Quantcast

Signature algorithm should be same for client, sts and service?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Signature algorithm should be same for client, sts and service?

gchoi

Signature algorithm for my client and serivice certificate is SHA1withRSA while sts certificate is  SHA256withRSA. It could be a problem? When client call service, it returns Invalid Security Header message. Client-STS-Client call looks good. I am using UserNameToken with symmetric key bindings.


Apr 24, 2012 6:03:55 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientResponsePacket
SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
com.sun.xml.wss.XWSSecurityException: Security Requirements not met - No Security header in message
        at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:925)
        at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:248)
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:434)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
        at com.sun.xml.ws.client.Stub.process(Stub.java:429)
        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
        at $Proxy40.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:76)
        at client.WSClient.main(WSClient.java:69)
Exception in thread "main" javax.xml.ws.WebServiceException: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:439)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
        at com.sun.xml.ws.client.Stub.process(Stub.java:429)
        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
        at $Proxy40.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:76)
        at client.WSClient.main(WSClient.java:69)
Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security Header
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:696)
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:714)
        ... 14 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header
        at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:349)
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:710)
        ... 14 more
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Signature algorithm should be same for client, sts and service?

kumarjayanti
It appears the client did not send a secure message here :
> Security Requirements not met - No
> Security header in message

Can you do a message dump on the server and see what is being sent.

On Apr 25, 2012, at 4:33 AM, gchoi wrote:

>
> Signature algorithm for my client and serivice certificate is  
> SHA1withRSA
> while sts certificate is  SHA256withRSA. It could be a problem? When  
> client
> call service, it returns Invalid Security Header message. Client-STS-
> Client
> call looks good. I am using UserNameToken with symmetric key bindings.
>
>
> Apr 24, 2012 6:03:55 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube
> processClientResponsePacket
> SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound  
> Message.
> com.sun.xml.wss.XWSSecurityException: Security Requirements not met  
> - No
> Security header in message
>        at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.createMessage(SecurityRecipient.java:925)
>        at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:
> 248)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl
> .SecurityClientTube
> .processClientResponsePacket(SecurityClientTube.java:434)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
>        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
>        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
>        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
>        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
>        at com.sun.xml.ws.client.Stub.process(Stub.java:429)
>        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
> 168)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 119)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 102)
>        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
>        at $Proxy40.doubleIt(Unknown Source)
>        at client.WSClient.doubleIt(WSClient.java:76)
>        at client.WSClient.main(WSClient.java:69)
> Exception in thread "main" javax.xml.ws.WebServiceException:  
> WSSTUBE0025:
> Error in Verifying Security in the Inbound Message.
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl
> .SecurityClientTube
> .processClientResponsePacket(SecurityClientTube.java:439)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
>        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
>        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
>        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
>        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
>        at com.sun.xml.ws.client.Stub.process(Stub.java:429)
>        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
> 168)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 119)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 102)
>        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
>        at $Proxy40.doubleIt(Unknown Source)
>        at client.WSClient.doubleIt(WSClient.java:76)
>        at client.WSClient.main(WSClient.java:69)
> Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security  
> Header
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 696)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 714)
>        ... 14 more
> Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid  
> Security
> Header
>        at
> com
> .sun
> .xml
> .wss
> .impl
> .SecurableSoapMessage
> .newSOAPFaultException(SecurableSoapMessage.java:349)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 710)
>        ... 14 more
>
> --
> View this message in context: http://metro.1045641.n5.nabble.com/Signature-algorithm-should-be-same-for-client-sts-and-service-tp5663537p5663537.html
> Sent from the Metro - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Signature algorithm should be same for client, sts and service?

gchoi
>Can you do a message dump on the server and see what is being sent.
How do I turn on message dump on the sever side?

-----Original Message-----
From: kumarjayanti [mailto:[hidden email]]
Sent: Tuesday, April 24, 2012 9:24 AM
To: [hidden email]
Subject: Re: Signature algorithm should be same for client, sts and service?

It appears the client did not send a secure message here :
> Security Requirements not met - No
> Security header in message

Can you do a message dump on the server and see what is being sent.

On Apr 25, 2012, at 4:33 AM, gchoi wrote:

>
> Signature algorithm for my client and serivice certificate is  
> SHA1withRSA
> while sts certificate is  SHA256withRSA. It could be a problem? When  
> client
> call service, it returns Invalid Security Header message. Client-STS-
> Client
> call looks good. I am using UserNameToken with symmetric key bindings.
>
>
> Apr 24, 2012 6:03:55 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube
> processClientResponsePacket
> SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound  
> Message.
> com.sun.xml.wss.XWSSecurityException: Security Requirements not met  
> - No
> Security header in message
>        at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.createMessage(SecurityRecipient.java:925)
>        at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:
> 248)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl
> .SecurityClientTube
> .processClientResponsePacket(SecurityClientTube.java:434)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
>        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
>        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
>        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
>        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
>        at com.sun.xml.ws.client.Stub.process(Stub.java:429)
>        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
> 168)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 119)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 102)
>        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
>        at $Proxy40.doubleIt(Unknown Source)
>        at client.WSClient.doubleIt(WSClient.java:76)
>        at client.WSClient.main(WSClient.java:69)
> Exception in thread "main" javax.xml.ws.WebServiceException:  
> WSSTUBE0025:
> Error in Verifying Security in the Inbound Message.
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl
> .SecurityClientTube
> .processClientResponsePacket(SecurityClientTube.java:439)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
>        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
>        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
>        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
>        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
>        at com.sun.xml.ws.client.Stub.process(Stub.java:429)
>        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
> 168)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 119)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 102)
>        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
>        at $Proxy40.doubleIt(Unknown Source)
>        at client.WSClient.doubleIt(WSClient.java:76)
>        at client.WSClient.main(WSClient.java:69)
> Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security  
> Header
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 696)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 714)
>        ... 14 more
> Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid  
> Security
> Header
>        at
> com
> .sun
> .xml
> .wss
> .impl
> .SecurableSoapMessage
> .newSOAPFaultException(SecurableSoapMessage.java:349)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 710)
>        ... 14 more
>
> --
> View this message in context:
http://metro.1045641.n5.nabble.com/Signature-algorithm-should-be-same-for-cli
ent-sts-and-service-tp5663537p5663537.html
> Sent from the Metro - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Signature algorithm should be same for client, sts and service?

gchoi
>Can you do a message dump on the server and see what is being sent.
>How do I turn on message dump on the sever side?

Following is server dump message. Does this mean that it couldn't find
service private key? I don't know where did serial number
14478695720124859712 come from? My service, client and sts don't have serial
number with that value.


Service  PrivateKeyEntry
=============================

Alias name: myservicekey
Creation date: Apr 13, 2012
Entry type: trustedCertEntry

Owner: EMAILADDRESS=xxx@xxx, CN=servicecn, OU=xx, O=xxx, L=xxxx,
ST=massachusetts, C=US
Issuer: EMAILADDRESS=xxx@xxx, CN=servicecn, OU=xxx, O=xxx, L=xxxx,
ST=massachusetts, C=US
Serial number: c8eea90bc902c540
Valid from: Tue Apr 10 10:40:33 EDT 2012 until: Fri Apr 08 10:40:33 EDT 2022
Certificate fingerprints:
         MD5:  B2:76:5C:F9:41:52:45:FE:6D:EC:54:FC:5E:A5:EF:6C
         SHA1: 8F:1B:17:A0:AB:6F:8B:C6:02:65:7F:7E:E5:15:9C:79:AE:AE:01:D5
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AC CA 43 29 11 D0 C3 BB   9A 2B 1B 30 F0 BA 8F 4D  ..C).....+.0...M
0010: 8D E1 F4 43                                        ...C
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AC CA 43 29 11 D0 C3 BB   9A 2B 1B 30 F0 BA 8F 4D  ..C).....+.0...M
0010: 8D E1 F4 43                                        ...C
]

]


Server dump
========================

Apr 25, 2012 12:22:37 PM
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getPrivateKey
SEVERE: WSS0222: Unable to locate matching private key for
14478695720124859712:E=xxx@xxx,CN=servicecn,OU=xxx,O=xxx,L=xxxx,S=xxxx,C=US
using CallbackHandler.
Apr 25, 2012 12:22:37 PM
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor
processX509IssuerSerial
SEVERE: WSS1816: Error occurred while resolving Issuer Serial
javax.xml.crypto.KeySelectorException: com.sun.xml.wss.XWSSecurityException:
No Matching private key for serial number 14478695720124859712 and issuer
name E=XXX@XXX,CN=servicecn,OU=xxx,O=xxx,L=xxxx,S=xxxx,C=US found
        at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:412)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:369)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509Data(SecurityTokenProcessor.java:292)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
solveReference(SecurityTokenProcessor.java:161)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:152)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
        at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
ava:208)
        at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.<init>(EncryptedKey.ja
va:131)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:157)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
        at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
.java:156)
        at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.<init>(EncryptedData.
java:113)
        at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
der(SecurityRecipient.java:458)
        at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
rityRecipient.java:291)
        at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
ecurityRecipient.java:241)
        at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
Base.java:450)
        at
com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
be.java:295)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
        at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)
        at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)
        at
com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)
        at
com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)
        at
com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)
        at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
er.java:206)
        at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
te.java:159)
        at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
ate.java:194)
        at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
ilterChain.java:305)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
in.java:210)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
a:225)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.jav
a:169)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
java:472)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
sor.java:999)
        at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstract
Protocol.java:565)
        at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:3
07)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.jav
a:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:90
8)
        at java.lang.Thread.run(Thread.java:662)
Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for
serial number 14478695720124859712 and issuer name
E=xxxx@xxxx,CN=servicecn,OU=xxx,O=xxxx,L=xxxx,S=xxxx,C=US found
        at
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
tSecurityEnvironmentImpl.java:644)
        at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:392)
        ... 46 more
Apr 25, 2012 12:22:37 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube
processRequest
SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
com.sun.xml.wss.XWSSecurityException: WSS1816: Error occurred while resolving
Issuer Serial
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:374)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509Data(SecurityTokenProcessor.java:292)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
solveReference(SecurityTokenProcessor.java:161)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:152)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
        at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
ava:208)
        at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.<init>(EncryptedKey.ja
va:131)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:157)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
        at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
.java:156)
        at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.<init>(EncryptedData.
java:113)
        at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
der(SecurityRecipient.java:458)
        at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
rityRecipient.java:291)
        at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
ecurityRecipient.java:241)
        at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
Base.java:450)
        at
com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
be.java:295)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
        at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)
        at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)
        at
com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)
        at
com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)
        at
com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)
        at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
er.java:206)
        at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
te.java:159)
        at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
ate.java:194)
        at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
ilterChain.java:305)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
in.java:210)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
a:225)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.jav
a:169)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
java:472)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
sor.java:999)
        at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstract
Protocol.java:565)
        at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:3
07)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.jav
a:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:90
8)
        at java.lang.Thread.run(Thread.java:662)
Caused by: javax.xml.crypto.KeySelectorException:
com.sun.xml.wss.XWSSecurityException: No Matching private key for serial
number 14478695720124859712 and issuer name
E=xxxx@xxxx,CN=servicecn,OU=xxx,O=xxx,L=xxx,S=xxxxx,C=US found
        at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:412)
        at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:369)
        ... 45 more
Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for
serial number 14478695720124859712 and issuer name
E=xxx@xxx,CN=servicecn,OU=xxxx,O=xxx,L=xxxx,S=xxxx,C=US found
        at
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
tSecurityEnvironmentImpl.java:644)
        at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:392)
        ... 46 more


-----Original Message-----
From: Gina Choi [mailto:[hidden email]]
Sent: Wednesday, April 25, 2012 9:57 AM
To: [hidden email]; [hidden email]
Subject: RE: Signature algorithm should be same for client, sts and service?

>Can you do a message dump on the server and see what is being sent.
How do I turn on message dump on the sever side?

-----Original Message-----
From: kumarjayanti [mailto:[hidden email]]
Sent: Tuesday, April 24, 2012 9:24 AM
To: [hidden email]
Subject: Re: Signature algorithm should be same for client, sts and service?

It appears the client did not send a secure message here :
> Security Requirements not met - No
> Security header in message

Can you do a message dump on the server and see what is being sent.

On Apr 25, 2012, at 4:33 AM, gchoi wrote:

>
> Signature algorithm for my client and serivice certificate is  
> SHA1withRSA
> while sts certificate is  SHA256withRSA. It could be a problem? When  
> client
> call service, it returns Invalid Security Header message. Client-STS-
> Client
> call looks good. I am using UserNameToken with symmetric key bindings.
>
>
> Apr 24, 2012 6:03:55 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube
> processClientResponsePacket
> SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound  
> Message.
> com.sun.xml.wss.XWSSecurityException: Security Requirements not met  
> - No
> Security header in message
>        at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.createMessage(SecurityRecipient.java:925)
>        at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:
> 248)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl
> .SecurityClientTube
> .processClientResponsePacket(SecurityClientTube.java:434)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
>        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
>        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
>        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
>        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
>        at com.sun.xml.ws.client.Stub.process(Stub.java:429)
>        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
> 168)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 119)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 102)
>        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
>        at $Proxy40.doubleIt(Unknown Source)
>        at client.WSClient.doubleIt(WSClient.java:76)
>        at client.WSClient.main(WSClient.java:69)
> Exception in thread "main" javax.xml.ws.WebServiceException:  
> WSSTUBE0025:
> Error in Verifying Security in the Inbound Message.
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl
> .SecurityClientTube
> .processClientResponsePacket(SecurityClientTube.java:439)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
>        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
>        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
>        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
>        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
>        at com.sun.xml.ws.client.Stub.process(Stub.java:429)
>        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
> 168)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 119)
>        at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 102)
>        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
>        at $Proxy40.doubleIt(Unknown Source)
>        at client.WSClient.doubleIt(WSClient.java:76)
>        at client.WSClient.main(WSClient.java:69)
> Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security  
> Header
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 696)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 714)
>        ... 14 more
> Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid  
> Security
> Header
>        at
> com
> .sun
> .xml
> .wss
> .impl
> .SecurableSoapMessage
> .newSOAPFaultException(SecurableSoapMessage.java:349)
>        at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 710)
>        ... 14 more
>
> --
> View this message in context:
http://metro.1045641.n5.nabble.com/Signature-algorithm-should-be-same-for-cli
ent-sts-and-service-tp5663537p5663537.html
> Sent from the Metro - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Signature algorithm should be same for client, sts and service?

kumarjayanti
Hi,

   Firstly this exception now seems different from the earlier exception that you sent.  So did you change something in the client side wsit configuration ?. 

 To enable message dumping here is what you need to do in jvm-options 

- Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true

  It appears the client runtime picked up some certificate of the server which does not exist in the server's  keystore.


On Apr 25, 2012, at 10:20 PM, Gina Choi wrote:

Can you do a message dump on the server and see what is being sent.
How do I turn on message dump on the sever side?

Following is server dump message. Does this mean that it couldn't find
service private key? I don't know where did serial number
14478695720124859712 come from? My service, client and sts don't have serial
number with that value.


Service  PrivateKeyEntry
=============================

Alias name: myservicekey
Creation date: Apr 13, 2012
Entry type: trustedCertEntry

Owner: EMAILADDRESS=xxx@xxx, CN=servicecn, OU=xx, O=xxx, L=xxxx,
ST=massachusetts, C=US
Issuer: EMAILADDRESS=xxx@xxx, CN=servicecn, OU=xxx, O=xxx, L=xxxx,
ST=massachusetts, C=US
Serial number: c8eea90bc902c540
Valid from: Tue Apr 10 10:40:33 EDT 2012 until: Fri Apr 08 10:40:33 EDT 2022
Certificate fingerprints:
        MD5:  B2:76:5C:F9:41:52:45:FE:6D:EC:54:FC:5E:A5:EF:6C
        SHA1: 8F:1B:17:A0:AB:6F:8B:C6:02:65:7F:7E:E5:15:9C:79:AE:AE:01:D5
        Signature algorithm name: SHA1withRSA
        Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AC CA 43 29 11 D0 C3 BB   9A 2B 1B 30 F0 BA 8F 4D  ..C).....+.0...M
0010: 8D E1 F4 43                                        ...C
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
 CA:true
 PathLen:2147483647
]

#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AC CA 43 29 11 D0 C3 BB   9A 2B 1B 30 F0 BA 8F 4D  ..C).....+.0...M
0010: 8D E1 F4 43                                        ...C
]

]


Server dump
========================

Apr 25, 2012 12:22:37 PM
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getPrivateKey
SEVERE: WSS0222: Unable to locate matching private key for
14478695720124859712:E=xxx@xxx,CN=servicecn,OU=xxx,O=xxx,L=xxxx,S=xxxx,C=US
using CallbackHandler.
Apr 25, 2012 12:22:37 PM
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor
processX509IssuerSerial
SEVERE: WSS1816: Error occurred while resolving Issuer Serial
javax.xml.crypto.KeySelectorException: com.sun.xml.wss.XWSSecurityException:
No Matching private key for serial number 14478695720124859712 and issuer
name E=XXX@XXX,CN=servicecn,OU=xxx,O=xxx,L=xxxx,S=xxxx,C=US found
at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:412)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:369)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509Data(SecurityTokenProcessor.java:292)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
solveReference(SecurityTokenProcessor.java:161)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:152)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
ava:208)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.<init>(EncryptedKey.ja
va:131)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:157)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
.java:156)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.<init>(EncryptedData.
java:113)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
der(SecurityRecipient.java:458)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
rityRecipient.java:291)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
ecurityRecipient.java:241)
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
Base.java:450)
at
com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
be.java:295)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)
at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)
at
com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)
at
com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)
at
com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)
at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
er.java:206)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
te.java:159)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
ate.java:194)
at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
ilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
in.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
a:225)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.jav
a:169)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
sor.java:999)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstract
Protocol.java:565)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:3
07)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.jav
a:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:90
8)
at java.lang.Thread.run(Thread.java:662)
Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for
serial number 14478695720124859712 and issuer name
E=xxxx@xxxx,CN=servicecn,OU=xxx,O=xxxx,L=xxxx,S=xxxx,C=US found
at
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
tSecurityEnvironmentImpl.java:644)
at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:392)
... 46 more
Apr 25, 2012 12:22:37 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube
processRequest
SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
com.sun.xml.wss.XWSSecurityException: WSS1816: Error occurred while resolving
Issuer Serial
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:374)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509Data(SecurityTokenProcessor.java:292)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
solveReference(SecurityTokenProcessor.java:161)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:152)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
ava:208)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.<init>(EncryptedKey.ja
va:131)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:157)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
.java:156)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.<init>(EncryptedData.
java:113)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
der(SecurityRecipient.java:458)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
rityRecipient.java:291)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
ecurityRecipient.java:241)
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
Base.java:450)
at
com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
be.java:295)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)
at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)
at
com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)
at
com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)
at
com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)
at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
er.java:206)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
te.java:159)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
ate.java:194)
at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
ilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
in.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
a:225)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.jav
a:169)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
sor.java:999)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstract
Protocol.java:565)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:3
07)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.jav
a:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:90
8)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.xml.crypto.KeySelectorException:
com.sun.xml.wss.XWSSecurityException: No Matching private key for serial
number 14478695720124859712 and issuer name
E=xxxx@xxxx,CN=servicecn,OU=xxx,O=xxx,L=xxx,S=xxxxx,C=US found
at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:412)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:369)
... 45 more
Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for
serial number 14478695720124859712 and issuer name
E=xxx@xxx,CN=servicecn,OU=xxxx,O=xxx,L=xxxx,S=xxxx,C=US found
at
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
tSecurityEnvironmentImpl.java:644)
at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:392)
... 46 more


-----Original Message-----
From: Gina Choi [[hidden email]]
Sent: Wednesday, April 25, 2012 9:57 AM
To: [hidden email]; [hidden email]
Subject: RE: Signature algorithm should be same for client, sts and service?

Can you do a message dump on the server and see what is being sent.
How do I turn on message dump on the sever side?

-----Original Message-----
From: kumarjayanti [[hidden email]]
Sent: Tuesday, April 24, 2012 9:24 AM
To: [hidden email]
Subject: Re: Signature algorithm should be same for client, sts and service?

It appears the client did not send a secure message here :
Security Requirements not met - No
Security header in message

Can you do a message dump on the server and see what is being sent.

On Apr 25, 2012, at 4:33 AM, gchoi wrote:


Signature algorithm for my client and serivice certificate is  
SHA1withRSA
while sts certificate is  SHA256withRSA. It could be a problem? When  
client
call service, it returns Invalid Security Header message. Client-STS-
Client
call looks good. I am using UserNameToken with symmetric key bindings.


Apr 24, 2012 6:03:55 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube
processClientResponsePacket
SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound  
Message.
com.sun.xml.wss.XWSSecurityException: Security Requirements not met  
- No
Security header in message
      at
com
.sun
.xml
.ws
.security
.opt
.impl
.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:925)
      at
com
.sun
.xml
.ws
.security
.opt
.impl
.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:
248)
      at
com
.sun
.xml
.wss
.jaxws
.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
      at
com
.sun
.xml
.wss
.jaxws
.impl
.SecurityClientTube
.processClientResponsePacket(SecurityClientTube.java:434)
      at
com
.sun
.xml
.wss
.jaxws
.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
      at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
      at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
      at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
      at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
      at com.sun.xml.ws.client.Stub.process(Stub.java:429)
      at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
168)
      at
com
.sun
.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
119)
      at
com
.sun
.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
102)
      at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
      at $Proxy40.doubleIt(Unknown Source)
      at client.WSClient.doubleIt(WSClient.java:76)
      at client.WSClient.main(WSClient.java:69)
Exception in thread "main" javax.xml.ws.WebServiceException:  
WSSTUBE0025:
Error in Verifying Security in the Inbound Message.
      at
com
.sun
.xml
.wss
.jaxws
.impl
.SecurityClientTube
.processClientResponsePacket(SecurityClientTube.java:439)
      at
com
.sun
.xml
.wss
.jaxws
.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
      at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
      at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
      at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
      at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
      at com.sun.xml.ws.client.Stub.process(Stub.java:429)
      at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
168)
      at
com
.sun
.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
119)
      at
com
.sun
.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
102)
      at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
      at $Proxy40.doubleIt(Unknown Source)
      at client.WSClient.doubleIt(WSClient.java:76)
      at client.WSClient.main(WSClient.java:69)
Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security  
Header
      at
com
.sun
.xml
.wss
.jaxws
.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
696)
      at
com
.sun
.xml
.wss
.jaxws
.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
714)
      ... 14 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid  
Security
Header
      at
com
.sun
.xml
.wss
.impl
.SecurableSoapMessage
.newSOAPFaultException(SecurableSoapMessage.java:349)
      at
com
.sun
.xml
.wss
.jaxws
.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
710)
      ... 14 more

--
View this message in context:
http://metro.1045641.n5.nabble.com/Signature-algorithm-should-be-same-for-cli
ent-sts-and-service-tp5663537p5663537.html
Sent from the Metro - Users mailing list archive at Nabble.com.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Signature algorithm should be same for client, sts and service?

gchoi

 

   >Firstly this exception now seems different from the earlier exception that you sent.  So did you change something in the client side wsit configuration ?. 

Previous exception is from client side. The one that sent to you is from server side. I obtained it by setting com.sun.xml.ws.transport.http.HttpAdapter.dump=true.

 

 

 >To enable message dumping here is what you need to do in jvm-options 

>- Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true

I set Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true and result is same as setting com.sun.xml.ws.transport.http.HttpAdapter.dump=true.

 

 

  >It appears the client runtime picked up some certificate of the server which does not exist in the server's  keystore.

When the client send request to STS, I don’t see <X509SerialNumber>14478695720124859712</X509SerialNumber> in the request, but STS respond client with <X509SerialNumber>14478695720124859712</X509SerialNumber>. Service keystore doesn’t have serial number  14478695720124859712 that’s why exception was thrown. Is this an incompatibility issue between client and STS? Could you tell me how does STS get X509SecrialNmuber value of 14478695720124859712 ?

 

I listed both server and client log and server dump message.

 

1.       Server dump

 

Apr 26, 2012 4:35:32 PM com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getPrivateKey

SEVERE: WSS0222: Unable to locate matching private key for 14478695720124859712:E=[hidden email],CN=servicecn,OU=SCT,O=XXX,L=reading,S=massachusetts,C=US using CallbackHandler.

Apr 26, 2012 4:35:32 PM com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor processX509IssuerSerial

SEVERE: WSS1816: Error occurred while resolving Issuer Serial

javax.xml.crypto.KeySelectorException: com.sun.xml.wss.XWSSecurityException: No Matching private key for serial number 14478695720124859712 and issuer name E=[hidden email],CN=servicecn,OU=SCT,O=XXX,L=reading,S=massachusetts,C=US found

                at com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial(KeySelectorImpl.java:412)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.processX509IssuerSerial(SecurityTokenProcessor.java:369)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.processX509Data(SecurityTokenProcessor.java:292)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.resolveReference(SecurityTokenProcessor.java:161)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processKeyInfo(KeyInfoProcessor.java:152)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(KeyInfoProcessor.java:132)

                at com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.java:208)

                at com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.<init>(EncryptedKey.java:131)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processKeyInfo(KeyInfoProcessor.java:157)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(KeyInfoProcessor.java:132)

                at com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData.java:156)

                at com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.<init>(EncryptedData.java:113)

                at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:458)

                at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:291)

                at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:241)

                at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)

                at com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTube.java:295)

                at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)

                at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)

                at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)

                at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)

                at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)

                at com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)

                at com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)

                at com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)

                at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:206)

                at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:159)

                at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:194)

                at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)

                at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)

                at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)

                at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)

                at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)

                at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

                at java.lang.Thread.run(Thread.java:662)

Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for serial number 14478695720124859712 and issuer name E=[hidden email],CN=servicecn,OU=SCT,O=XXX,L=reading,S=massachusetts,C=US found

                at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(DefaultSecurityEnvironmentImpl.java:644)

                at com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial(KeySelectorImpl.java:392)

                ... 46 more

Apr 26, 2012 4:35:32 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube processRequest

SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.

com.sun.xml.wss.XWSSecurityException: WSS1816: Error occurred while resolving Issuer Serial

                at com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.processX509IssuerSerial(SecurityTokenProcessor.java:374)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.processX509Data(SecurityTokenProcessor.java:292)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.resolveReference(SecurityTokenProcessor.java:161)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processKeyInfo(KeyInfoProcessor.java:152)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(KeyInfoProcessor.java:132)

                at com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.java:208)

                at com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.<init>(EncryptedKey.java:131)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processKeyInfo(KeyInfoProcessor.java:157)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(KeyInfoProcessor.java:132)

                at com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData.java:156)

                at com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.<init>(EncryptedData.java:113)

                at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:458)

                at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:291)

                at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:241)

                at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)

                at com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTube.java:295)

                at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)

                at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)

                at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)

                at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)

                at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)

                at com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)

                at com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)

                at com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)

                at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:206)

                at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:159)

                at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:194)

                at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)

                at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)

                at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)

                at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)

                at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)

                at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

                at java.lang.Thread.run(Thread.java:662)

Caused by: javax.xml.crypto.KeySelectorException: com.sun.xml.wss.XWSSecurityException: No Matching private key for serial number 14478695720124859712 and issuer name E=[hidden email],CN=servicecn,OU=SCT,O=XXX,L=reading,S=massachusetts,C=US found

                at com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial(KeySelectorImpl.java:412)

                at com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.processX509IssuerSerial(SecurityTokenProcessor.java:369)

                ... 45 more

Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for serial number 14478695720124859712 and issuer name E=[hidden email],CN=servicecn,OU=SCT,O=XXX,L=reading,S=massachusetts,C=US found

                at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(DefaultSecurityEnvironmentImpl.java:644)

                at com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial(KeySelectorImpl.java:392)

                ... 46 more

 

 

2.      Client side dump

 

 

[INFO] --- exec-maven-plugin:1.2:exec (default-cli) @ client ---

Apr 26, 2012 4:35:22 PM [com.sun.xml.ws.policy.parser.PolicyConfigParser]  parse

INFO: WSP5018: Loaded WSIT configuration from file: file:/C:/gina/test/DoubleIt/client/target/classes/wsit-client.xml.

Apr 26, 2012 4:35:22 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]  selectAlternatives

WARNING: WSP0075: Policy assertion "{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as "UNSUPPORTED".

Apr 26, 2012 4:35:22 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]  selectAlternatives

WARNING: WSP0075: Policy assertion "{http://schemas.sun.com/2006/03/wss/server}TrustStore" was evaluated as "UNSUPPORTED".

Apr 26, 2012 4:35:22 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]  selectAlternatives

WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "PARTIALLY_SUPPORTED".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.parser.PolicyConfigParser]  parse

INFO: WSP5018: Loaded WSIT configuration from file: file:/C:/gina/test/DoubleIt/client/target/classes/wsit-client.xml.

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]  selectAlternatives

WARNING: WSP0075: Policy assertion "{http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthentication" was evaluated as "UNKNOWN".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]  selectAlternatives

WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "PARTIALLY_SUPPORTED".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]  selectAlternatives

WARNING: WSP0075: Policy assertion "{http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthentication" was evaluated as "UNKNOWN".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]  selectAlternatives

WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "PARTIALLY_SUPPORTED".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]  selectAlternatives

WARNING: WSP0075: Policy assertion "{http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthentication" was evaluated as "UNKNOWN".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]  selectAlternatives

WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "PARTIALLY_SUPPORTED".

Apr 26, 2012 4:35:26 PM com.sun.xml.ws.security.impl.policy.Constants log_invalid_assertion

WARNING: SP0100: Policy assertion Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {

    assertion data {

        namespace = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

        prefix = 'sp'

        local name = 'SpnegoContextToken'

        value = 'null'

        optional = 'false'

        ignorable = 'false'

        attributes {

            name = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken', value = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient'

        }

    }

    no parameters

    nested policy {

        namespace version = 'v1_5'

        id = 'null'

        name = 'null'

        vocabulary {

            1. entry = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'

            2. entry = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'

            3. entry = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'

            4. entry = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys'

        }

        assertion set {

            Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] {

                assertion data {

                    namespace = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

                    prefix = 'sp'

                    local name = 'MustNotSendAmend'

                    value = 'null'

                    optional = 'false'

                    ignorable = 'false'

                    no attributes

                }

                no parameters

                no nested policy

            }

            Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] {

                assertion data {

                    namespace = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

                    prefix = 'sp'

                    local name = 'MustNotSendCancel'

                    value = 'null'

                    optional = 'false'

                    ignorable = 'false'

                    no attributes

                }

                no parameters

                no nested policy

            }

            Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] {

                assertion data {

                    namespace = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

                    prefix = 'sp'

                    local name = 'MustNotSendRenew'

                    value = 'null'

                    optional = 'false'

                    ignorable = 'false'

                    no attributes

                }

                no parameters

                no nested policy

            }

            Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] {

                assertion data {

                    namespace = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

                    prefix = 'sp'

                    local name = 'RequireDerivedKeys'

                    value = 'null'

                    optional = 'false'

                    ignorable = 'false'

                    no attributes

                }

                no parameters

                no nested policy

            }

        }

    }

} is not supported under Token assertion.

---[HTTP request - https://strts01.ams.dev/adfs/services/trust/13/usernamemixed]---

Accept: application/soap+xml, multipart/related

Content-Type: application/soap+xml; charset=utf-8;action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"

User-Agent: Metro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000) JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown

<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-

wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.

0:assertion"><S:Header><To xmlns="http://www.w3.org/2005/08/addressing">https://strts01.ams.dev/adfs/services/trust/13/usernamemixed</To><Action xmlns="http://www.w3.org/2005/08/addressing">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</

Action><ReplyTo xmlns="http://www.w3.org/2005/08/addressing">

    <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>

</ReplyTo><FaultTo xmlns="http://www.w3.org/2005/08/addressing">

    <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>

</FaultTo><MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:3cd16508-73fa-417d-9be1-81fadf6af886</MessageID><wsse:Security S:mustUnderstand="true"><wsu:Timestamp xmlns:ns16="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xm

lns:ns15="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_1"><wsu:Created>2012-04-26T20:35:27Z</wsu:Created><wsu:Expires>2012-04-26T20:40:27Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:ns16="http://docs.oasis-open.org/ws-sx/ws-securec

onversation/200512" xmlns:ns15="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="uuid_1671eef1-54d0-4c2f-b563-89108788d773"><wsse:Username>xxxxxx</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-user

name-token-profile-1.0#PasswordText">xxxxxx</wsse:Password></wsse:UsernameToken></wsse:Security></S:Header><S:Body><trust:RequestSecurityToken xmlns:ns10="http://www.w3.org/2000/09/xmldsig#" xmlns:ns13="http://www.w3.org/2001/10/xml-exc-c14n#" xml

ns:ns4="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:ns9="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:sc="http://docs.oasis-open.org/ws-sx/

ws-secureconversation/200512" xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/

oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-

trust/200512/Issue</trust:RequestType><wsp:AppliesTo><wsa:EndpointReference><wsa:Address>https://wkengchoi.global.sdl.corp:8443/doubleit/services/doubleit</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><trust:SecondaryParameters><trust:TokenTyp

e>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType><trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType><trust:KeySize>256</trust:KeySize></trust:SecondaryParameters><trust:Entropy><trust:BinarySecret Type

="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">2y4esJ57MX0he22+mxTw5DIkiVi1H7PE7Pkba1oGUpI=</trust:BinarySecret></trust:Entropy><trust:ComputedKeyAlgorithm>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</trust:ComputedKeyAlgorit

hm></trust:RequestSecurityToken></S:Body></S:Envelope>--------------------

 

---[HTTP response - https://strts01.ams.dev/adfs/services/trust/13/usernamemixed - 200]---

null: HTTP/1.1 200 OK

Content-Length: 11986

Content-Type: application/soap+xml; charset=utf-8

Date: Thu, 26 Apr 2012 20:34:50 GMT

Server: Microsoft-HTTPAPI/2.0

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://

docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</a:Action><a:RelatesTo>uuid:3cd16508-73fa-417d-9be1-81fadf6af886</a:RelatesTo><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-sece

xt-1.0.xsd"><u:Timestamp u:Id="_0"><u:Created>2012-04-26T20:34:50.905Z</u:Created><u:Expires>2012-04-26T20:39:50.905Z</u:Expires></u:Timestamp></o:Security></s:Header><s:Body><trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasi

s-open.org/ws-sx/ws-trust/200512"><trust:RequestSecurityTokenResponse><trust:Entropy><trust:BinarySecret>W7YvDDJHQpKs7aTdocEwoC09jl8OjI4YTOrWI4CPpVk=</trust:BinarySecret></trust:Entropy><trust:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.o

rg/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2012-04-26T20:34:50.890Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2012-04-26T21:34:50.890Z</wsu:Expires></trus

t:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://wkengchoi.global.sdl.corp:8443/doubleit/services/doubleit</wsa:Address></w

sa:EndpointReference></wsp:AppliesTo><trust:RequestedSecurityToken><xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#a

es256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod Algorithm="http://www.w3.org/200

0/09/xmldsig#sha1"/></e:EncryptionMethod><KeyInfo><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><X509Data><X509IssuerSerial><X509IssuerName>E=[hidden email], CN=servicecn, OU=SCT,

O=XXX, L=reading, S=massachusetts, C=US</X509IssuerName><X509SerialNumber>14478695720124859712</X509SerialNumber></X509IssuerSerial></X509Data></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>dXxjs6e+gZTeEGM9+x6lIi9Y9u38ylnu7PmAjZ

umFaD5+0vFqrMZHJR2S8YfF657TuHGkChtvSvDTcvfnU3MwoJmv5egaj1pMCTMC0JVimNCMGRDMlrAArY9aZf/WJFverQbVf+McnA8g1Hp0fdG2Q3AcptRgMui3DHleQGS32a3yUFWA4sKeYqYlq+j5Ut4gsX0HFh5VI4xG6VmTYXeJnopnLT17IQ7h6h6UWVIPimVFJaWUCozCVM2fGmquXnY72K0vV4bXi5Bq2Y5Mb2sa1dez/NU2T59

I/vDgGEfcMvmDkrKO4RPM59kpUm3Jv7kl7NZgCP/dBD0MB5xBL4BvA==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo><xenc:CipherData><xenc:CipherValue>xvnKqGMIlfPz/YFqYULyL8bWGvL0zBgG92Vdp245ltKCVdnTahgHgb9dWvdHYhKOgOIFld75e4uSL3cA4IlyuAU38OjR/wdXoWYQd

HBmk4hBAL070lxC9QoLaJE+2usrWs1sRMqpDG7/5J2sR2rlQuMubrzt/kX2uLipC+fmMgfDeqmvqZO9TsWkjkwJyMYCYeBp+HdgFrxVvuZjMBoBsta7L5FaYUeOxuRVuPg6pM+4+BCZvwO9DPPGCUOIMCdLsaE90pmZiHfFBMteRAMQDx8uahkXd/RElTrD6xB84c0mDuKlBXlsmrzS/zGxbdDpgCZAyqO4UdcpOncbCCwHJlw4TbW6/Bz

c+kcRzcqpnP9cPvsY4mzoIr9fH4JDxzTGw8UldhtfPW5/mu09PUhJgL/1DabORPpIrXwk6Jo89fC2wuhI3eSnOlTrdqqjzR0hSdPoe1wQZHWqi0pB4Ii/c9L0SkY7ExIPZbk7QhxITMgNvubA3nnQZC3JpPM5PT55oDzCwKMOMiGT1kgYqbCa0vc2KbjLwi79hW0ahJON0K+DdpsS0SGpsoe+9XjRK34xKtLQeBkNe/V12TXG3+P08LsM+

P83q2cc7sHO8WQh8GwAF/yh7OFFgQ/W1Gxu7aMRBHJPkvCzMweGZgVyglzwAbCW84zGb9GUXC7WAC6B/9P2xaB25XVKhCCMQQCNLfMASriPVJFHyGIA7H5mA6tk2YiAj258WtlukvcSfiHAakHGPBQcI/5KTOdf4zS8JT9Tc6YeRrOZH6wD6EUXcViGh0BYSlWUyjHVn2QAGhTSitI64TwbaOk4rRD9KeEqbhdICoxbK5L2tiQBcQYboE2

fVD++VfDwK6a1Yeste2f4L8Tqc6fYATL/9N0YXzkNGS57uwUCOGCgIpVfyC2fOOGjExjP7WwUiJaUOsRzAwBjejyimvztZO8YNPz7IMX4mF/FehJYyrIY92gxJFrSdE5viNpxZgavnncvt5lltmnqWIEh6yaQV6nV01JBWCB99jvPzm6bzDNKQkmHGxR0NFdaBbzpZXkDbY1lhEnuY84AhgJcexFnEiXMKwU/eDjZTr4eQaMDriPEMRlwp

FQ4uZB3nvYOut72qA74Y0fJkJVE2hCpqzu8z907cvdSrCAznWThzbtbomJpaKn4or4h2/Nl1XQaIVMViVussPJCxRhEwUEu9vGeVDe+hBa5m5TsD1Pe7tJePinXu0Dmzsf1SLyabt37vEyRkGlSYZFaKS+f8PzMg4ifpLT5/U5jOuQK3qd3KCTAWq23p5YLl/81yjSYEZWJMlGbQj/EU5RnCdtxtA5Lv72LQPOZyf5APqHK13kM2VblKZ+

EVduoxG6ftrtMI3T0GzWm8LcQK3ohMQmwgSng+jw6AzIgD4lzlczIUpexpjD1JjjswsAM579rTPjqnJrMrn08dMafQ/rRGtT6AZx5ntN4TTSJiMXK+bBgvSwdu+/GwnMfVEyJSllYTGBTG3RPji3OLab76/WSmDY25uyiYE7S0jDkWogI5/hA/flozJEuRQa2tOVrkcArnV1TG6kVYVbRRjVRB78SkMhMhaxwbvsNcAG+7soQO7uR34FzT

UHFhuLk2k4F26X++RI2Z0J+jqpzXgFKH1sYLx+mhb8OkxPkWq0/cro7euLUCdGTJqj+9jYgyPQab4R1/7V7ZHlWdqMwdOccKj96WBT8NGq5gDQsh6+oEYI3C5ZwcXifsop80WefxznChqBzoclz+1QJK0LIqksRoGp/j0lLFQoXMCds9XWrv6a/jAAyCt7jm13NTIRswFFgHnk35SoyAcgzOL7ay0FC/Dl0MWJqVn/h6jV+PsmMu1hgV39

c2/l1bbNcedG7WNqSUxtSxvidhPHcDV/4/hlX7eV/YkNQXwHuhjZ3C8Sgv+Om3xG8rjqd4EZ1F87GqNoGjROvOnaszOztYvPGTVZPHKfEyRGk9Vj2PAGkZiJM2haczGToennFqGPFMPKIhv9XWcwSJ6Wky0WCfmetPB+M/uBQE312/g9gLppiESgLeOj20/QbGX+BL+FZhknt2YSF9EVCHdA95gw7ZBKw49x2ip8YcIJdPp/djK3ZJhNds

MYAB6fZ5FfQOOTtU/sOoHHUZ9rrfzbcUSVAw47aa9kYX/HJVIcOP06zakmJBqp6qkjrLcSEoLd4RoDiVOGGDIvCIGZJq0QM3wFCfKAq9555+niSWpyF8iXQiDyTACtz6yrdmUG+w76gsv+a2QGv80jN0w+3JPuduj5Oh64mmIPBoKqGjewLraBSqCIqOES7mnglolBdOIgdFGB/wHxy+qXSJ+WM3IdULnC8xtOZnUbkEl7L7Xq/y2UofFb

8dCVVLO5Kin1G7mLJu1ZpZzOSHgGjUI0ewrYFUBuqQAKMU/bx4+0QSFw0ISKp3oLu36vdpwXonlJagpDjRIKtu61ZN3MXcYGyJFOu3mQw54GMldaJsO4xtN6HHtHncRh928hVP0X/hWXQOzJi+GEfxPbGV/HCdVEBjXqYOP8rHGqgqFo37LVPGPlRZUVjnkU5C2gw9pwVRfDZXf0etr8W17BZW8eKWwsO/jyeAQqTpZkRIC6xB0GcO7iA7

Vqzx8rtKFrlACd6PhG8ns59OqzUsa2p8qfYumzR8YFGmaytoixU6qPHkxaZvJanhhrkXv/9JfeXvYi8Ku1wcypUG1+E4LeBlg0ybsxBjL9LQWYnlvm7oM1F2XNQoeSPGTpmJZQsVdJYZfkXvr9UIsF7wJlpceHfHgBwe0kXWJG9MjGqZ/PP2isnXMsNytDzbLxwWKrb9votmTZIpK61ec/9Qrzw2MDZaa6sOgVFDZViu+HGclTxrymxV6t

ihtivYMAvYflVYwtHAakolA1ZvRmsASK7d5S0Pxd68O0NPWU0tonFdQTqGpceHPu6IhnLBK2q1f19NzfE24YnkB315fnLZmyZBq9pyq45CrPK9/cWfcS5LoUPmFdNYEE0g4YGPRPusZ6TiqVOVEhahn0qskuqQrgzrWGYpN4BPymubpK9IWOvcClFD8hwsKCfZZrxc4SG9YWjU+3yp/trA/3bFbPITX8rojxgEJ7Xzqcn+ZXnIPmx3rhyU

02xq1zIOVXM0KnmNy3AA9veuV3duqvmLc/pPTDMCvqChyVdw6vtZsS3uszSLOzAYIQMmenFAP4+TQ4ptZogu6zI3e8lKez9fa0XkyWZ1Mk5DFKwDSVIPv/7VLWeCDJ3ASDpeoSqJV7Aozjpb8/h/nBZAZw3zMbUOYicWdwlhxgNw2LLsbNwrPy5qdSKY9hHCzmFA6EnlNSLveVBH4J2tt18ylQPE1nMTUF+5kK9J54QyPWwxgjLamTZsQX

xspRi0EBoS93tMhHpuA1uGRXPTApt6SF4uiCyM6SStwWUNrP0TPNGJ55Z/pCrGakfI9kIuUYPOi81rHOYt2DCTklrLVqqbuaD+clbDoec8oB7TeeD7uOkxfmGehacs2BDuJMQEUc1/sW6RyMBp1wvXR2OkxDoGH3hNf6S8bpxkA3xJMU+s8lBDOZ5DbePIH8dE8m/QjUFWwwwJ61xFlMrmQc+ORQxbitXr7FxlQpqObwXMt9zWhJb6K5Sg

7j9RKgaTBBJZaKSWv+3N+aEmadoo5eO+nQKGSvR6XtO/SfmcKNPnRfDe3jKO12F/A4j6meSAwUdUTQv7Hz5ZjzlTTFK0YGJtyHGXTIjX7tuUcCx+d8PMBNXRqESot2Wahwr83LDapLw8Fp2KupyOemoL9m0EHMJ0SKPxSmOhFwwiKMA3NKFdBZDBgGu5xRv0IifNmxlC+YJUl/s+cDGGqssNX9qpm0LC65pxPcPDzPLjXTa16jdDnqV/Ih

NcAO9fvSWUM17e26ziy5P/m2VqkINhyap+0vP7j2SSZ7i0IEJGLayHlOB+/WOj5elV9K9wwxXJftCwMIaPi/ymCA9cSwYAwg8TxRhdXVHwFTRUHmv4orODDXilqtGV+QxeieduyW/PX+taf0n9Kn/+/6+dO0bDEqQT2sw/49Butr8V+UTdCHocJM97F2QoANMLa65YcpHoIxIdYHwLigL6fOSzFN8OydqViDs8vkFtksnlB7B1ukuPiz9j

8ljxPu5o6LKrCk+sTCIPuE9nOZMsuyppCLmdOC3E7n8Hu5GS7dnhwy0veh3zVOevqiXzUTLForEQMaqjg3NL2Hb5IQ0zYtZ3FI98DY/pTE9azya8SMYzW+ooAAKHHUn08cMBFRTlgHYV9XXG5Vj/BDTrERH2S07sbhBFeA/avKjZ8/lKy/NBQYlfgCC6KiXE0PxF03q4kne6OZOLbfH7hofduH0Yi7TeTuIorT9ML07zG1GMeneKCNfOqt

oD4tZYQqTieWwGg/7YCnW7LZu1s7bo/9YW8kFJklQhCZhWKslGHJJd2DqmvPVI2tmoVDxGPNn1kB3cBTvQ5ubqOUMSawWzaDEMG4Brn3io2MK9jh9eAhjoX281+n7TIQhc73SN2l9YIOUgEXXedu2Gd68oIu7GJIKmI4eezQXYnFlhwuyDPjI5JLTJ5atpQQhOb55MCMj6hFlIBDy6HtnweMUAz7ZBG9p604bn+i8BkGR6u/7cAJ3DRm5B

yycij1g/Brq5F1JZp/xvWeJaunL493aIRMBWKDkdZKD7v0FRVAB/aD4CdR+TSNNLRRpsQiizHaOV/GOSge7eiy0/7hGENLWAeHR8Xlwqd6fX8pttFnGD5D8BM6UjL+T5WvEEwmFMhFIop3+IVzuscL7ph/tl/8ljzJsBUr5jqryaetXObTk547U1zhhf8E3Si3hdcDYtHBJ/pNyIo0cgnZ5tQckTwYWG1YJ5v5gfo5+KGquGEfL797i1co

lN45KrqK9NvNAwBuruBP6dhUHjiG9Vt1eXeCwbB2W46balTDWqf3GgctDabV6z2dccb65dFeT/xyLDmWixlf4WtdK9iQWReHmcKkPd75FabQKGHAGa+p8Xtf0kYrvdq87pYUvXbn01mwflmKeAcRMjgAX3tqWCDGqm9dgr2zGMBpN+zk53dWV6XQHQ98x/k6L81ExyO+CRaeygKYdW7xjHT2wj07IY0tombynkMCQtrCbUqNVoRHgzccAF

6p1xSeCnRoe3tVHYTxQyhXK1ZaQ2HU2Z1r3y0ynhnZAh22a+4MrH1QHsbxcOKELRKn+go8QoTT139nYkIaqNwRyjUWueHDZCa1i22dJYPuvDePFoj/8qUbYycQzGgpM9NxuqQpfxbs8+N5zf78PL7vyTrVNGO2XXXOdmB16hxOXXPHHV8+CJLivJDO+LfskrnOCSGn61QTwfK4v2zZ9xjVr6+LIHuHXfvYFY6IgBCbF5UAoLfNPHHJz239

s2o3Tkh3eadP2PYksq9bwid4Ht/VRqcDYVLpahtMam8uPXI09MzQjfzEqQIvJPQsObA08R994thdXGFHnKE9884o3yhZzIXJCmWv5tVzkW3Ok8yDOE+ryQqGY+bG5CkAF+3RwQiO59GiulCJ4mPorh2yLRFn/CzHapMAexx5/CyMgyTGlwslYHb7ulTHiM751OMSSCSNQx3DawTHOIcRNYz0aOC/MR+ScN8vM/Nc3W+r5JG3UMBDRUvKgF

s+XJAcr2KZ0VvoxqDuVVhpvX4xjKeE0sDBmcVfjDs3qBb4b6b/HggZ+VcZQQ8sGmkCi/0MK5zjh/kHUc6je7k/puzOcO0YtHdpCXKAFrCGKNrUCHCGybomFkJiYTxS8BESIRRuGci9TZCgdpHdzcNIMQKVZ/h8gq2cc6W70tPsH+XijE+FIP2cZ8SvdTgfh6wfacnKoNmH0rUbwKcfOfY0aK12yxD1PNZPZjX778tZJWefFKikHNwTHVrO

ReisqzpJg6YJSxaDjVY1x4Mz8lhVskhU1iizuqqx72cB4X6/zJSNMClc3AIHTj65DAwg0qwWIO6Tj0zLRU3+g3er6uMCDcrtoqmuCFMqci9V7WhX9Jvr7dFGaDnKNxeIthMVV+Y3eo7UJ517Xg9/aac3+HHgXcGTWmTQZQLZI+VZEdUTa1Cot427Jrlma2j2xFBpJ3EDlHTOmzJZ9VTwLZrYNyOfMty2gbPcWL19yb0XINWtIRXMN35DvV

5BtHkPQVngXp4hxUEjO5TBDOjWPwNdtrtRwX68P76w9l/sotCloRuOi2hAxanT8+HnpzA3p0M14KsHvOC2tLL/+zflC3coNXXjJXPwYavz+ou+YH/MZRoVQ/K8hzpjnycYN6Ti+B7AnQhurQ7B8222Axtg3fQ1leV4Gf0wOZSa7nlmbhiYxZtK6iSo6Xdr2AVrHf22de1PnuyxMOv8B1RRNy1fi3xQUdVmYpLGJ/P/Hk3l9gIN+4ocXoMK

2Vd3eAF52FByzwSiCzkgyo0kYyAAu7zx0+LnQ3DnBRV0qkn3EzezhXF47xlULSGl91YybGLdnlgqV+ywQrm87JKEaw60vuAZTgsuR9KlxY3qXmTWTGgSvQOdILNYa0QvS+otNErWeIzDeJFHFSqhbzXJu1n4OehwsalFjNsH1EXIemoZOtJNLO1SBA7aq9x/IE1EK5qYvc48B4RgBjxvuU+vhWdJ5gtGqJSXtXxn+QX20ibFf45CdRQqMR

C/9uYnd6TihAAJIrA7CTPZdQaL/XaIVwVNEYp85EDgilMCVpahnzaMh8ikBqhgxMpK7F21N0NFiIVs9Z09Nxsycfz7nDmG/TKW7HG9TwDGK4QNIBmFaHbqGBT7Hng0JqtxWYxcQaBYUCRRM2hMaa14+RHYDI5PSRCaBIfOgo+2+unTyA1mifG/lSJ6/EseXKav1V1QRwfpCfV+ViSyGU0L95I7+Mo4f230HkmtD8EmxzbvbmuIdaxhKZqu

Z7SKfJEpiw0ktcJ2izJpBjmfSgrWjIMPSJLBuqococ5CK6vk3rq2ikUXfhFxfRP1NPkMaRjA4elH0BB1m4A+ZwupamkXybUlpewR2WsPKNdYmOmPe9q7MtanpLA+2QycV0QEX0+eVM2GnkQU4WRFVG1USlPPJXLIxPXzasIxE8+Y3YSYYegSHPu+QUBG3piJk3S3IJUXJs5BA9oi/dtPOk59vm6KwZdFnainl6E5e2ysrm0nWks+r7N+aQ

FPtDtDhauXNkj25r6hN+1pAHb+4b6vS73WdRaYUHPJevaQzSmsOyryb00Y+TBw9vf2lPr2LpYL41Zw05PQaviVFRIU+/uhJW2zfhKlV3dv1rcVrj4+Xemf0i05iiDJcD1DMB9kHDUQTsCMoZh0E98bfEpcC8UI64sOxndim/rSinQ8+iS53w8in70NXcHTT7+rT/ZvMSrgiDf8mzAKvNbyK/TbWTF5cv9KvjXN4oDrjF/1RTURqfdv31Pr

BrNaegVQOXjIEXMcmechhXz1+Tf8FzmCQWD0GVhRM7PHfe+SQyV8OqWMQ3CoalRdD14ea2aetir7amyRg6Y9MPtDk/dBmR5kA0G8kZp7ZwtRGoBNyzWVT/ofZproHuTbPvucqkieb0yxddNNw4P/ui/3M/flz/NKqV6gKAPLD39cpFVv/W9HuF1h/pKdV8fJ4NhqPQj19Mkq/llMHQ+Wj5iVqGEqbYD6IdQT1w9uxRAjdOPUvOpjPjZgUM

LZ+3WDOC/Dvy9hD+Xt8ZpbD78EiD/PKsbuVBLkwbfv7zysqrrMIrex3J0tQjkDphSnlkbnLA60ME8bw20w4akrrvJInS1wAkmCovWfGIU+PqAqRIxZYk2FF738=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></trust:RequestedSecurityToken><trust:RequestedProofToken><trust:Comp

utedKey>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</trust:ComputedKey></trust:RequestedProofToken><trust:RequestedAttachedReference><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-s

ecext-1.0.xsd"><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_4a11f84f-0228-44a3-8c5a-a302d3fe18cb</o:KeyIdentifier></o:SecurityTokenReference></trust:RequestedAttachedReference><trust:Re

questedUnattachedReference><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertion

ID">_4a11f84f-0228-44a3-8c5a-a302d3fe18cb</o:KeyIdentifier></o:SecurityTokenReference></trust:RequestedUnattachedReference><trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType><trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-

trust/200512/Issue</trust:RequestType><trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType></trust:RequestSecurityTokenResponse></trust:RequestSecurityTokenResponseCollection></s:Body></s:Envelope>--------------

------

 

---[HTTP request - https://wkengchoi.global.sdl.corp:8443/doubleit/services/doubleit]---

Accept: application/soap+xml, multipart/related

Content-Type: application/soap+xml; charset=utf-8;action="http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest"

User-Agent: Metro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000) JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown

<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-

wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/1

0/xml-exc-c14n#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><S:Header><To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">https://wkengchoi.global.sdl.corp:8443/doubleit/services/doubleit</To><Action xmlns="http://www.w3.org/2005/08/a

ddressing" xmlns:S="http://www.w3.org/2003/05/soap-envelope" S:mustUnderstand="true" wsu:Id="_5005">http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest</Action><ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004"

> 

    <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>

</ReplyTo><FaultTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5002">

    <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>

</FaultTo><MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5003">uuid:e534fe0b-5051-4e4b-a6cc-f307702146ac</MessageID><wsse:Security S:mustUnderstand="true"><wsu:Timestamp xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversa

tion/200512" xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3"><wsu:Created>2012-04-26T20:35:31Z</wsu:Created><wsu:Expires>2012-04-26T20:40:31Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xm

lenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:

EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/></e:EncryptionMethod><KeyInfo><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oas

is-200401-wss-wssecurity-secext-1.0.xsd"><X509Data><X509IssuerSerial><X509IssuerName>E=[hidden email], CN=servicecn, OU=SCT, O=XXX, L=reading, S=massachusetts, C=US</X509IssuerName><X509SerialNumber>14478695720124859712</X509SerialNumber></X509Issue

rSerial></X509Data></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>dXxjs6e+gZTeEGM9+x6lIi9Y9u38ylnu7PmAjZumFaD5+0vFqrMZHJR2S8YfF657TuHGkChtvSvDTcvfnU3MwoJmv5egaj1pMCTMC0JVimNCMGRDMlrAArY9aZf/WJFverQbVf+McnA8g1Hp0fdG2Q3AcptRgMui3DHle

QGS32a3yUFWA4sKeYqYlq+j5Ut4gsX0HFh5VI4xG6VmTYXeJnopnLT17IQ7h6h6UWVIPimVFJaWUCozCVM2fGmquXnY72K0vV4bXi5Bq2Y5Mb2sa1dez/NU2T59I/vDgGEfcMvmDkrKO4RPM59kpUm3Jv7kl7NZgCP/dBD0MB5xBL4BvA==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo><xenc:CipherD

ata><xenc:CipherValue>xvnKqGMIlfPz/YFqYULyL8bWGvL0zBgG92Vdp245ltKCVdnTahgHgb9dWvdHYhKOgOIFld75e4uSL3cA4IlyuAU38OjR/wdXoWYQdHBmk4hBAL070lxC9QoLaJE+2usrWs1sRMqpDG7/5J2sR2rlQuMubrzt/kX2uLipC+fmMgfDeqmvqZO9TsWkjkwJyMYCYeBp+HdgFrxVvuZjMBoBsta7L5FaYUeOxuRV

uPg6pM+4+BCZvwO9DPPGCUOIMCdLsaE90pmZiHfFBMteRAMQDx8uahkXd/RElTrD6xB84c0mDuKlBXlsmrzS/zGxbdDpgCZAyqO4UdcpOncbCCwHJlw4TbW6/Bzc+kcRzcqpnP9cPvsY4mzoIr9fH4JDxzTGw8UldhtfPW5/mu09PUhJgL/1DabORPpIrXwk6Jo89fC2wuhI3eSnOlTrdqqjzR0hSdPoe1wQZHWqi0pB4Ii/c9L0SkY7Ex

IPZbk7QhxITMgNvubA3nnQZC3JpPM5PT55oDzCwKMOMiGT1kgYqbCa0vc2KbjLwi79hW0ahJON0K+DdpsS0SGpsoe+9XjRK34xKtLQeBkNe/V12TXG3+P08LsM+P83q2cc7sHO8WQh8GwAF/yh7OFFgQ/W1Gxu7aMRBHJPkvCzMweGZgVyglzwAbCW84zGb9GUXC7WAC6B/9P2xaB25XVKhCCMQQCNLfMASriPVJFHyGIA7H5mA6tk2YiA

j258WtlukvcSfiHAakHGPBQcI/5KTOdf4zS8JT9Tc6YeRrOZH6wD6EUXcViGh0BYSlWUyjHVn2QAGhTSitI64TwbaOk4rRD9KeEqbhdICoxbK5L2tiQBcQYboE2fVD++VfDwK6a1Yeste2f4L8Tqc6fYATL/9N0YXzkNGS57uwUCOGCgIpVfyC2fOOGjExjP7WwUiJaUOsRzAwBjejyimvztZO8YNPz7IMX4mF/FehJYyrIY92gxJFrSdE

5viNpxZgavnncvt5lltmnqWIEh6yaQV6nV01JBWCB99jvPzm6bzDNKQkmHGxR0NFdaBbzpZXkDbY1lhEnuY84AhgJcexFnEiXMKwU/eDjZTr4eQaMDriPEMRlwpFQ4uZB3nvYOut72qA74Y0fJkJVE2hCpqzu8z907cvdSrCAznWThzbtbomJpaKn4or4h2/Nl1XQaIVMViVussPJCxRhEwUEu9vGeVDe+hBa5m5TsD1Pe7tJePinXu0Dm

zsf1SLyabt37vEyRkGlSYZFaKS+f8PzMg4ifpLT5/U5jOuQK3qd3KCTAWq23p5YLl/81yjSYEZWJMlGbQj/EU5RnCdtxtA5Lv72LQPOZyf5APqHK13kM2VblKZ+EVduoxG6ftrtMI3T0GzWm8LcQK3ohMQmwgSng+jw6AzIgD4lzlczIUpexpjD1JjjswsAM579rTPjqnJrMrn08dMafQ/rRGtT6AZx5ntN4TTSJiMXK+bBgvSwdu+/Gwn

MfVEyJSllYTGBTG3RPji3OLab76/WSmDY25uyiYE7S0jDkWogI5/hA/flozJEuRQa2tOVrkcArnV1TG6kVYVbRRjVRB78SkMhMhaxwbvsNcAG+7soQO7uR34FzTUHFhuLk2k4F26X++RI2Z0J+jqpzXgFKH1sYLx+mhb8OkxPkWq0/cro7euLUCdGTJqj+9jYgyPQab4R1/7V7ZHlWdqMwdOccKj96WBT8NGq5gDQsh6+oEYI3C5ZwcXif

sop80WefxznChqBzoclz+1QJK0LIqksRoGp/j0lLFQoXMCds9XWrv6a/jAAyCt7jm13NTIRswFFgHnk35SoyAcgzOL7ay0FC/Dl0MWJqVn/h6jV+PsmMu1hgV39c2/l1bbNcedG7WNqSUxtSxvidhPHcDV/4/hlX7eV/YkNQXwHuhjZ3C8Sgv+Om3xG8rjqd4EZ1F87GqNoGjROvOnaszOztYvPGTVZPHKfEyRGk9Vj2PAGkZiJM2haczG

ToennFqGPFMPKIhv9XWcwSJ6Wky0WCfmetPB+M/uBQE312/g9gLppiESgLeOj20/QbGX+BL+FZhknt2YSF9EVCHdA95gw7ZBKw49x2ip8YcIJdPp/djK3ZJhNdsMYAB6fZ5FfQOOTtU/sOoHHUZ9rrfzbcUSVAw47aa9kYX/HJVIcOP06zakmJBqp6qkjrLcSEoLd4RoDiVOGGDIvCIGZJq0QM3wFCfKAq9555+niSWpyF8iXQiDyTACtz

6yrdmUG+w76gsv+a2QGv80jN0w+3JPuduj5Oh64mmIPBoKqGjewLraBSqCIqOES7mnglolBdOIgdFGB/wHxy+qXSJ+WM3IdULnC8xtOZnUbkEl7L7Xq/y2UofFb8dCVVLO5Kin1G7mLJu1ZpZzOSHgGjUI0ewrYFUBuqQAKMU/bx4+0QSFw0ISKp3oLu36vdpwXonlJagpDjRIKtu61ZN3MXcYGyJFOu3mQw54GMldaJsO4xtN6HHtHncR

h928hVP0X/hWXQOzJi+GEfxPbGV/HCdVEBjXqYOP8rHGqgqFo37LVPGPlRZUVjnkU5C2gw9pwVRfDZXf0etr8W17BZW8eKWwsO/jyeAQqTpZkRIC6xB0GcO7iA7Vqzx8rtKFrlACd6PhG8ns59OqzUsa2p8qfYumzR8YFGmaytoixU6qPHkxaZvJanhhrkXv/9JfeXvYi8Ku1wcypUG1+E4LeBlg0ybsxBjL9LQWYnlvm7oM1F2XNQoeSP

GTpmJZQsVdJYZfkXvr9UIsF7wJlpceHfHgBwe0kXWJG9MjGqZ/PP2isnXMsNytDzbLxwWKrb9votmTZIpK61ec/9Qrzw2MDZaa6sOgVFDZViu+HGclTxrymxV6tihtivYMAvYflVYwtHAakolA1ZvRmsASK7d5S0Pxd68O0NPWU0tonFdQTqGpceHPu6IhnLBK2q1f19NzfE24YnkB315fnLZmyZBq9pyq45CrPK9/cWfcS5LoUPmFdNYE

E0g4YGPRPusZ6TiqVOVEhahn0qskuqQrgzrWGYpN4BPymubpK9IWOvcClFD8hwsKCfZZrxc4SG9YWjU+3yp/trA/3bFbPITX8rojxgEJ7Xzqcn+ZXnIPmx3rhyU02xq1zIOVXM0KnmNy3AA9veuV3duqvmLc/pPTDMCvqChyVdw6vtZsS3uszSLOzAYIQMmenFAP4+TQ4ptZogu6zI3e8lKez9fa0XkyWZ1Mk5DFKwDSVIPv/7VLWeCDJ3

ASDpeoSqJV7Aozjpb8/h/nBZAZw3zMbUOYicWdwlhxgNw2LLsbNwrPy5qdSKY9hHCzmFA6EnlNSLveVBH4J2tt18ylQPE1nMTUF+5kK9J54QyPWwxgjLamTZsQXxspRi0EBoS93tMhHpuA1uGRXPTApt6SF4uiCyM6SStwWUNrP0TPNGJ55Z/pCrGakfI9kIuUYPOi81rHOYt2DCTklrLVqqbuaD+clbDoec8oB7TeeD7uOkxfmGehacs2

BDuJMQEUc1/sW6RyMBp1wvXR2OkxDoGH3hNf6S8bpxkA3xJMU+s8lBDOZ5DbePIH8dE8m/QjUFWwwwJ61xFlMrmQc+ORQxbitXr7FxlQpqObwXMt9zWhJb6K5Sg7j9RKgaTBBJZaKSWv+3N+aEmadoo5eO+nQKGSvR6XtO/SfmcKNPnRfDe3jKO12F/A4j6meSAwUdUTQv7Hz5ZjzlTTFK0YGJtyHGXTIjX7tuUcCx+d8PMBNXRqESot2W

ahwr83LDapLw8Fp2KupyOemoL9m0EHMJ0SKPxSmOhFwwiKMA3NKFdBZDBgGu5xRv0IifNmxlC+YJUl/s+cDGGqssNX9qpm0LC65pxPcPDzPLjXTa16jdDnqV/IhNcAO9fvSWUM17e26ziy5P/m2VqkINhyap+0vP7j2SSZ7i0IEJGLayHlOB+/WOj5elV9K9wwxXJftCwMIaPi/ymCA9cSwYAwg8TxRhdXVHwFTRUHmv4orODDXilqtGV+

QxeieduyW/PX+taf0n9Kn/+/6+dO0bDEqQT2sw/49Butr8V+UTdCHocJM97F2QoANMLa65YcpHoIxIdYHwLigL6fOSzFN8OydqViDs8vkFtksnlB7B1ukuPiz9j8ljxPu5o6LKrCk+sTCIPuE9nOZMsuyppCLmdOC3E7n8Hu5GS7dnhwy0veh3zVOevqiXzUTLForEQMaqjg3NL2Hb5IQ0zYtZ3FI98DY/pTE9azya8SMYzW+ooAAKHHUn

08cMBFRTlgHYV9XXG5Vj/BDTrERH2S07sbhBFeA/avKjZ8/lKy/NBQYlfgCC6KiXE0PxF03q4kne6OZOLbfH7hofduH0Yi7TeTuIorT9ML07zG1GMeneKCNfOqtoD4tZYQqTieWwGg/7YCnW7LZu1s7bo/9YW8kFJklQhCZhWKslGHJJd2DqmvPVI2tmoVDxGPNn1kB3cBTvQ5ubqOUMSawWzaDEMG4Brn3io2MK9jh9eAhjoX281+n7TI

Qhc73SN2l9YIOUgEXXedu2Gd68oIu7GJIKmI4eezQXYnFlhwuyDPjI5JLTJ5atpQQhOb55MCMj6hFlIBDy6HtnweMUAz7ZBG9p604bn+i8BkGR6u/7cAJ3DRm5Byycij1g/Brq5F1JZp/xvWeJaunL493aIRMBWKDkdZKD7v0FRVAB/aD4CdR+TSNNLRRpsQiizHaOV/GOSge7eiy0/7hGENLWAeHR8Xlwqd6fX8pttFnGD5D8BM6UjL+T

5WvEEwmFMhFIop3+IVzuscL7ph/tl/8ljzJsBUr5jqryaetXObTk547U1zhhf8E3Si3hdcDYtHBJ/pNyIo0cgnZ5tQckTwYWG1YJ5v5gfo5+KGquGEfL797i1colN45KrqK9NvNAwBuruBP6dhUHjiG9Vt1eXeCwbB2W46balTDWqf3GgctDabV6z2dccb65dFeT/xyLDmWixlf4WtdK9iQWReHmcKkPd75FabQKGHAGa+p8Xtf0kYrvdq

87pYUvXbn01mwflmKeAcRMjgAX3tqWCDGqm9dgr2zGMBpN+zk53dWV6XQHQ98x/k6L81ExyO+CRaeygKYdW7xjHT2wj07IY0tombynkMCQtrCbUqNVoRHgzccAF6p1xSeCnRoe3tVHYTxQyhXK1ZaQ2HU2Z1r3y0ynhnZAh22a+4MrH1QHsbxcOKELRKn+go8QoTT139nYkIaqNwRyjUWueHDZCa1i22dJYPuvDePFoj/8qUbYycQzGgpM

9NxuqQpfxbs8+N5zf78PL7vyTrVNGO2XXXOdmB16hxOXXPHHV8+CJLivJDO+LfskrnOCSGn61QTwfK4v2zZ9xjVr6+LIHuHXfvYFY6IgBCbF5UAoLfNPHHJz239s2o3Tkh3eadP2PYksq9bwid4Ht/VRqcDYVLpahtMam8uPXI09MzQjfzEqQIvJPQsObA08R994thdXGFHnKE9884o3yhZzIXJCmWv5tVzkW3Ok8yDOE+ryQqGY+bG5Ck

AF+3RwQiO59GiulCJ4mPorh2yLRFn/CzHapMAexx5/CyMgyTGlwslYHb7ulTHiM751OMSSCSNQx3DawTHOIcRNYz0aOC/MR+ScN8vM/Nc3W+r5JG3UMBDRUvKgFs+XJAcr2KZ0VvoxqDuVVhpvX4xjKeE0sDBmcVfjDs3qBb4b6b/HggZ+VcZQQ8sGmkCi/0MK5zjh/kHUc6je7k/puzOcO0YtHdpCXKAFrCGKNrUCHCGybomFkJiYTxS8

BESIRRuGci9TZCgdpHdzcNIMQKVZ/h8gq2cc6W70tPsH+XijE+FIP2cZ8SvdTgfh6wfacnKoNmH0rUbwKcfOfY0aK12yxD1PNZPZjX778tZJWefFKikHNwTHVrOReisqzpJg6YJSxaDjVY1x4Mz8lhVskhU1iizuqqx72cB4X6/zJSNMClc3AIHTj65DAwg0qwWIO6Tj0zLRU3+g3er6uMCDcrtoqmuCFMqci9V7WhX9Jvr7dFGaDnKNxe

IthMVV+Y3eo7UJ517Xg9/aac3+HHgXcGTWmTQZQLZI+VZEdUTa1Cot427Jrlma2j2xFBpJ3EDlHTOmzJZ9VTwLZrYNyOfMty2gbPcWL19yb0XINWtIRXMN35DvV5BtHkPQVngXp4hxUEjO5TBDOjWPwNdtrtRwX68P76w9l/sotCloRuOi2hAxanT8+HnpzA3p0M14KsHvOC2tLL/+zflC3coNXXjJXPwYavz+ou+YH/MZRoVQ/K8hzpjn

ycYN6Ti+B7AnQhurQ7B8222Axtg3fQ1leV4Gf0wOZSa7nlmbhiYxZtK6iSo6Xdr2AVrHf22de1PnuyxMOv8B1RRNy1fi3xQUdVmYpLGJ/P/Hk3l9gIN+4ocXoMK2Vd3eAF52FByzwSiCzkgyo0kYyAAu7zx0+LnQ3DnBRV0qkn3EzezhXF47xlULSGl91YybGLdnlgqV+ywQrm87JKEaw60vuAZTgsuR9KlxY3qXmTWTGgSvQOdILNYa0Q

vS+otNErWeIzDeJFHFSqhbzXJu1n4OehwsalFjNsH1EXIemoZOtJNLO1SBA7aq9x/IE1EK5qYvc48B4RgBjxvuU+vhWdJ5gtGqJSXtXxn+QX20ibFf45CdRQqMRC/9uYnd6TihAAJIrA7CTPZdQaL/XaIVwVNEYp85EDgilMCVpahnzaMh8ikBqhgxMpK7F21N0NFiIVs9Z09Nxsycfz7nDmG/TKW7HG9TwDGK4QNIBmFaHbqGBT7Hng0J

qtxWYxcQaBYUCRRM2hMaa14+RHYDI5PSRCaBIfOgo+2+unTyA1mifG/lSJ6/EseXKav1V1QRwfpCfV+ViSyGU0L95I7+Mo4f230HkmtD8EmxzbvbmuIdaxhKZquZ7SKfJEpiw0ktcJ2izJpBjmfSgrWjIMPSJLBuqococ5CK6vk3rq2ikUXfhFxfRP1NPkMaRjA4elH0BB1m4A+ZwupamkXybUlpewR2WsPKNdYmOmPe9q7MtanpLA+2Qy

cV0QEX0+eVM2GnkQU4WRFVG1USlPPJXLIxPXzasIxE8+Y3YSYYegSHPu+QUBG3piJk3S3IJUXJs5BA9oi/dtPOk59vm6KwZdFnainl6E5e2ysrm0nWks+r7N+aQFPtDtDhauXNkj25r6hN+1pAHb+4b6vS73WdRaYUHPJevaQzSmsOyryb00Y+TBw9vf2lPr2LpYL41Zw05PQaviVFRIU+/uhJW2zfhKlV3dv1rcVrj4+Xemf0i05iiDJc

D1DMB9kHDUQTsCMoZh0E98bfEpcC8UI64sOxndim/rSinQ8+iS53w8in70NXcHTT7+rT/ZvMSrgiDf8mzAKvNbyK/TbWTF5cv9KvjXN4oDrjF/1RTURqfdv31PrBrNaegVQOXjIEXMcmechhXz1+Tf8FzmCQWD0GVhRM7PHfe+SQyV8OqWMQ3CoalRdD14ea2aetir7amyRg6Y9MPtDk/dBmR5kA0G8kZp7ZwtRGoBNyzWVT/ofZproHuT

bPvucqkieb0yxddNNw4P/ui/3M/flz/NKqV6gKAPLD39cpFVv/W9HuF1h/pKdV8fJ4NhqPQj19Mkq/llMHQ+Wj5iVqGEqbYD6IdQT1w9uxRAjdOPUvOpjPjZgUMLZ+3WDOC/Dvy9hD+Xt8ZpbD78EiD/PKsbuVBLkwbfv7zysqrrMIrex3J0tQjkDphSnlkbnLA60ME8bw20w4akrrvJInS1wAkmCovWfGIU+PqAqRIxZYk2FF738=</xe

nc:CipherValue></xenc:CipherData></xenc:EncryptedData><xenc:ReferenceList xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/"><xenc:DataReference URI="#_5008"/></xenc:Refer

enceList><ds:Signature xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/" Id="_1"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c1

4n#"><exc14n:InclusiveNamespaces PrefixList="wsse S"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><ds:Reference URI="#_5002"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/1

0/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="S"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>dKof/iss1y+eaCxi5xQGzXZw8RQ=</ds:DigestValue></ds:Reference><ds:Reference

URI="#_5003"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="S"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestV

alue>h603wmfml8jg/WBNFsQk+5+yeoc=</ds:DigestValue></ds:Reference><ds:Reference URI="#_5004"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="S"/></ds:Transform></ds:Transforms><d

s:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>AZEYGhuPFck0lK0YwmVlrBOgVmM=</ds:DigestValue></ds:Reference><ds:Reference URI="#_5005"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"

><exc14n:InclusiveNamespaces PrefixList="S"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>+baJi0q48HqfEDyyE8jQqFBXIuQ=</ds:DigestValue></ds:Reference><ds:Reference URI="#_5006"><d

s:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="S"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>UHmFVjXCUs9

9gnRg6/h8bYufagY=</ds:DigestValue></ds:Reference><ds:Reference URI="#_5007"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="S"/></ds:Transform></ds:Transforms><ds:DigestMethod A

lgorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>g4GqiTvqU0s2+46VwwLAFxSE4S8=</ds:DigestValue></ds:Reference><ds:Reference URI="#_3"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveN

amespaces PrefixList="wsu wsse S"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>gf05QCu/sfJbQLmH2oiv+HKNhNY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>s5cD

eIvBC66EYodxub/lWGy8J0o=</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_4a11f84f-0228-44a3-8c5a-a302d3fe18cb</wsse:KeyIdenti

fier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></S:Header><S:Body wsu:Id="_5007"><xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://schemas.xmlsoap.org/soa

p/envelope/" Id="_5008" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType"><wsse:Sec

urityTokenReference><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_4a11f84f-0228-44a3-8c5a-a302d3fe18cb</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData>

<xenc:CipherValue>hmkeA/lZ0/IASyj5iI1ZnwZ7HCUo+W+7wR1vdN7Sv3YjgsVtYNFXmH89zQsAiIgE2LQZX/gFhrvc8mwBfrEzW7OaCM15ShSvm7rDn5UgYLRz4HImDH5ZrlMZjjaX44obOjBCazxoQZgZ5sl4yNUfxhHsz++fAe5bErjIPOJEv/ajj0zljHyOBmhpPmIaZJqz</xenc:CipherValue></xenc:CipherData></x

enc:EncryptedData></S:Body></S:Envelope>--------------------

 

---[HTTP response - https://wkengchoi.global.sdl.corp:8443/doubleit/services/doubleit - 500]---

null: HTTP/1.1 500 Internal Server Error

Connection: close

Content-Type: application/soap+xml;charset=utf-8

Date: Thu, 26 Apr 2012 20:35:33 GMT

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Header><Action xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/fault</Action><MessageID xmlns="http://www.w3.org/

2005/08/addressing">uuid:8bbdd9c0-a2d6-4136-8342-0301c58ef739</MessageID><RelatesTo xmlns="http://www.w3.org/2005/08/addressing">uuid:e534fe0b-5051-4e4b-a6cc-f307702146ac</RelatesTo><To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2

005/08/addressing/anonymous</To></S:Header><S:Body><S:Fault xmlns:ns4="http://schemas.xmlsoap.org/soap/envelope/"><S:Code><S:Value>S:Sender</S:Value><S:Subcode><S:Value xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-se

cext-1.0.xsd">wsse:InvalidSecurity</S:Value></S:Subcode></S:Code><S:Reason><S:Text xml:lang="en">Invalid Security Header</S:Text></S:Reason></S:Fault></S:Body></S:Envelope>--------------------

 

Apr 26, 2012 4:35:33 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientResponsePacket

SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.

com.sun.xml.wss.XWSSecurityException: Security Requirements not met - No Security header in message

        at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:925)

        at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:248)

        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)

        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:434)

        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)

        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)

        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)

        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)

        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)

        at com.sun.xml.ws.client.Stub.process(Stub.java:429)

        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168)

        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)

        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)

        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)

        at $Proxy40.doubleIt(Unknown Source)

        at client.WSClient.doubleIt(WSClient.java:41)

        at client.WSClient.main(WSClient.java:34)

Exception in thread "main" javax.xml.ws.WebServiceException: WSSTUBE0025: Error in Verifying Security in the Inbound Message.

        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:439)

        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)

        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)

        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)

        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)

        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)

        at com.sun.xml.ws.client.Stub.process(Stub.java:429)

        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168)

        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)

        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)

        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)

        at $Proxy40.doubleIt(Unknown Source)

        at client.WSClient.doubleIt(WSClient.java:41)

        at client.WSClient.main(WSClient.java:34)

Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security Header

        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:696)

        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:714)

        ... 14 more

Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header

        at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:349)

        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:710)

        ... 14 more

[INFO] ------------------------------------------------------------------------

[INFO] BUILD FAILURE

[INFO] ------------------------------------------------------------------------

[INFO] Total time: 24.727s

[INFO] Finished at: Thu Apr 26 16:35:33 EDT 2012

[INFO] Final Memory: 9M/22M

[INFO] ------------------------------------------------------------------------

[ERROR] Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.2:exec (default-cli) on project client: Command execution failed. Process exited with an error: 1(Exit value: 1) -> [Help 1]

[ERROR]

[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.

[ERROR] Re-run Maven using the -X switch to enable full debug logging.

[ERROR]

[ERROR] For more information about the errors and possible solutions, please read the following articles:

[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

Loading...