401 error adding wsdl to virtual service (https)

Valter_Borges · April 30, 2013, 11:29pm

Has anyone ran into a problem adding wsdl to a virtual service where the wsdl is using an ssl cert.

I added the certs to the cacerts in the jvm but no luck.

Currently running CentraSite SOA edition latest patch 21.

Does centrasite use the jvm/jre/lib/security/cacerts ??? or do you have to use Systems Management Hub to setup SSL configuration or is there someother config that you must do for apache/tomcat/catalina???

Regards,
Valter

Valter_Borges · April 30, 2013, 11:31pm

Also I’m able to test this service and consume the wsdl and operations by using SOAPSonar.

The service uses NTLM authentication, SSL cert for https transport, and a WS-addressing policy common to WCF wshttpbinding services.

Valter_Borges · May 3, 2013, 5:57pm

The solution was to create a flow service that calls pub.mediator.addressing:AddWSAddressingHeaders
pass it a DocAddressing document and create an input type of MessageContext and map it in the pipeline to the input.
This was then deployed as a package to the mediator is and added as a pre-processing step in centrasite routing.

http://techcommunity.softwareag.com/ecosystem/documentation/webmethods/wmsuites/wmsuite8-2_sp2/CentraSite/8-2-SP2_CentraSite/ug-virtual/Config_overview.htm#d0e8770

Raj_Dawar · May 17, 2013, 2:13pm

Hi,

The solution that you explain that fixed the problem is regarding WSAddressing whilst the original issue that you had was with SSL. Can you explain the relationship?

Valter_Borges · May 17, 2013, 4:13pm

The services we are trying to connect are WCF / .net services that use WSHttpBinding
which use the following message version and have ws-addressing built in by default. Those services happen to be secured using ssl transport and ntlm authentication.

WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10

Centrasite latest version will allow you the virtualization of an endpoint and use ntlm authentication. As of the moment I don’t know another way to get flow services using ntlm auth besides using a virtual endpoint.

In addition the deployed virtual endpoint in mediator strips out any incoming ws-addressing info by design, and you must add it back using a routing step to a mediator add ws-addressing flow service which has a doctype with the ws-addressing information.

The ssl x509 cert had to be put into the cacerts trust store in order for centrasite and mediator to connect.