WSSE - User Name Token - Problem - weblogic.developer.interest.webservices.general(Archived)

I am writing Service and Consumer with WSSE UserNameToken security.
At Consumer side WSSE policy file is :
<?xml version="1.0" ?>
<wsSecurityPolicy xsi:schemaLocation="WSSecurity-policy.xsd" xmlns="http://www.bea.com/2003/03/wsse/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<wsSecurityOut>
<userNameToken>
<userName> surendra </userName>
<password type="TEXT"> mohan </password>
</userNameToken>
</wsSecurityOut>
</wsSecurityPolicy>
At the Service side WSSE Policy file is as follows:
<?xml version="1.0" ?>
<wsSecurityPolicy xsi:schemaLocation="WSSecurity-policy.xsd" xmlns="http://www.bea.com/2003/03/wsse/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<wsSecurityIn>
<token tokenType="username" />
</wsSecurityIn>
</wsSecurityPolicy>
The following exception is coming at the Consumer side:::
<env:Fault
xmlns:fault="http://schemas.xmlsoap.org/soap/envelope/"><faultactor>null</faultactor><faultcode>{http://schemas.xmlsoap.org/soap/envelope/}Client<faultcode><faultstring>
EJB Exception: ; nested exception is:
     com.bea.wlw.runtime.jws.wssecurity.exception.WLWWSSEException: Policy
requires Message to contain UsernameToken, UsernameToken not found in
the Message. <faultstring></env:Fault>
----------------------------------------
Please send the solution as soon as possible.
Regards,
Mohan 

Hi all. I am getting the same error. Any help ?

Related

SAML Token Profile Policies Issues

Hi all
i want to secure a Web service using SAML Token Profile Policies. I am using Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml Policy.
I have Configured SAML 2.0 Identity Assertion Provider in my WebLogic Server. And added Identity Provider partner.
I gave the Issues as http://com.example.idp/AssertingParty
Below is the Soap Request Which i send to my Webservice.
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_15931837d93e95e7e7ffbaa038ad4942"
IssueInstant="2013-04-26T15:20:24.021Z" Version="2.0">
<saml:Issuer>http://com.example.idp/AssertingParty</saml:Issuer>
<saml:Subject>
<saml:NameID Format="NameID">weblogic_sp</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
</saml:Subject>
<saml:Conditions NotBefore="2013-04-26T15:24:14.021Z" NotOnOrAfter="2013-04-26T15:50:24.021Z"/>
<saml:AuthnStatement>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="Roles">
<saml:AttributeValue>Administrators</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wsse:Security>
</env:Header>
<env:Body/>
</env:Envelope>
I am Getting the below error.
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurityToken</faultcode>
<faultstring>Invalid SAML token on CCS?Invalid SAML token when samlAsst= null</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
I turned on the Verbose in the Weblogic server and Got the Below log when i invoke the Web Service.
<WSEE:24>Created<SoapMessageContext.<init>:48>
<WSEE:24>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl#1d36368<SoapMessageContext.setMessage:65>
<WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
<WSEE:24>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl#1d36368<SoapMessageContext.setMessage:65>
<WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
<WSEE:24>tokenType: null, cred: [saml:Assertion: null], privkey: null<SAMLCredentialImpl.<init>:107>
<WSEE:24>Class of cred is: class com.sun.xml.internal.messaging.saaj.soap.impl.ElementImpl<SAMLCredentialImpl.<init>:108>
<WSEE:24>Instantiating SAMLAssertionInfoFactory<SAMLCredentialImpl.<init>:113>
<WSEE:24>Getting SAMLAssertionInfo from DOM Element of CSS<SAMLCredentialImpl.<init>:141>
<WSEE:24>Got erroron on SAMLAssertionInfo from DOM Element of CSS, msg =[Security:098517]Failed to get SAML assertion info: Unable to construct SAML 1.1/2.0 Schema object, can not perform validation.<SAMLCredentialImpl.<init>:152>
Please let me if i am doing any thing wrong.
Thanks
Ranjith

Custom Policy Step and the WS-Security header attibute "mustUnderstand"

Hi there,
I have some issues testing the custom policy step that comes with OWSM (CustomAuthenticationStep), which i describe next.
I manage to compile/deploy the custom step successfully. I also restart the server and add the brand new step into the request pipeline. The pipeline only has two steps, a log step and a custom authentication step.
I develop a client for the gateway service which use the "Username to Authenticate" option of the Proxy Security. The other options (inbound/outbound integrity/encryption) are all unchecked.
When I test the client, the following SOAP message is produced:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ns0="http://agesic.entidad/types/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
env:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
<env:Body>
<ns0:reverseElement>
<ns0:aString>Holas!</ns0:aString>
</ns0:reverseElement>
</env:Body>
</env:Envelope>
Which looks just fine. However I get the following exception:
javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
     at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
     at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
     at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
     at agesic.cliente.gateway.proxy.runtime.EchoReverseSoapHttp_Stub.reverse(EchoReverseSoapHttp_Stub.java:78)
     at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.reverse(EchoReverseSoapHttpPortClient.java:44)
     at agesic.cliente.gateway.proxy.EchoReverseSoapHttpPortClient.main(EchoReverseSoapHttpPortClient.java:33)
If i look at the log produced by the custom step, it looks like the step was successfully passed.
********** Entering Custom Authentication execute method **********
Processing stage is Request
Request SOAP message is <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="h
ttp://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-ins
tance" xmlns:ns0="http://agesic.entidad/types/" xmlns:wsu="http://docs.oasis-ope
n.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><env:Header><wsse
:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004
/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.or
g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://sche
mas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken xmlns:wsse="http://docs.oasi
s-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http:/
/docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ws
se:Username>test</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/
wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse
:Password></wsse:UsernameToken></wsse:Security></env:Header><env:Body><ns0:rever
seElement><ns0:aString>Holas!</ns0:aString></ns0:reverseElement></env:Body></env
:Envelope>
User locale is English
Client ip address is rhel4.tecinfo.com.uy:7777
Verified user is test
The problems is with the mustUnderstand attribute. It looks like no step tells the OWSM that he understands the header, so the OWSM pass through the pipeline and when it ends it thinks that that header was not processed properly.
I try to find documentation on this issue but I didn't find any.
Any ideas? Is there any way to specify that the step actually understands the ws-security header?
Thanks!
Leo 
Hi
I encountered this problem with must understand error when we called web services with wsse security enabled, generated by JDeveloper from BPEL process. The BPEL process passed wsse header from its input to all web services it called.
We solved the problem by removing </outbound> from:
<operation name="xxxxxxxxxxxx" input="{http://gcdgrcgrecge/}yyyyyyyyyyy">
<runtime>
<security>
<inbound>
<verify-username-token password-type="PLAINTEXT" require-nonce="false"
require-created="false"/>
</inbound>
</security>
</runtime>
</operation>
from oracle-webservices.xml in JDeveloper project. If there was also </outbound>, BPEL called the web service, but then didn't understand the response due to mustUnderstand="1". 
Ok. Thanks. The problem here is a little bit different. At the client side, we have the following:
<?xml version="1.0" encoding="UTF-8"?>
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://agesic.entidad/" localpart="EchoReverse"/>
<port-info>
<wsdl-port namespaceURI="http://agesic.entidad/" localpart="EchoReverseSoapHttpPort"/>
<runtime enabled="security">
<security>
<inbound/>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
</outbound>
</security>
</runtime>
<operations>
<operation name='reverse'>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
The <outbound> here is requered in order to use the WSS UserName token profile. I try to remove the <inbound/> to check if it was a problem like yours, but we still have the same exception.
The problem seems to be with the gateway at the server side.
Intercepting the communication between the client and the server, we are getting the following response:
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ns0="http://agesic.entidad/types/">
<env:Body>
<env:Fault>
<faultcode>env:MustUnderstand</faultcode>
<faultstring>SOAP must understand error:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
We need a way to instruct the gateway that he actually understands the wss header.
Any ideas?
Thanks!
Leo 
Hi,
I found some sort of workaround for this issue by performing a detachNode() of the userNameToken Node of the SOAP message. What I would expect from doing that is that the node would be removed from the message, however it is not. But it works, i.e. the mustUnderstand exception disappear.
I don't understand why it works (any ideas¿?), so I'm still looking for another alternative.
Cheers,
Leo

Apache SOAP 2.3.1 with Weblogic 8.1 - invoking a webservice

I've written a simple client using Apache SOAP.
My webservice is deplyed on Weblogic.
Using a proxy, this is what I send:
<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<ns1:decodeSubscriptions xmlns:ns1="http://localhost:7001/Entitlement/EBERenewalService" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<ebDecodeSubRequest xmlns:ns2="java:com.symantec.eb.renewal.ws" xsi:type="ns2:ebDecodeSubRequest">
<NOS xsi:type="xsd:string">------------</NOS>
<requestVendor xsi:type="ns2:EbVendorInfo">
<vendorID xsi:type="xsd:int">----------</vendorID>
<vendorPW xsi:type="xsd:string">----------</vendorPW>
<vendorSiteID xsi:type="xsd:int">----------</vendorSiteID>
</requestVendor>
</ebDecodeSubRequest>
</ns1:decodeSubscriptions>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I get back from Weblogic:
SOAP Fault: [Attributes={}] [faultCode=env:Server] [faultString=Exception during processing: weblogic.xml.schema.binding.DeserializationException: type mapping lookup failure on type=['java:com.symantec.eb.renewal.ws']:ns2:ebDecodeSubRequest TypeMapping=TYPEMAPPING SIZE=36
ENTRY 1:
... (I'm saving you the clutter)
ENTRY 2:
... (I'm saving you the clutter)
ENTRY 3:
class: com.symantec.eb.renewal.ws.EbDecodeSubRequest
xsd_type: ['java:com.symantec.eb.renewal.ws']:p4:EbDecodeSubRequest
ser: com.symantec.eb.renewal.ws.EbDecodeSubRequestCodec#2d8a59
deser: com.symantec.eb.renewal.ws.EbDecodeSubRequestCodec#1d60b6a
If you're familiar with Weblogic's webservice web application console, this is the request I'm sending through it:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<env:Body env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<m:decodeSubscriptions xmlns:m="http://www.symantec.com/webservices/ebe">
<ebDecodeSubRequest xmlns:n1="java:com.symantec.eb.renewal.ws"
xsi:type="n1:EbDecodeSubRequest">
<NOS xsi:type="xsd:string">----------------</NOS>
<requestVendor xsi:type="n1:EbVendorInfo">
<vendorID xsi:type="xsd:int">-----</vendorID>
<vendorPW xsi:type="xsd:string">-----</vendorPW>
<vendorSiteID xsi:type="xsd:int">-----</vendorSiteID>
</requestVendor>
</ebDecodeSubRequest>
</m:decodeSubscriptions>
</env:Body>
</env:Envelope>
There are some differences. Namespaces and <env:Envelope> versus <SOAP-ENV:Envelope>
Has someone experienced a similiar problem?
Does it has something to do with Xerces parser?
I would very much like not to touch the server side.
Thanks.

OSB not adding SOAP-ENV:encodingStyle attribute, invoke fails

Hi, I have a WSDL that when inspected by XMLSpy, creates the following payload.
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
     <SOAP-ENV:Body>
          <m:logOut xmlns:m="http://konnex.aarp.org/wsdl/HartfordServicesSecure" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
               <String_1 xsi:type="xsd:string">String</String_1>
          </m:logOut>
     </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
When I try to invoke this via OSB, I get the following message.
<env:Envelope env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://konnex.aarp.org/types/HartfordServicesSecure">
     <env:Body>
          <env:Fault>
               <faultcode>env:Client</faultcode>
               <faultstring>JAXRPCTIE01: caught exception while handling request: unexpected encoding style: expected=http://schemas.xmlsoap.org/soap/encoding/, actual=</faultstring>
          </env:Fault>
     </env:Body>
</env:Envelope>
The reason is because OSB is not putting in the *SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/* attribute. I verified this in obtunnel.
I'm currently trying to work around this in OSB using xquery but so far I've had no luck.
Thanks in Advance.

401 exception in Fusion Inbound web service

we are trying to create the new record in Opportunity Object through web service using Soap message. we are passing the access credential in Soap header message. but we are getting 401 error. our soap message
<?xml version="1.0" encoding="UTF-8" ?>
- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- <soap:Header>
<UsernameToken xmlns="http://siebel.com/webservices">RAJEEV.M</UsernameToken>
<PasswordText xmlns="http://siebel.com/webservices">Athene321</PasswordText>
<SessionType xmlns="http://siebel.com/webservices">Stateless</SessionType>
</soap:Header>
- <soap:Body>
- <createOpportunity xmlns="http://xmlns.oracle.com/apps/sales/opptyMgmt/opportunities/opportunityService/">
- <opportunity>
<Name>Test_WS</Name>
</opportunity>
</createOpportunity>
</soap:Body>
</soap:Envelope>
please help me to establish inbound web services with oracle fusion.

Categories

Resources