Is it possible to create a signature for the BinarySecurityToken?

I'm using build soapui-3.0-dist-24-2009-08-09, Build Date 2009/08/09 19:52 and have the same problem.
Trying to use SOAPui with a default WS-policy on my target webservice.
The default policy requires to sign timestamp, body and BinarySecurityToken.

Using:
  Body - http://schemas.xmlsoap.org/soap/envelope/ - element
  Timestamp - http://docs.oasis-open.org/wss/2004/01/ ... ty-1.0.xsd - element
works perfectly, but:

  BinarySecurityToken - http://docs.oasis-open.org/wss/2004/01/ ... ty-1.0.xsd - element
throws an error:

ERROR:An error occured [General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://docs.oasis-open.org/wss/2004/01/ ... ty-1.0.xsd, BinarySecurityToken)], see error log for details

ERROR:org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://docs.oasis-open.org/wss/2004/01/ ... ty-1.0.xsd, BinarySecurityToken)
  org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://docs.oasis-open.org/wss/2004/01/ ... ty-1.0.xsd, BinarySecurityToken)
  at org.apache.ws.security.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:588)
  at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:769)

Hi,

hmm.. can you attach your project so we can have a look at how you have configured this?

regards!

/Ole
eviware.com

Hi, thanx for the quick response.
Here is the project as requested.
Hope you can help me out with this. 

if it helps I can also send you the keystore file including the store and key passwords.
I just do not want to upload them to a public forum.

I just wanted to let you know that with:
SoapUI 3.0.1 soapui-3.0-dist-24-2009-08-09, Build Date 2009/08/09 19:52
the problem also exists, maybe this is helpfull.

Try to change your security configuration:

1.- Timestamp
2.- Signature
      2.1.- Key Identifier Type -> BinarySecurityToken
      2.2.- Check Use single certificate for signing
      2.2.- Leave parts empty.
3.- Signature
      3.1.- Key Identifier Type -> None
      3.2.- Don't check Use single certificate for signing
      3.3.- Parts:
              3.3.1.- Timestamp.
              3.3.2.- Body.
              3.3.3.- BinarySecurityToken.

I test this configuration against web service deployed on OSB with Sign.xml policy and works fine.

Regards.

ajmolina wrote:

Try to change your security configuration: 1.- Timestamp 2.- Signature       2.1.- Key Identifier Type -> BinarySecurityToken       2.2.- Check Use single certificate for signing       2.2.- Leave parts empty. 3.- Signature       3.1.- Key Identifier Type -> None       3.2.- Don't check Use single certificate for signing       3.3.- Parts:               3.3.1.- Timestamp.               3.3.2.- Body.               3.3.3.- BinarySecurityToken.

I tried these settings in 4.0.1, but I get two signatures even though I leave the signed parts empty as suggested in step 2.2. For me, step 2 always generates a signature signing the SOAP Body. So, the signature generated in step 3 is fine, it signs everything I need to sign including the BinarySecurityToken, but I can't get rid of the other signature.

Does anyone have some ideas?

Thanks,
András

Hello,

Did anyone manage to resolve this? Still experiencing this issue in version 4.5.1.

Cheers!

BinarySecurityToken works for me.

To recap, SoapUI reported to me:
Mon Jul 08 16:53:18 BST 2013:ERROR:org.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
org.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:191)
at org.apache.ws.security.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:384)
at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:356)
at com.eviware.soapui.impl.wsdl.support.wss.entries.SignatureEntry.process(SignatureEntry.java:194)
at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:192)
at com.eviware.soapui.impl.wsdl.submit.filters.WssRequestFilter.filterWsdlRequest(WssRequestFilter.java:58)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterAbstractHttpRequest(AbstractRequestFilter.java:37)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterRequest(AbstractRequestFilter.java:31)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:184)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Body)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
... 15 more

The resolution to the problem for me was to change the namespace for the "Body" element.

My general BinarySecurityToken configuration was as follows for the "signature":
Keystore -> selected
Alias -> client public key alias (keystore item)
Password -> private key password for the clients public-private key
Key Identifier Type -> Binary Security Token
Signature Alg -> default
Signature Can -> default
Digest algorithm -> default
use single certificate -> unchecked
Parts -> 1. Body specify either "http://schemas.xmlsoap.org/soap/envelope/" for SOAP 1.1 or "http://www.w3.org/2003/05/soap-envelope" for SOAP 1.2; Encode type "element"
2. Timestamp specify "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" and encode type "element"
3. Additional "parts" I set were for ws-addressing - again the rule is to identify the correct namespace for those.

Tricky subject area this. Above should be useful.
Brian