I am developing one service in webMethods 8.2 environment which invokes webservice of BackEnd system.
This BackEnd has secure communications using standard WS-Security implementation X509 Certificate Token Profile, so for each call is necessary to sign the SOAP message using the given certificate.
While invoking webservice via the connector in webMethods we are getting error “[ISS.0088.9431] Handler processing failed on the consumer: com.webMethods.ws.security.SecurityException: Request does not contain required Security header: [{XML-Signature Syntax and Processing}Signature]” whereas when I invoke same webservice in soapUI after setting a keyStore and adding an Outgoing WS-Security Configuration, and this properties for the signature:
Could anyone please let me know what setting I need to change in webMethods to access same result in Designer?
I tried setting auth/message/serverCerts/keyStoreAlias and auth/message/serverCerts/keyAlias values in the connector.
I tried too with option setting handler in webService consumer as “WS Security Handler” having different policies including “Consumer policy for Signature, Auth” but it throwing this error:
[ISS.0088.9431] Handler processing failed on the consumer: com.webMethods.ws.security.SecurityException: Request does not contain required Security header: [{XML-Signature Syntax and Processing}Signature]
IS Version:8.2.2.0
LatestFix::IS_8.2_SP2_Core_Fix12
Did you try to configure a consumer type Endpoint Alias?
Once created, assign it to the WS descriptor binder settings.
Did you assign a proper policy in WS descriptor ?
I change <sp:WssX509PkiPathV1Token10 /> to <sp:RequireIssuerSerialReference /> (Initiator and Recipient Token)
I get this error from backEnd: An error was discovered processing the wsse:Security header.
Then I delete the <sp:IncludeTimestamp /> (BackEnd system does not require TimeStamp), and i get this error message from webMethods: SOAP header missing
Any ideas?
Solved!
Using X509 Authentication Signature policy, IS expects the response SOAP message to have a security header. If it does not receive one, it may complain of the missing security header: SOAP Header Missing.
In 8.2.2 IS only allows attachment of policies at the service level, so it is not possible to selectively enable security for input/output/faults.
If you want to enable security only for input/request, you should attach the security policy to ?wsdl:binding/wsdl:operation/wsdl:input.
Have you placed the policy in the consumer´s wsdl descriptor?
For example, in the wsdl that you import in designer you should place the Policy (inside the wsdl:definitions tag)
Can you share sample file with me if possible for you ?
I tried adding policy file content from IS Built in Policy which we want to apply and placed it in WSDL file. And then added the policy reference as well. But I am still getting same error.
Pasting file directly helped. Now we have different error:
WSSecurityEngine: No crypto property file supplied for decryption
I am searching the cause of this errror.
When we consumed the webService through Soap UI we had implemented Username authorization and Signature. Thus I made use of Username_Signature policy.
In my case i used: X509 Authentication and Signature.
Are you passing auth/message/user and auth/message/pass (If needed) and keystoreAlias parameters (If needed) in the IS request to ws?
You should check if webService response header or body is encypted. In this case, you must apply the policy to the reponse to.
When I was testing this issue i compare request that you use with soapUI with the request that IS generate. In soapUI you can see real request with headers in the RAW View.
In IS you should configure a Proxy or similar to see the complete Request that you are sending to the WebService.
Once you have two Request (soapUI and IS) you can compare them and see the differences.