Help configuring SOAP request - Signature creation failed
Hi, can someone help me please. When I apply the OUTGOING configured in the request message, I am receiving the error: An error occurred [Signature creation failed (Cannot setup signature data structure)], see error log for details Signature configuration: Encryption configuration: Is it possible to see an error, or some configuration not done?636Views0likes0CommentsOracle OWSM wss11_message_protection_service_policy Policy -Testing via SOAPUI
Hello, I face an issue testing Web Service has OWSMwss11_message_protection_service_policy Policy, via SOAPUI. I successfully test it via Java Client developed by jDeveloper. But I fail to test it via SOAPUI. As per policy description, OWSMwss11_message_protection_service_policy Policy does the following: It is, message integrity and message confidentiality for inbound SOAP requests in accordance with the WS-Security 1.1 standard. Messages are protected using WS-Security's Basic 128 suite of symmetric key technologies: RSA key mechanisms for message confidentiality , SHA-1 hashing algorithm for message integrity , AES-128 bit encryption. As per my knowledge, we should configure outgoing WS security : Timestamp, Encryption and Signature. I think that the main issueis with the signature part, as we don't need to generate new key, but to use the alreadygenerated key in the encryption part (EncryptedKey)by theprovided server certificate (public key), and then to reference this key in the signature part. so that the main question is that what is the key identifier type to be used in signature config to inform SOAPUI not to generate new key and to use the already existent key generated in the encryption step ? below find successful request message .. as seen,for encryption, forSecurityTokenReference, it usesKeyIdentifier with ValueType=ThumbprintSHA1. and for signing, it refer to the already existentEncryptedKey by usingSecurityTokenReference withReferencewithValueType =EncryptedKey. The question, is how to generate such below sample request with SOAPUI ? <?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsu:Timestamp wsu:Id="Timestamp-yyTgtYX6I5MVLa2FbmoNSQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2015-12-13T14:10:21Z</wsu:Created> <wsu:Expires>2015-12-13T14:15:21Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EK-ZBxRx8IdiUdW7Ota5jNouA22" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" /> </xenc:EncryptionMethod> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsu:Id="STR-8j8GrzYhOwKXqWTXFjmtpQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">XfDPshVltIUk3F+ANKhur+qFxs4=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime"> lNZ4n5U2FZYlwnP82KL/7m3D7sbinTjtOpJ+g0ljZ9vJo+Nrhqu3hCyDDSM168t3liF025fNLmqq +5eZdBR/867in+4x0bVo7OfLPkbCTniynvl79tPM1sFbHd90Y/BANmWr/aQE2Pd7kk73/fOBy3iR vDqRUlHJJZ495qIbU/Y= </xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#_xZrqEzpM6I1zLnNBH0yBUA22" /> </xenc:ReferenceList> </xenc:EncryptedKey> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <dsig:Reference URI="#Timestamp-yyTgtYX6I5MVLa2FbmoNSQ22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>BOi0mHMKNIQsBWcUMpiOUp/6jPM=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#Body-6fMgpfle8G2QmdAMdzKW8w22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>Hd3355tAsYR16ElYPQkapb3eVl0=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>HqRqFeDXs6XyzKnXn40ux9JGuLg=</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#EK-ZBxRx8IdiUdW7Ota5jNouA22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" /> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> </wsse:Security> </soap:Header> <soapenv:Body wsu:Id="Body-6fMgpfle8G2QmdAMdzKW8w22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Content" Id="_xZrqEzpM6I1zLnNBH0yBUA22" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#EK-ZBxRx8IdiUdW7Ota5jNouA22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" /> </wsse:SecurityTokenReference> </dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime"> qChK3cVSFbAGOW6N4UDFLIIBZOAWERhy75wCVtOhuDoUVPlqJtTpZnJd7e3eAPKzC8UGtngjOg5t VRWaeowi2qrzySAsfJYBhhRKrDnZR77t8g/6LG0B9ZfFjsF4lAnytUx7OYkfiyvudZRQXa9EBCXx IvATkIN4+hliQbLYT/qx9+SIFPtPyF2zgFLJXp0IXURJwtjegJA5P3HFlci8JQjNizgoQtHUx9KO Kpa/i4SKsTZ3/QsEKiQvCPhVVV1A5pc2h2hHCQpHTklb0+dDh8A5kTHs5rBJEjcfeYLAskrFbZdk rlDQUHe4wuiDDJoVHPoqhYURwacbyaNtbzEKI3yU/+uzi4SzGuptP0lMlnfQDdNxeF4Bztnm4+df I3qW </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>2.1KViews0likes2CommentsWS Security Signature with Symmetric Key
Hello, I have web service that requires to use sameSymmetric Key for both Encryption and Signature. By using WS Security config , in the Encryption , Symmetric Key is generated using provided public key from keystore. The main problem is withSignature: Is it possible to use the generated Symmetric key forSignature in SOAPUI? and in general, is it possible to useSymmetric Key in WS SecuritySignature in SOAPUI?2KViews0likes1Comment