Problem in implementing WS-Security with signature

talasilacs · March 11, 2008, 1:29pm

I am trying to implement WS-Security for a WSD created for a flow service in webMethods 7.1. I am trying to use the policies provided by webMethods. I am able to implement the WS-Security with UserName by usinf the policy file provided by webMethods. But when I am trying to use the signature I am getting the following error.

 
com.webmethods.ws.security.SecurityException: Request does not contain required Security header: [{http://www.w3.org/2000/09/xmldsig#}Signature]

Following is the SOAP response that I got.

 
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body><SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring>[ISS.0088.9251] JAX-RPC Handler failed to process the message</faultstring>
<faultactor>https://jade:58555/ws/Default.Test1:Test1</faultactor><SOAP-ENV:detail><webM:detailEntry xmlns:webM="http://www.webMethods.com/2001/10/soap/encoding" xmlns:xml="http://www.w3.org/XML/1998/namespace">
<webM:message xml:lang="">com.webmethods.ws.security.SecurityException: Security Engine error while processing WS Security headers org.apache.ws.security.WSSecurityException: The signature verification failed</webM:message>
</webM:detailEntry>
<webM:detailEntry xmlns:webM="http://www.webMethods.com/2001/10/soap/encoding" xmlns:xml="http://www.w3.org/XML/1998/namespace">
<webM:message xml:lang="">com.webmethods.ws.security.SecurityException: Request does not contain required Security header: [{http://www.w3.org/2000/09/xmldsig#}Signature]</webM:message>
</webM:detailEntry>
</SOAP-ENV:detail></SOAP-ENV:Fault></SOAP-ENV:Body>
</SOAP-ENV:Envelope>

I am using 2 IS for Provider and Consumer services and I configured the public and private keys in the websevice alias profiles of the respective IS. Appreciate your help.

wMusers.Com1 · March 11, 2008, 6:20pm

Assuming you are using IS 7.1 or later …

 
Request does not contain required Security header: [{http://www.w3.org/2000/09/xmldsig#}Signature]

This would suggest that the policy you are using requires a XML signature in the incoming request (sent from consumer to provider) but that the request message does not contain one.

Capture the soap request to confirm this. You might use a web services testing tool to generate the request in order to get the provider service working and then attempt to consume it successfully using an IS consumer. SoapSonar, SoapUI and other web services testing tools can generate Web Services security tokens and signatures.

Mark

talasilacs · March 12, 2008, 3:18pm

Mark,

Thanks a lot for your reply. I started using SOAPUI but I still have the problem with creating the required security headers in the request. Can you please refer me to a post/blog/site that would help me with this.

I am attaching my SOAPUI project. If you can suggest a valid wsse tag for signing that may help.
Test-soapui-project.xml (8.02 KB)

wMusers.Com1 · March 12, 2008, 8:12pm

You need to open the Project editor, add a keystore using the “Keystore/Certificates” tab and then create a new “Outgoing Configuration”. One of the types of WSS Entries that can be created is a Signature. See the SoapUI WS-Security page for more details.

You use the “Aut” link in the Request Editor to associate a test case with an Outgoing Configuration defined in the Project editor. See the SoapUI “Working with Requests” page for more details.

Mark