WS-Security: Error in signature reference
Hello everyone,
I'm having trouble with soapUI 3.5.1 while trying to make a request protected with a WS-SecurityPolicy generated by an oracle tool. The policy is the following:
I'm getting the following error in the Server Console:
oracle.wsm.security.policy.scenario.policycompliance.PolicyComplianceException: WSM-00035 : Error in Signature reference mechanism compliance :
Expected : http://docs.oasis-open.org/wss/oasis-ws ... cryptedKey , Actual : null.
Unfortunately I have no idea how to enforce this signature reference mechanism he mentions. I've tried all sorts of combinations for the key identifier type in soapUI but the result was the same. Also, I have a java client which works (It uses the mentioned mechanism "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey") but unfortunately, as I mentioned, I could not make it work with soapUI. I'm uploading both requests (from the java Client, which works, and from soapUI, which doesn't).
Any help will be great !
Thanks!
I'm having trouble with soapUI 3.5.1 while trying to make a request protected with a WS-SecurityPolicy generated by an oracle tool. The policy is the following:
<wsp:Policy wsu:Id="CatalogoDadosPort_Fault_Policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:Policy><wsp:Policy wsu:Id="CatalogoDadosPort_Input_Policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Name="fmw-context" Namespace="http://xmlns.oracle.com/fmw/context/1.0"/>
<sp:Header Name="" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
</sp:SignedParts>
<sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Name="fmw-context" Namespace="http://xmlns.oracle.com/fmw/context/1.0"/>
</sp:EncryptedParts>
<sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:Policy><wsp:Policy wsu:Id="CatalogoDadosPort_Output_Policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
<sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:EncryptedParts>
<sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:Policy><wsp:Policy wsu:Id="wss11_x509_token_with_message_protection_service_policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:oralgp="http://schemas.oracle.com/ws/2006/01/loggingpolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:orasp="http://schemas.oracle.com/ws/2006/01/securitypolicy" xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy">
<sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:ProtectTokens/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:RequireSignatureConfirmation/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
</wsp:Policy>
I'm getting the following error in the Server Console:
oracle.wsm.security.policy.scenario.policycompliance.PolicyComplianceException: WSM-00035 : Error in Signature reference mechanism compliance :
Expected : http://docs.oasis-open.org/wss/oasis-ws ... cryptedKey , Actual : null.
Unfortunately I have no idea how to enforce this signature reference mechanism he mentions. I've tried all sorts of combinations for the key identifier type in soapUI but the result was the same. Also, I have a java client which works (It uses the mentioned mechanism "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey") but unfortunately, as I mentioned, I could not make it work with soapUI. I'm uploading both requests (from the java Client, which works, and from soapUI, which doesn't).
Any help will be great !
Thanks!