IS version 9.7 : soapenv:Header and the wsse:Security information is missing from SOAP request

Kunal_Shetty · May 15, 2015, 2:21am

Ref : Integration Server version 9.7
subject : Consumer Web Service
Type Consumer
Transport Type HTTPS

ISSUE :soapenv:Header and the wsse:Security information is missing from SOAP request.

Created an "Web Services " Endpoint Alias for a Consumer Web Service Descriptor for Use with HTTP/S on Integration server
Filled the WS Security Properties username password in the “WS Security Properties (Optional)” Information for the WS-Security header
Webconnectors are created by consuming the WSDL and Binding to the port alias applied
pub.client:soapClient is invoked
Issue is however when tracing the SOAP request sent outbound the soapenv:Header and the wsse:Security information is missing ?
hence possibly getting SOAP exception Read timed out

The Soap soapenv:Body and the request inputs are well formed within the soapENv.

I.e the below elements are missing in the outbound soap request form Integration server

soapenv:Header
<wsse:Security xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”
xmlns=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”
xmlns:env=“http://schemas.xmlsoap.org/soap/envelope/”
soapenv:mustUnderstand=“1”>
<wsse:UsernameToken xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”
xmlns=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”>
wsse:UsernameABC</wsse:Username>
<wsse:Password Type=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText”>1234</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>

Tested using SOAP uI to add this header to request and get successful execution of the SOAP response.

Have I missed anything? I thought creating "Web Services " Endpoint Alias with WSSE security
and binding the weConnectors to Port would pick up the credentials and add it the details in the Outbound SOAP request.

Timeout errors

Or HTTP 408 Timeout
com.wm.app.b2b.server.ServiceException: org.apache.axis2.AxisFault: Read timed out
at pub.clientimpl.wssClient(clientimpl.java:3033)

Kunal_Shetty · May 15, 2015, 7:29am

Found
http://techcommunity.softwareag.com/widget/pwiki/-/wiki/Main/Understanding+Web+Services;jsessionid=35F813918E2403A315F3406818DDEDD3#section-Understanding+Web+Services-WebServiceTroubleshooting

For 8.2 (compatibility mode=false) services WS-Security is not implemented as a Handler but is built into the Web Services processing when enabled. On inbound messages, Integration Server will invoke all handlers after the WS-Security processing has been applied.
For outbound messages, Integration Server will invoke all handlers before it applies the WS-Security processing.

Is built into webservices and what do we do to enable it ?

In the handlers tab of the webConnectors when we Right click and select “add Handler” the designer does not show the “WS Security Handler” when the
"pre-8.2 compatibility mode " = false.
See attached image

Strangely the when "pre-8.2 compatibility mode " = true Only then we see can add the “WS Security Handler” , strange ?

rmg · May 15, 2015, 4:47pm

Did you check this empower article also?

https://empower.softwareag.com/sl24sec/SecuredServices/KCFullTextASP/viewing/view.asp?KEY=099388-7108159&DSN=PIVOTAL&DST=TCD&HL=1&QUERY=Security|Handler&SessionID=695510842

HTH,
RMg

Kunal_Shetty · May 18, 2015, 1:57am

Thanks RMG it certainly helps.

However seems like “Knowledge center” on empower isn’t responding currently showing Internal 500 error.
for memory the KB was 1745512.
Notified the empower team.

Before I could read fully and digest the KB article the Internal 500 error started happening.

To summarise from what I could read briefly before the site became unavailable. Since we are in version 9.7 and since sometime in future version the “Pre-8.2 compatibility mode” would not be available or will always be false.

The KB mentioned if the “Pre-8.2 compatibility mode=false” it would ignore the security handler generated in WSD.

However we are not seeing the wsse security handler being generated by the WSD by the designer.

And also mentions the Integration server would implement the security policy files configured in the WSSE policy ? What do we have to do set up this configuration for WSSE policy for ver 9.7 with “Pre-8.2 compatibility mode=false” ?

Also will wait for the site “Knowledge center” on empower to respond and re-read the article to understand the solution.

Mahesh_K_Sreenivas · May 18, 2015, 10:19am

kunal Shetty:

Thanks RMG it certainly helps.

However seems like “Knowledge center” on empower isn’t responding currently showing Internal 500 error.
for memory the KB was 1745512.
Notified the empower team.

Before I could read fully and digest the KB article the Internal 500 error started happening.

To summarise from what I could read briefly before the site became unavailable. Since we are in version 9.7 and since sometime in future version the “Pre-8.2 compatibility mode” would not be available or will always be false.

The KB mentioned if the “Pre-8.2 compatibility mode=false” it would ignore the security handler generated in WSD.

However we are not seeing the wsse security handler being generated by the WSD by the designer.

And also mentions the Integration server would implement the security policy files configured in the WSSE policy ? What do we have to do set up this configuration for WSSE policy for ver 9.7 with “Pre-8.2 compatibility mode=false” ?

Also will wait for the site “Knowledge center” on empower to respond and re-read the article to understand the solution.

Even I saw this error but now it should be OK.

rmg · May 18, 2015, 7:32pm

Not a problem and thanks for the update!

Kunal_Shetty · May 21, 2015, 8:19am

hi rmg and guys
Thanks for your help and support so far.
This issue is getting hard to explain or bizarre and no longer seem a wsse security issue.

After doing much analysis with SOAP ui TOOL’s and comparing results with WM pub.client:soapClient.
We are consuming a webservice hosted by BSSV (weblogic) JDE to be specific.
The target input signature for this consumer webservice has a Single parent Document with a nested array of complex structure. Refer to image attached for document. In total 193 elements within the single array element.
We are also dropping the elements with null values from the final payload and also passes the schema validation before sending in the SOAP request.
But get consistently [ISS.0048.9999D] Read timed out
Here are the logs.
These 3 errors right after successful post
[81435]2015-05-21 14:05:52 EST [ISC.0088.0020D] pub.client:soapClient SOAP request sent:
[81437]2015-05-21 14:05:52 EST [ISC.0088.9998E] Exception → null
[81449]2015-05-21 14:05:52 EST [ISC.0077.9998E] Exception → org.apache.axis2.AxisFault: Read timed out
[81448]2015-05-21 14:05:52 EST [ISS.0048.9999D] Read timed out
[81447]2015-05-21 14:05:52 EST [ISS.0048.9999D] Read timed out

Here’s the puzzling issue
a) Having debugging on Integration Server we grab the SOAP request specially the Inputs WM pub.client:soapClient sent and paste the same using SOAP UI payload it works we get a response for the JDE BSSV server.

b) We also manually passed the limited or the required input fields that is 4 values out of the 193 elements to same Web service connector in web Methods and we get a response for the JDE BSSV server.

c) Only when the payload is much bigger i.e more elements in single array and only two records we consistently get Read timed out and the underline HTTP error code is 408. See attached screen shot.

d) We are not seeing any connection close by weblogic server on the IS log OR increasing the timeout on the consumer web connector not helping.

e) The get last error is also attached

com.wm.app.b2b.server.ServiceException: org.apache.axis2.AxisFault: Read timed out
at pub.clientimpl.wssClient(clientimpl.java:3033)
at pub.clientimpl.soapClient(clientimpl.java:1414)
at sun.reflect.GeneratedMethodAccessor2044.invoke(Unknown Source)

f) To top it ALL when in debug mode within the webConnector sometimes if we are lucky we may get response sometimes !!

Any ideas where is this time out happening after SOAP request being sent at RUNTIME ? DEBUG mode sometimes works.

Is it the receiving server taking too long to process and response ?
Or the server timing are not synchronised…between IS and BSSV …

And we get an [81437]2015-05-21 14:05:52 EST [ISC.0088.9998E] Exception → null

See a lot of KB around ISC.0088.9998E Exception → null for versions prior to 9.7 and resolutions Corrected with IS_9.6_Core_Fix3

For version 9.7 we are in correct fix too IS_9.7_Core_Fix2 which we have and consumer websrevice isn’t providing a “Outbound callback service” property too.

getLastError.txt (5.89 KB)

Kunal_Shetty · May 22, 2015, 2:13am

Caused by: java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:157)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at iaik.security.ssl.Utils.a(Unknown Source)
at iaik.security.ssl.a.b(Unknown Source)
at iaik.security.ssl.a.k(Unknown Source)
at iaik.security.ssl.b.b(Unknown Source)
at iaik.security.ssl.b.a(Unknown Source)
at iaik.security.ssl.b.read(Unknown Source)

Looking into the getLasterror could this HTTP error 408 can be seen with SSL negotiation failure ? due to bad certificate ?

Hence causing the final Read time out ? com.wm.app.b2b.server.ServiceException: org.apache.axis2.AxisFault: Read timed out

What is baffling sometimes we get connectivity and most time out.
Will update this post once resolution found looks like network DNS or ssl client hostname verification being flaky

rmg · May 22, 2015, 4:33pm

Yes and also please raise a SAG ticket for this error instance get it checked more.

HTH,
RMG