WS-RM CreateSequence request lacks WS-Security header
Hi! I'm trying to use a WCF based service that uses the security mode TransportWithMessageCredential and reliableSession ON, i.e. https for transport privacy and WS-RM, requiring UserName type credentials on message level. The problem is that I cannot get SoapUI (V5.3.0)to include wsse:Security header data in the initial WS-RM CreateSequence request, so my server denies to process this request and the whole sequence fails. A subsequent request then includes the wsse:Security header just fine, but too late since CreateSequence failed already. Any hints? Thanks!
An error was discovered processing the <wsse:Security> header
This is my WS-Security configuration with SoapUI 1. Server Keystore - contains server's private key + server's public key + client's public key Client Keystore - contains client's private key + client's public key + server's public key 2.WS-Security Configuration – Keystore Source: path to client keystore Password - client keystore password Default Alias - alias of client's private key Alias Password - password of client's private key and Source: path to server keystore Password - server keystore password Default Alias - alias of server's private key Alias Password - password of server's private key 3. Outgoing WS-Security Configuration - * Username – username : client password : client’s password * Timestamp – Time To Live : 1000000 * Signature Keystore - client keystore Alias - alias of client's private key Password - password of client's private key Key Identifier Type - X.509 Signature Algorithm - RSA-SHA1 * Encryption Keystore - server keystore Alias - alias of server's public key Password - Empty (no password required for public key) Key Identifier Type - X.509 Symmetric Encoding Algorithm - Triple-DES-CBC Key Encryption Algorithm - RSA-OAEP-MGF1P 4. Ingoing WS-Security Configuration - Decrypt Keystore - client keystore Signature Keystore - server keystore Password - password of client's private key 5. Applying the ws-security But the folowing exception is shown, Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error was discovered processing the <wsse:Security> header at org.apache.wss4j.common.crypto.AlgorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(AlgorithmSuiteValidator.java:149) at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:550) at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:481) at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:199) at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:76) at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344) Pls, check my ws-security configuration to SoapUI. Your advice will be deeply appreciated.Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [client]
This is my ws-security test images with soapui. My configuration of ws-security in soap-ui throws the following exception. Pls, have a look at my config images. The following exception is thrown, Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [client] Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [client] at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.getAsymmetricDecryptedBytes(EncryptedKeyProcessor.java:301) at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:194) at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:76) at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280) ... 42 more Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [client] at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:632) at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.getAsymmetricDecryptedBytes(EncryptedKeyProcessor.java:259) ... 46 more Your advice will be deeply appreciated. Thanks in advancews-security
I try to intercept encrypted soap message with soapui. The reference site of WS Security with wildfly 8 and eclipse ide is https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Authenticationandauthorization WS Security implementation is successful and the response message is encrypted successfully. The main key in WS security is manifest.mf. I add the following lines in manifest.mf file and it works well in eclipse ide. Manifest-Version: 1.0 Dependencies: org.apache.cxf.impl, org.apache.ws.security services Class-Path: But in soapui application soap message encryption is failed. Me reference site is http://www.soapui.org/soapui-projects/ws-security.html http://blog.thilinamb.com/2011/02/invoking-secured-web-service-with.html The SEI throws the following exception. <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}ProtectionToken {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received Timestamp does not match the requirements {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SymmetricBinding: Received Timestamp does not match the requirements {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens: The received token does not match the endorsing supporting token requirement {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> The same exception was thrown in eclipse ide when I did not add the Dependancies line in manifest.mf file. Do you think those are related and have the same configuration problem? Your advice will be deeply appreciated. Thanks
