Help configuring SOAP request - Signature creation failed
Hi, can someone help me please. When I apply the OUTGOING configured in the request message, I am receiving the error: An error occurred [Signature creation failed (Cannot setup signature data structure)], see error log for details Signature configuration: Encryption configuration: Is it possible to see an error, or some configuration not done?
SOAPUI not signing/ security header empty
Hi, Ive been stressed out by this item. Ive followed through the following guide: soapui keystore + security guide , double checked everything (keystore status = OK) and created the corresponding "Outgoing WS-Security Configurations". Added Signature and Timestamp, both items fully configured. Later I added, to my Request, a Basic Auth (pre-emptive auth: Use global preference) and pointed "Outgoing WSS" to my created configuration. The service that I need to connect with is stating: "An error occurred when verifying security for the message." I do believe that the reason behind all of this is because Im not seeing a security or signature token anywhere (or they are empty). I even tried creating a Mock Service, in order to review the exact message that Im sending and its as follows (extracted from raw): <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wcf="http://wcf.dian.colombia"> <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/><wsa:Action>http://wcf.dian.colombia/IWcfDianCustomerServices/GetStatus</wsa:Action></soap:Header> <soap:Body> <wcf:GetStatus> <wcf:trackId>1d1</wcf:trackId> </wcf:GetStatus> </soap:Body> </soap:Envelope> As stated, this is almost empty. I reviewed other cases on site and they tended to go into two directions: * Incorrect or missing configuration: Im pretty sure Ive followed through every required step, I even checked multiple guides on this item. * Invalid JKS store: I tried with multiple certificates, even created one following a guide from smartbear for this purpose (right now, Im unsure which) and, as stated, all of them show Status = OK. Im terrible frustrated by this, which I do require for work, so if anyone could point me out on the correct direction... Ill really appreciate it. Thanks!Oracle OWSM wss11_message_protection_service_policy Policy -Testing via SOAPUI
Hello, I face an issue testing Web Service has OWSM wss11_message_protection_service_policy Policy, via SOAPUI. I successfully test it via Java Client developed by jDeveloper. But I fail to test it via SOAPUI. As per policy description, OWSM wss11_message_protection_service_policy Policy does the following: It is, message integrity and message confidentiality for inbound SOAP requests in accordance with the WS-Security 1.1 standard. Messages are protected using WS-Security's Basic 128 suite of symmetric key technologies: RSA key mechanisms for message confidentiality , SHA-1 hashing algorithm for message integrity , AES-128 bit encryption. As per my knowledge, we should configure outgoing WS security : Timestamp, Encryption and Signature. I think that the main issue is with the signature part, as we don't need to generate new key, but to use the already generated key in the encryption part (EncryptedKey) by the provided server certificate (public key), and then to reference this key in the signature part. so that the main question is that what is the key identifier type to be used in signature config to inform SOAPUI not to generate new key and to use the already existent key generated in the encryption step ? below find successful request message .. as seen, for encryption, for SecurityTokenReference, it uses KeyIdentifier with ValueType = ThumbprintSHA1. and for signing, it refer to the already existent EncryptedKey by using SecurityTokenReference with Reference with ValueType = EncryptedKey. The question, is how to generate such below sample request with SOAPUI ? <?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsu:Timestamp wsu:Id="Timestamp-yyTgtYX6I5MVLa2FbmoNSQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2015-12-13T14:10:21Z</wsu:Created> <wsu:Expires>2015-12-13T14:15:21Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EK-ZBxRx8IdiUdW7Ota5jNouA22" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" /> </xenc:EncryptionMethod> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsu:Id="STR-8j8GrzYhOwKXqWTXFjmtpQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">XfDPshVltIUk3F+ANKhur+qFxs4=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime"> lNZ4n5U2FZYlwnP82KL/7m3D7sbinTjtOpJ+g0ljZ9vJo+Nrhqu3hCyDDSM168t3liF025fNLmqq +5eZdBR/867in+4x0bVo7OfLPkbCTniynvl79tPM1sFbHd90Y/BANmWr/aQE2Pd7kk73/fOBy3iR vDqRUlHJJZ495qIbU/Y= </xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#_xZrqEzpM6I1zLnNBH0yBUA22" /> </xenc:ReferenceList> </xenc:EncryptedKey> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <dsig:Reference URI="#Timestamp-yyTgtYX6I5MVLa2FbmoNSQ22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>BOi0mHMKNIQsBWcUMpiOUp/6jPM=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#Body-6fMgpfle8G2QmdAMdzKW8w22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>Hd3355tAsYR16ElYPQkapb3eVl0=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>HqRqFeDXs6XyzKnXn40ux9JGuLg=</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#EK-ZBxRx8IdiUdW7Ota5jNouA22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" /> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> </wsse:Security> </soap:Header> <soapenv:Body wsu:Id="Body-6fMgpfle8G2QmdAMdzKW8w22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Content" Id="_xZrqEzpM6I1zLnNBH0yBUA22" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#EK-ZBxRx8IdiUdW7Ota5jNouA22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" /> </wsse:SecurityTokenReference> </dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime"> qChK3cVSFbAGOW6N4UDFLIIBZOAWERhy75wCVtOhuDoUVPlqJtTpZnJd7e3eAPKzC8UGtngjOg5t VRWaeowi2qrzySAsfJYBhhRKrDnZR77t8g/6LG0B9ZfFjsF4lAnytUx7OYkfiyvudZRQXa9EBCXx IvATkIN4+hliQbLYT/qx9+SIFPtPyF2zgFLJXp0IXURJwtjegJA5P3HFlci8JQjNizgoQtHUx9KO Kpa/i4SKsTZ3/QsEKiQvCPhVVV1A5pc2h2hHCQpHTklb0+dDh8A5kTHs5rBJEjcfeYLAskrFbZdk rlDQUHe4wuiDDJoVHPoqhYURwacbyaNtbzEKI3yU/+uzi4SzGuptP0lMlnfQDdNxeF4Bztnm4+df I3qW </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>WS Security Signature with Symmetric Key
Hello, I have web service that requires to use same Symmetric Key for both Encryption and Signature. By using WS Security config , in the Encryption , Symmetric Key is generated using provided public key from keystore. The main problem is with Signature: Is it possible to use the generated Symmetric key for Signature in SOAPUI? and in general, is it possible to use Symmetric Key in WS Security Signature in SOAPUI?
Enveloped Signature for SAML (XML) WSS Entry
Hello all, I am struggling to create SAML 2 assertions with enveloped signatures. Adding a SAML (Form) element and checking the box "signed" in the outgoing ws-security configuration creates an enveloped signatuer, but the form does not allow me to add attributes like "SPProvidedID" or a AttributeStatement block. Using a SAML (XML) element containing the desired Assertion followed by a signature element creates a Signature block outside the Assertion element, i.e. the signature is not enveloped. Putting a Security header including the Assertion element in the original request XML and using only a signature element in the outgoing configuration either yields an error about SoapUI not being able to find the to be signed element, or the original Security header is replaced rather than amended. And thus the Assertion is removed from the request. Is it possible at all to create enveloped signatures for arbitrary SAML Assertion elements? TIA!
