Author |
Message
|
dziku007 |
Posted: Fri Sep 14, 2012 2:57 am Post subject: SOAP fault with SOAPInput node and identity authentication |
|
|
Apprentice
Joined: 26 Jul 2012 Posts: 32
|
hi,
i'm following an article http://www.ibm.com/developerworks/websphere/library/techarticles/1008_fan/1008_fan.html and currently I stucked with identity authentication.
What I've done:
1. I've added security profile using command:
Code: |
mqsicreateconfigurableservice MB7BROKER -c SecurityProfiles -o LDAP -n authentication,authenticationConfig,authorization,authorizationConfig,propagation,rejectBlankpassword -v "LDAP,\"ldap://10.12.0.48:389/dc=cnet, dc=inside?sAMAccountName\",LDAP, \"ldap://10.12.0.48:389/OU=UZYTKOWNICY,OU=GDANSK,DC=cnet,DC=inside\",FALSE |
After running
Code: |
mqsireportproperties MB7BROKER -c SecurityProfiles -o LDAP -r |
it returnes
Code: |
SecurityProfiles
LDAP
authentication='LDAP'
authenticationConfig='ldap://10.12.0.48:389/dc=cnet, dc=inside?sAMAccount
Name'
authorization='LDAP'
authorizationConfig='ldap://10.12.0.48:389/OU=UZYTKOWNICY,OU=GDANSK,DC=cn
et,DC=inside'
keyStore='Reserved for future use'
mapping='NONE'
mappingConfig=''
passwordValue='PLAIN'
propagation='FALSE'
trustStore='Reserved for future use'
|
then I've add user and pass to connect to LDAP:
Code: |
mqsisetdbparms MB7BROKER -n ldap::LDAP -u user1 -p password |
then I've configured broker archive as mentioned in article (provide the security profile LDAP and the default policy set and binding WSS10Default) and I've deployed bar.
Now it's time to send some message:
Code: |
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tns="http://www.mycompany.com/EmployeeService" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
wssecurity-utility-1.0.xsd" wsu:Id="unt_907818524">user123</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
username-token-profile-1.0#PasswordText">pass123</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<tns:EmployeeInfoRequest>
<id>12345</id>
</tns:EmployeeInfoRequest>
</soapenv:Body>
</soapenv:Envelope> |
Unfortunatelly the response I get back is soap fault:
Code: |
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><soapenv:Fault xmlns:axis2ns2="http://schemas.xmlsoap.org/soap/envelope/"><faultcode>axis2ns2:Server.securityException</faultcode><faultstring>CWWSS5525E: The server cannot find the security header for a Web service with no actor.</faultstring><detail><Exception>org.apache.axis2.AxisFault: CWWSS5525E: The server cannot find the security header for a Web service with no actor.
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerBase.invoke(WSSecurityConsumerBase.java:132)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler._invoke(WSSecurityConsumerHandler.java:518)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler.invoke(WSSecurityConsumerHandler.java:221)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:268)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:175)
at com.ibm.broker.axis2.Axis2Invoker.processInboundRequest(Axis2Invoker.java:2937)
at com.ibm.broker.axis2.Axis2Invoker.invokeAxis2(Axis2Invoker.java:2607)
at com.ibm.broker.axis2.TomcatNodeRegistrationUtil.invokeAXIS2(TomcatNodeRegistrationUtil.java:470)
Caused by: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS5525E: The server cannot find the security header for a Web service with no actor.
at com.ibm.wsspi.wssecurity.core.SoapSecurityException.format(SoapSecurityException.java:57)
at com.ibm.ws.wssecurity.core.WSSConsumer.invoke(WSSConsumer.java:498)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerBase.invoke(WSSecurityConsumerBase.java:111)
... 8 more
</Exception></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope> |
the user trace log doesn't say much more:
Code: |
2012-09-14 09:55:25.379074 1544 UserTrace BIP4040I: The Execution Group ''EXEGRP1'' has processed a configuration message successfully.
A configuration message has been processed successfully. Any configuration changes have been made and stored persistently.
No user action required.
2012-09-14 09:55:25.384553 1544 UserTrace BIP2638I: The MQ output node '.outputNode' attempted to write a message to queue ''SYSTEM.BROKER.EXECUTIONGROUP.REPLY'' connected to queue manager ''MB7QMGR''. The MQCC was '0' and the MQRC was '0'.
2012-09-14 09:55:25.384845 1544 UserTrace BIP2622I: Message successfully output by output node '.outputNode' to queue ''SYSTEM.BROKER.EXECUTIONGROUP.REPLY'' on queue manager ''MB7QMGR''.
2012-09-14 09:55:25.386154 1544 Information BIP2154I: Execution group finished with Configuration message.
A command response will be sent to the broker.
No user action required.
2012-09-14 09:55:26.403100 1544 UserTrace BIP2632I: Message received and propagated to 'out' terminal of MQ input node '.InputNode'.
2012-09-14 09:55:26.408100 1544 UserTrace BIP6060I: Parser type ''Properties'' created on behalf of node '.InputNode' to handle portion of incoming message of length 0 bytes beginning at offset '0'.
2012-09-14 09:55:26.408496 1544 UserTrace BIP6061I: Parser type ''MQMD'' created on behalf of node '.InputNode' to handle portion of incoming message of length '364' bytes beginning at offset '0'. Parser type selected based on value ''MQHMD'' from previous parser.
2012-09-14 09:55:26.408727 1544 UserTrace BIP6061I: Parser type ''XMLS'' created on behalf of node '.InputNode' to handle portion of incoming message of length '332' bytes beginning at offset '364'. Parser type selected based on value ''XMLS'' from previous parser.
2012-09-14 09:55:27.642101 1544 UserTrace BIP2265I: Attribute in message flow ''WS_Security_MFlow'' (uuid=''568dc2c3-3901-0000-0080-dc3e8d4d701e'') successfully changed.
The message broker received a configuration message containing an instruction to change an attribute in the message flow ''WS_Security_MFlow'' (uuid=''568dc2c3-3901-0000-0080-dc3e8d4d701e'') and successfully performed this action.
No user action required.
2012-09-14 09:55:27.725585 1544 UserTrace BIP4040I: The Execution Group ''EXEGRP1'' has processed a configuration message successfully.
A configuration message has been processed successfully. Any configuration changes have been made and stored persistently.
No user action required.
2012-09-14 09:55:27.731878 1544 UserTrace BIP2638I: The MQ output node '.outputNode' attempted to write a message to queue ''SYSTEM.BROKER.EXECUTIONGROUP.REPLY'' connected to queue manager ''MB7QMGR''. The MQCC was '0' and the MQRC was '0'.
2012-09-14 09:55:27.732189 1544 UserTrace BIP2622I: Message successfully output by output node '.outputNode' to queue ''SYSTEM.BROKER.EXECUTIONGROUP.REPLY'' on queue manager ''MB7QMGR''.
2012-09-14 09:55:38.566493 2792 UserTrace BIP3630I: The broker has received an HTTP message on port '7800' with URL path '/EmployeeService'.
The broker is listening on port '7800' and has received a message sent by a client using URL path '/EmployeeService'. This message will be sent on to either a SOAP Input Node or a SOAP Asynchronous Response Node.
No action required.
2012-09-14 09:55:38.574474 3616 UserTrace BIP3484E: ''CWWSS5524W: The server cannot find the security header for a Web service with the actor: {0}''
An embedded component has written the diagnostic message included here.
Refer to the appropriate message in the embedded component's documentation.
2012-09-14 09:55:38.577098 3616 UserTrace BIP3484E: ''CWWSS5514E: An exception occurred while processing WS-Security message.''
An embedded component has written the diagnostic message included here.
Refer to the appropriate message in the embedded component's documentation. |
I'm using message broker toolkit version 7.0.0.1 and message broker 7.0.0.1. I'm working on the error "The server cannot find the security header for a Web service with the actor", but with no luck so far. Hopefully I'm looking for any suggestion.
best regards
dd |
|
Back to top |
|
 |
Vitor |
Posted: Fri Sep 14, 2012 4:44 am Post subject: Re: SOAP fault with SOAPInput node and identity authenticati |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
dziku007 wrote: |
Hopefully I'm looking for any suggestion.  |
dziku007 wrote: |
I'm using message broker toolkit version 7.0.0.1 and message broker 7.0.0.1. |
Upgrade to 7.0.0.4 and try it again. You should be at least at 7.0.0.3 _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
lancelotlinc |
Posted: Fri Sep 14, 2012 5:02 am Post subject: |
|
|
 Jedi Knight
Joined: 22 Mar 2010 Posts: 4941 Location: Bloomington, IL USA
|
|
Back to top |
|
 |
ganesh |
Posted: Fri Sep 14, 2012 8:02 am Post subject: |
|
|
Master
Joined: 18 Jul 2010 Posts: 294
|
Fix pack 4 has fixes for ldap related issues. |
|
Back to top |
|
 |
Vitor |
Posted: Fri Sep 14, 2012 8:31 am Post subject: |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
ganesh wrote: |
Fix pack 4 has fixes for ldap related issues. |
But don't seem to have helped much here.
My comments on that thread apply here also. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
dziku007 |
Posted: Mon Sep 17, 2012 4:07 am Post subject: |
|
|
Apprentice
Joined: 26 Jul 2012 Posts: 32
|
Thanks guys for Your answers. I did an upgrade of Message Broker to the latest 7.0.0.4. Unfortunately I get still the same error:
Code: |
CWWSS5525E: The server cannot find the security header for a Web service with no actor |
|
|
Back to top |
|
 |
lancelotlinc |
Posted: Mon Sep 17, 2012 4:58 am Post subject: |
|
|
 Jedi Knight
Joined: 22 Mar 2010 Posts: 4941 Location: Bloomington, IL USA
|
Now that you are on a current version, try opening a PMR. Some LDAP providers are not supported on V7. _________________ http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
Back to top |
|
 |
ganesh |
Posted: Mon Sep 17, 2012 6:09 am Post subject: |
|
|
Master
Joined: 18 Jul 2010 Posts: 294
|
lancelotlinc wrote: |
Now that you are on a current version, try opening a PMR. Some LDAP providers are not supported on V7. |
http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27022277#Windows_Windows_XP
From the above link i see only Tivoli Federated Identity Manager 6.1/6.2 and future fix packs, does that mean no other LDAP servers are supported ?
My OS - Windows XP 2002 32 bit SP3, broker - 7.0.0.4, LDAP SERVER -
Novell eDirectory 8.8.6 Patch 4. |
|
Back to top |
|
 |
kiruthigeshwar |
Posted: Thu Nov 15, 2012 10:48 pm Post subject: |
|
|
Acolyte
Joined: 31 Oct 2012 Posts: 50
|
lancelotlinc wrote: |
Now that you are on a current version, try opening a PMR. Some LDAP providers are not supported on V7. |
Does it mean that WS Security isnt supported by the web service nodes in MB V6.1. Am getting the same error. But the problem is I should do this in V6.1 |
|
Back to top |
|
 |
Vitor |
Posted: Fri Nov 16, 2012 5:30 am Post subject: |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
kiruthigeshwar wrote: |
But the problem is I should do this in V6.1 |
No, you shouldn't.  _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
kiruthigeshwar |
Posted: Thu Nov 22, 2012 11:22 pm Post subject: |
|
|
Acolyte
Joined: 31 Oct 2012 Posts: 50
|
Vitor wrote: |
kiruthigeshwar wrote: |
But the problem is I should do this in V6.1 |
No, you shouldn't.  |
But It worked with MB V6.1 |
|
Back to top |
|
 |
mgk |
Posted: Fri Nov 23, 2012 5:21 am Post subject: |
|
|
 Padawan
Joined: 31 Jul 2003 Posts: 1642
|
Quote: |
Does it mean that WS Security isnt supported by the web service nodes in MB V6.1 |
No, WS-Sec is supported in 6.1 for as long as 6.1 remains in support.
Kind regards, _________________ MGK
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions. |
|
Back to top |
|
 |
|