| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Self Signed SOAP Messages |
« View previous topic :: View next topic » |
| Author |
Message
|
| Ammu509 |
 Posted: Fri Jan 18, 2019 12:27 am Post subject: Self Signed SOAP Messages |
 |
|
Newbie
Joined: 27 Jun 2016
Posts: 9
|
I am working on a new requirement to send Self Signed SOAP message to backend system. As per the backend team i have to send message as shown below. How can this be achieved, is it using JAVA code? Also if i am using PolicySet is it okay if i just send SOAP Body, rest of the features will be implemented using PolicySet. Please provide valuable suggestions.
<SOAP-ENV:Envelope>
<SOAP-ENV:Header>
<SOAP-SEC:Signature>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod>
</ds:CanonicalizationMethod>
<ds:SignatureMethod/>
<ds:Reference URI="#Body">
<ds:Transforms>
<ds:Transform/>
</ds:Transforms>
<ds:DigestMethod/>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue></ds:SignatureValue>
</ds:Signature>
</SOAP-SEC:Signature>
</SOAP-ENV:Header>
<SOAP-ENV:Body >
<!-- Body -->
</SOAP-ENV:Body>
</SOAP-ENV:Envelope> |
|
| Back to top |
|
 |
| Vitor |
| Posted: Fri Jan 18, 2019 5:26 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
There's no difference between using a self-signed certificate in a PKI and a more typical certificate signed by a CA. The instructions for using PKI with SOAP nodes (including policy sets et al) apply to both.
Slightly off topic, I hope that you're not using self signed certificates in a Production environment. Ideal for testing (because as I indicate above, they prove the PKI & set up within IIB works) but not secure for anything where you actually care about the security!
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mpong |
| Posted: Sat Jan 19, 2019 9:33 am Post subject: |
|
|
Disciple
Joined: 22 Jan 2010
Posts: 164
|
You should use a valid certificate exposed by your backend system, not the self-signed one.
[quote]i have to send message as shown below. How can this be achieved, is it using JAVA code?
[/quote]
This can be easily achieved using various methods, I would prefer simple ESQL coding would do. Hopefully, you are able to download the WSDL and look at the namespace. |
|
| Back to top |
|
|
| Ammu509 |
| Posted: Sat Jan 19, 2019 9:33 pm Post subject: |
|
|
Newbie
Joined: 27 Jun 2016
Posts: 9
|
Thanks for the replies. @mpong as i am new to WS Security implementation, i thought of doing a POC with self-signed certificate before using Client's Certificate.
I came across few articles related to creation of PolicySet and i managed to created one. But while deploying the message flow(uses policyset) i am getting below mentioned error:
BIP3726E: Failed to setup SOAP transport for node SOAP Request.
The SOAP nodes rely on the configuration of the SOAP transport layer within the broker, and this has not been initialised correctly. The node will not be operational until the problems have been corrected.
Determine the cause of the error and correct it. Subsequent error messages may contain more information.
BIP3728E: Configuration of WS-Security layer using policy set 'WSSecTestConsumerPolicySet' and policy set binding 'WSSecTestConsumerPolicySetBinding' failed.
WS-Security configuration requires correctly initialised policy set and policy set binding information in order to succeed. An error has occurred whilst attempting to use policy set 'WSSecTestConsumerPolicySet' and policy set binding 'WSSecTestConsumerPolicySetBinding'. Common causes are:
1: Either the policy set name or policy set binding name is missing from the node (or flow) configuration.
2: If X.509 tokens are being used, including implicit usage such as signing or encryption, the keystore and/or truststore is not be set correctly.
However, this may be an internal error, possibly due to a faulty installation. A review of the exception text may indicate a solution.
Determine the cause of the error and correct it. Subsequent error messages may contain more information.
BIP3701E: A Java exception was thrown whilst calling the Java JNI method 'method_com_ibm_broker_axis2_Axis2NodeRegistrationUtil_registerSyncRequestNode'. The Java exception was 'BIP3726E: com.ibm.broker.axis2.MbSoapException: Failed to setup Axis2'. The Java stack trace was 'Frame : 0 com.ibm.broker.axis2.MbSoapException: Failed to setup Axis2
'.
Correct the error, and if necessary redeploy the flow.
What could possibly the reason for failure. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Jan 22, 2019 5:45 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Ammu509 wrote: |
| Thanks for the replies. @mpong as i am new to WS Security implementation, i thought of doing a POC with self-signed certificate before using Client's Certificate. |
This is perfectly reasonable.
| Ammu509 wrote: |
| What could possibly the reason for failure. |
Well.....
| Quote: |
| Either the policy set name or policy set binding name is missing from the node (or flow) configuration |
Is it missing? I accept you created one but is it correctly part of the configuration?
| Quote: |
| the keystore and/or truststore is not be set correctly |
With points deducted from IBM for poor English, have you verified your PKI is set up correctly?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
