web service WS-Security Policy authentication failure

erossing.26610 · March 11, 2016, 11:16pm

I have a web service provider in webMethods 9.7 that uses the Username_Signature_Encryption WS-Security Policy. I am able to authorize access based on message-level username/password when calling the service.

How can I log authentication and authorization failures to the web service? I have the IS Security Log enabled in IS Administrator with Generate Auditing Data on set to “Success or Failure” and everything checked under “Security Areas to Audit”. I don’t get any log entries for calls to the web service.

I do get log entries for other events like logging in to IS Administrator.

fml2 · March 12, 2016, 10:01am

It might be that everything works well. Just the audit data is written not to the server log but to a DB table. Consult the docs to find out where the audit data get written to.

erossing.26610 · March 14, 2016, 3:02pm

I can’t find any mention of security logging in the Web Services Developer Guide.

In IS Administrator, my security logger is configured to use the database. I have found the WSSECURITY table that has entries that exactly match what I see in Logs->Security.

If there is some special place logging message-level WS-Security failures, I can’t find it.