Forum Discussion

mrpbarre's avatar
mrpbarre
Occasional Contributor
12 years ago

[Resolved] (again)problems when configuring encryption

After reading tons of posts in various sites I know sign/encrypt configuration is something tricky (but should not be...).
Updating SoapUI did not solved the problem; I´m running 4.6.3.
I´m getting during outbound the following error:

Mon Jan 13 02:10:33 BRST 2014:ERROR:org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: {http://www.w3.org/2003/05/soap-envelope/}Body)

But outbounding encryption is configured with:

Keystore correctly configured
Key Identifier Type: X509 Certificate
Symmetric Encoding Alg : tripledes-cbc
Key encryption Alg : rsa-1_5

For "Parts", I´ve tried all combinations of values below, including empty.
ID: blank
Name: Body
Namespace: http://www.w3.org/2003/05/soap-envelope/ or http://schemas.xmlsoap.org/soap/envelope/
Encode: Element or Content

Pls help!
Thanks in advance!
Marcos.

5 Replies

  • MarcusJ's avatar
    MarcusJ
    Icon for Staff rankStaff
    12 years ago
    Hi,

    Can you post a screen shot showing your WS-Security Configurations?

    Try using Thumbprint SHA1 Identifier as the key identifier type for encryption.
  • mrpbarre's avatar
    mrpbarre
    Occasional Contributor
    12 years ago
    Hi!
    Screenshots attached. The encryption shows just one of the all combinations I´ve tried.
    I configured not only encryption but also sign, username and timestamp; all screnshots attached.
    It works with username, timestamp and sign. But stops working when I add encryption.

    Adding two more questions:
    1.What is the difference between "thumbprint sha1" and "x509 certificate" ?
    2.Which fields are signed by default? This is the same question on post "WS Security, SoapUI" which has not been answered. I´m watching also that post.

    Thanks in advance!
    Marcos.
  • MarcusJ's avatar
    MarcusJ
    Icon for Staff rankStaff
    12 years ago
    Hi,

    1.What is the difference between "thumbprint sha1" and "x509 certificate" ?


    The differences are related to how the certificate is sent. Please see this link. I've used Thumbprint SHA1 for a secured web service using the symmetric encoding and key encryption your using.
    http://coheigea.blogspot.com/2013/03/si ... n-key.html

    2.Which fields are signed by default? This is the same question on post "WS Security, SoapUI" which has not been answered. I´m watching also that post.


    I just replied on that post, I'm not 100% sure but it may sign the entire message by default. I'm going to ask the SoapUI developer's about this.

    WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: {http://www.w3.org/2003/05/soap-envelope/}Body


    I believe this error is caused due to the part you've specified in one of the screen shot configurations. The namespace you are using may be invalid.
  • mrpbarre's avatar
    mrpbarre
    Occasional Contributor
    12 years ago
    Hi!
    Thank you for your pointer on Thumbprint!
    But going back to the original question, related to encryption. You said (as the error message sugests) there is an error on namespace. But this namespace came from the OASIS spec
    http://docs.oasis-open.org/wss/v1.1/wss ... ile-01.pdf

    This value would be correct?
    thank you!
    Marcos.