ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Interoparability SAP PI and WMB. ValueType="xsd:dateTi

Post new topic  Reply to topic
 Interoparability SAP PI and WMB. ValueType="xsd:dateTi « View previous topic :: View next topic » 
Author Message
TBS
PostPosted: Mon Sep 22, 2014 2:41 am    Post subject: Interoparability SAP PI and WMB. ValueType="xsd:dateTi Reply with quote

Centurion

Joined: 29 Jan 2007
Posts: 143
Location: Hillerød / Denmark
Hi !
Interoparability problem between SAP PI and Websphere Message Broker when validating signed WS-Security Timestamp-elements in Websphere Message Broker.

Broker version: 7.0.0.6
Operating system: Windows 32 bit

We are exposing a Web Service in the Message Broker, which can be called by external systems. One of our customers are using SAP PI as Web Service client but are encountering problems when they call our Web Service.

The request gives the following exception:
<SOAP_Domain_Msg xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><Context operation="" operationType="UNKNOWN" portType="PingInterface" portTypeNamespace="urn:oio:atp:common:pingservice:wsdl:1.0.0" port="Ping" service="Ping" fileName="C:\Documents and Settings\All Users\Application Data\IBM\MQSI\components\BKMQTEKO01\ff054fec-2e01-0000-0080-cb046c28fffb\config\XSD\ATPWSPing/oio/atp/common/pingservice/wsdl/_100/PingService.wsdl"><SOAP_Version>1.1</SOAP_Version><Namespace xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/><_XmlDeclaration Version="1.0" Encoding="utf-8"/></Context><Header/><Body><axis2ns1:Fault xmlns:axis2ns1="http://schemas.xmlsoap.org/soap/envelope/"><faultcode>axis2ns1:Server.securityException</faultcode><faultstring>CWWSS5324E: The dateTime time stamp type is not supported. The expected type is {http://www.w3.org/2001/XMLSchema}dateTime.</faultstring><detail><Exception>org.apache.axis2.AxisFault: CWWSS5324E: The dateTime time stamp type is not supported. The expected type is {http://www.w3.org/2001/XMLSchema}dateTime.
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerBase.invoke(WSSecurityConsumerBase.java:126)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler._invoke(WSSecurityConsumerHandler.java:531)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler.invoke(WSSecurityConsumerHandler.java:234)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:347)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:176)
at com.ibm.broker.axis2.Axis2Invoker.processInboundRequest(Axis2Invoker.java:3196)
at com.ibm.broker.axis2.Axis2Invoker.invokeAxis2(Axis2Invoker.java:2865)
at com.ibm.broker.axis2.TomcatNodeRegistrationUtil.invokeAXIS2(TomcatNodeRegistrationUtil.java:474)
Caused by: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS5324E: The dateTime time stamp type is not supported. The expected type is {http://www.w3.org/2001/XMLSchema}dateTime.
at com.ibm.wsspi.wssecurity.core.SoapSecurityException.format(SoapSecurityException.java:205)
at com.ibm.ws.wssecurity.util.NonceUtil.checkType(NonceUtil.java:540)
at com.ibm.ws.wssecurity.util.NonceUtil.checkTimestamp(NonceUtil.java:404)
at com.ibm.ws.wssecurity.time.TimestampConsumer.invoke(TimestampConsumer.java:115)
at com.ibm.ws.wssecurity.core.WSSConsumer.callTimestampConsumer(WSSConsumer.java:1470)
at com.ibm.ws.wssecurity.core.WSSConsumer.processTimestamp(WSSConsumer.java:4770)
at com.ibm.ws.wssecurity.core.WSSConsumer.invoke(WSSConsumer.java:573)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerBase.invoke(WSSecurityConsumerBase.java:105)
... 8 more
</Exception></detail></axis2ns1:Fault></Body></SOAP_Domain_Msg>

Obviously, it is the following elements that causes the problem:
<wsu:Created ValueType="xsd:dateTime">2014-09-02T09:32:51Z</wsu:Created>
<wsu:Expires ValueType="xsd:dateTime">2014-09-02T10:22:51Z</wsu:Expires>

In the SAP PI request, there is no namespace declarion for the "xsd" prefix in the SOAP-structure. I have asked the customer to put such one in the SOAP-request, but they say thay have no control over how SAP PI generates the WS-Security headers.

We have made some tests and can conclude that if a namespace declarion for the "xsd" prefix is present, the request is accepted.
The request is also accepted for ValueType="http://www.w3.org/2001/XMLSchema/dateTime" and ValueType="". Also, if we skip signature validation for the Timestamp-element, the request is also accepted (but this is not an option).

Are there any change for that you could allow for the string "xsd:dateTime" in the ValueType attribute (even if there is no namespace declarion for the "xsd" prefix), or is there a workaround you could suggest?

/Torben
Back to top
View user's profile Send private message
smdavies99
PostPosted: Mon Sep 22, 2014 2:59 am    Post subject: Reply with quote

Jedi Council

Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
you could try changing the xs:dateTime to xs:string and then validate it in the flow later but this is a bit of a bodge/hack really.
What happens later when the XSD gets changes by the sender and then implemented in Broker without doing the same 'fix'?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995

Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
Back to top
View user's profile Send private message
kimbert
PostPosted: Mon Sep 22, 2014 3:54 am    Post subject: Reply with quote

Jedi Council

Joined: 29 Jul 2003
Posts: 5542
Location: Southampton
Looks as if SAP PI is generating a badly-formed XML message. It should not be using the xsd: prefix without defining a namespace declaration for it.

You could put a proxy web service in front of the real one, and conditionally add in the missing namespace prefix. The proxy would have to operate in gateway mode ( no xsd ). I'm assuming that the incoming request will identify the source in some way, so that the add-namespace-declaration logic can be triggered.
_________________
Before you criticize someone, walk a mile in their shoes. That way you're a mile away, and you have their shoes too.
Back to top
View user's profile Send private message
TBS
PostPosted: Tue Sep 23, 2014 1:00 am    Post subject: Reply with quote

Centurion

Joined: 29 Jan 2007
Posts: 143
Location: Hillerød / Denmark
Ok .. SAP has a problem . I investigate if we can change it in a Proxi...
Thanks for your help..
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Interoparability SAP PI and WMB. ValueType="xsd:dateTi
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.