  No. Authentification works fine. Proxy body works fine. But at the end of proxy appears the exception.
  Sorry for my english - I tried to show this situation on image: http://imglink.ru/show-image.php?id=9c0e0c1719f00289faf11696c6703bc3
  Are you getting this exception when routing to a business service which is configured for WS-Security ??
  I don't use business service in this test project - only simple proxy service with all logic inside.
  PS transformation in replace action is very simple too:
  (:: pragma bea:global-element-parameter parameter="$newOperation1" element="ns0:NewOperation" location="WSSecurityService.wsdl" ::)
  (:: pragma bea:global-element-return element="ns0:NewOperationResponse" location="WSSecurityService.wsdl" ::)
  declare namespace ns0 = "http://www.troika.ru/Enterprise/WSSecurityService/";
  declare namespace xf = "http://tempuri.org/OSB%20Project%20WS-Security/Hello/";
  declare function xf:Hello($newOperation1 as element(ns0:NewOperation))
  as element(ns0:NewOperationResponse) {
  <ns0:NewOperationResponse>
  <out>Hello, { data($newOperation1/in) }!</out>
  </ns0:NewOperationResponse>
  declare variable $newOperation1 as element(ns0:NewOperation) external;
  xf:Hello($newOperation1)
  Edited by: Andrey L. on Jun 10, 2010 12:21 PM

• Cannot perform client request

  Hi all,
  i'm using OWSM for build a request soap in ws-security mode.
  Executing the request, i have this response:
  "<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">p:Client.UndeliverableFault</faultcode><faultstring>Cannot perform client request</faultstring><detail/></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>"
  Any help how to resolve p:Client.UndeliverableFault issue
  Thanks

  Hi,
  i resolved the problem!! In practice, i was wrong to set url of the endpoint In the Configure Messenger Step for New Service page.
  Now, as response, i have:
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><faultcode xmlns:jboss-wsse="http://www.jboss.com/jbossws/ws-security">jboss-wsse:InternalError</faultcode><faultstring>An internal WS-Security error occurred. See log for details</faultstring></env:Fault></env:Body></env:Envelope>
  how i can resolve the problem?
  Thanks
  The message is build in this mode:
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="#######################################">
  <soap:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
  <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="#######################################">
  </wsse:BinarySecurityToken>
  <dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  <dsig:SignedInfo>
  <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <dsig:Reference URI="#######################################">
  <dsig:Transforms>
  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <dsig:DigestValue>#######################################</dsig:DigestValue>
  </dsig:Reference>
  <dsig:Reference URI="#######################################">
  <dsig:Transforms>
  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <dsig:DigestValue>#######################################</dsig:DigestValue>
  </dsig:Reference>
  </dsig:SignedInfo>
  <dsig:SignatureValue>
  </dsig:SignatureValue>
  <dsig:KeyInfo>
  <wsse:SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="#######################################">
  <wsse:Reference URI="#######################################"/>
  </wsse:SecurityTokenReference>
  </dsig:KeyInfo>
  </dsig:Signature>
  <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="#######################################">
  <wsu:Created>2012-06-27T08:45:33Z</wsu:Created>
  </wsu:Timestamp>
  </wsse:Security>
  </soap:Header>
  <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="#######################################">
  <ns:hello>
  <arg0>string</arg0>
  </ns:hello>
  </soap:Body>
  </soap:Envelope>
  There are some difference.
  How i can modify the build of soap message??
  Thanks
  Edited by: Eremita383 on 27-giu-2012 1.52