Is it possible to create a signature for the BinarySecurityToken?

13 years ago

BinarySecurityToken works for me.

To recap, SoapUI reported to me:
Mon Jul 08 16:53:18 BST 2013:ERROR:org.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
org.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:191)
at org.apache.ws.security.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:384)
at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:356)
at com.eviware.soapui.impl.wsdl.support.wss.entries.SignatureEntry.process(SignatureEntry.java:194)
at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:192)
at com.eviware.soapui.impl.wsdl.submit.filters.WssRequestFilter.filterWsdlRequest(WssRequestFilter.java:58)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterAbstractHttpRequest(AbstractRequestFilter.java:37)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterRequest(AbstractRequestFilter.java:31)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:184)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Body)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
... 15 more

The resolution to the problem for me was to change the namespace for the "Body" element.

My general BinarySecurityToken configuration was as follows for the "signature":
Keystore -> selected
Alias -> client public key alias (keystore item)
Password -> private key password for the clients public-private key
Key Identifier Type -> Binary Security Token
Signature Alg -> default
Signature Can -> default
Digest algorithm -> default
use single certificate -> unchecked
Parts -> 1. Body specify either "http://schemas.xmlsoap.org/soap/envelope/" for SOAP 1.1 or "http://www.w3.org/2003/05/soap-envelope" for SOAP 1.2; Encode type "element"
2. Timestamp specify "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" and encode type "element"
3. Additional "parts" I set were for ws-addressing - again the rule is to identify the correct namespace for those.

Tricky subject area this. Above should be useful.
Brian

Forum Discussion

Is it possible to create a signature for the BinarySecurityToken?

Recent Discussions

SoapUI 5.9.0 Installer.app does not open on macOS Ventura 13.7.5

Missing wsi-test-tools in SoapUI 5.9.0

How to escape ampersand in Property Expansion?

Related Content

ERROR:groovy.lang.MissingMethodException: No signature of method

The signature or decryption was invalid

Upload File to AWS S3 Bucket Error due to AWS Signature Problem