ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportSelf Signed SOAP Messages

Post new topicReply to topic
Self Signed SOAP Messages View previous topic :: View next topic
Author Message
Ammu509
PostPosted: Fri Jan 18, 2019 12:27 am Post subject: Self Signed SOAP Messages Reply with quote

Newbie

Joined: 27 Jun 2016
Posts: 6

I am working on a new requirement to send Self Signed SOAP message to backend system. As per the backend team i have to send message as shown below. How can this be achieved, is it using JAVA code? Also if i am using PolicySet is it okay if i just send SOAP Body, rest of the features will be implemented using PolicySet. Please provide valuable suggestions.

<SOAP-ENV:Envelope>
<SOAP-ENV:Header>
<SOAP-SEC:Signature>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod>
</ds:CanonicalizationMethod>
<ds:SignatureMethod/>
<ds:Reference URI="#Body">
<ds:Transforms>
<ds:Transform/>
</ds:Transforms>
<ds:DigestMethod/>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue></ds:SignatureValue>
</ds:Signature>
</SOAP-SEC:Signature>
</SOAP-ENV:Header>
<SOAP-ENV:Body >
<!-- Body -->
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Back to top
View user's profile Send private message
Vitor
PostPosted: Fri Jan 18, 2019 5:26 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25787
Location: Ohio, USA

There's no difference between using a self-signed certificate in a PKI and a more typical certificate signed by a CA. The instructions for using PKI with SOAP nodes (including policy sets et al) apply to both.

Slightly off topic, I hope that you're not using self signed certificates in a Production environment. Ideal for testing (because as I indicate above, they prove the PKI & set up within IIB works) but not secure for anything where you actually care about the security!
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
mpong
PostPosted: Sat Jan 19, 2019 9:33 am Post subject: Reply with quote

Disciple

Joined: 22 Jan 2010
Posts: 155

You should use a valid certificate exposed by your backend system, not the self-signed one.

[quote]i have to send message as shown below. How can this be achieved, is it using JAVA code?
[/quote]

This can be easily achieved using various methods, I would prefer simple ESQL coding would do. Hopefully, you are able to download the WSDL and look at the namespace.
Back to top
View user's profile Send private message
Ammu509
PostPosted: Sat Jan 19, 2019 9:33 pm Post subject: Reply with quote

Newbie

Joined: 27 Jun 2016
Posts: 6

Thanks for the replies. @mpong as i am new to WS Security implementation, i thought of doing a POC with self-signed certificate before using Client's Certificate.

I came across few articles related to creation of PolicySet and i managed to created one. But while deploying the message flow(uses policyset) i am getting below mentioned error:
BIP3726E: Failed to setup SOAP transport for node SOAP Request.

The SOAP nodes rely on the configuration of the SOAP transport layer within the broker, and this has not been initialised correctly. The node will not be operational until the problems have been corrected.

Determine the cause of the error and correct it. Subsequent error messages may contain more information.

BIP3728E: Configuration of WS-Security layer using policy set 'WSSecTestConsumerPolicySet' and policy set binding 'WSSecTestConsumerPolicySetBinding' failed.

WS-Security configuration requires correctly initialised policy set and policy set binding information in order to succeed. An error has occurred whilst attempting to use policy set 'WSSecTestConsumerPolicySet' and policy set binding 'WSSecTestConsumerPolicySetBinding'. Common causes are:
1: Either the policy set name or policy set binding name is missing from the node (or flow) configuration.
2: If X.509 tokens are being used, including implicit usage such as signing or encryption, the keystore and/or truststore is not be set correctly.
However, this may be an internal error, possibly due to a faulty installation. A review of the exception text may indicate a solution.

Determine the cause of the error and correct it. Subsequent error messages may contain more information.

BIP3701E: A Java exception was thrown whilst calling the Java JNI method 'method_com_ibm_broker_axis2_Axis2NodeRegistrationUtil_registerSyncRequestNode'. The Java exception was 'BIP3726E: com.ibm.broker.axis2.MbSoapException: Failed to setup Axis2'. The Java stack trace was 'Frame : 0 com.ibm.broker.axis2.MbSoapException: Failed to setup Axis2
'.

Correct the error, and if necessary redeploy the flow.

What could possibly the reason for failure.
Back to top
View user's profile Send private message
Vitor
PostPosted: Tue Jan 22, 2019 5:45 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25787
Location: Ohio, USA

Ammu509 wrote:
Thanks for the replies. @mpong as i am new to WS Security implementation, i thought of doing a POC with self-signed certificate before using Client's Certificate.


This is perfectly reasonable.

Ammu509 wrote:
What could possibly the reason for failure.


Well.....

Quote:
Either the policy set name or policy set binding name is missing from the node (or flow) configuration


Is it missing? I accept you created one but is it correctly part of the configuration?

Quote:
the keystore and/or truststore is not be set correctly


With points deducted from IBM for poor English, have you verified your PKI is set up correctly?
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportSelf Signed SOAP Messages
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.