cancel
Showing results for 
Search instead for 
Did you mean: 

Digital Signature more then one BinarySecurityToken? without SignatureValue

Former Member
0 Kudos

Hello together,

XI7.0 calls an external webservice using SOAP. The communication runs successfully without any warning. But! The messages must be singed and encrypted.

Iu2019ve configured signature authentication. The signed messages can not being processed by external web service. The error is:

<faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:SecurityTokenUnavailable</faultcode>

<faultstring>Referenced security token could not be retrieved (Reference "#sap-23")

The output of SOAP Adapter contains 3 BinarySecurtyToken blocks, which are similar! But only one of it has SignatureValues. I mean it can be reason of the error.

My question is:

Is it possible that Security Tag has more then one BinarySecurityToken? The message is signed with PKCS#12 key, which contains 3 certificate chains. But If I take another private key without any certificate chain (self-signed) I have the same problem: 3 Binary SecurityToken.

So the question: How many Token are possible within Security Tag?? Why? If not what have I to`do?

Here is an outout of SOAP Adapter.

<SOAP:Header>

<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' SOAP:mustUnderstand='1'>

<wsse:BinarySecurityToken xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='sap-3' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>SIGNATURE </wsse:BinarySecurityToken>

<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/>

<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>

<ds:Reference URI='#wsuid-body-51cf5350-ab2e-11dd-9ef0-00144fa86689'>

<ds:Transforms>

<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/>

</ds:Transforms>

<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>

<ds:DigestValue>E99gPpCexjdz7tk+wWp92r4DYNA=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>SIGNATURE VALUE </ds:SignatureValue>

<ds:KeyInfo>

<wsse:SecurityTokenReference>

<wsse:Reference URI='#sap-23'/>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

</ds:Signature>

<wsse:BinarySecurityToken xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='sap-23' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'> SIGNATURE</wsse:BinarySecurityToken>

<wsse:BinarySecurityToken xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='sap-23' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>SIGNATURE </wsse:BinarySecurityToken>

</wsse:Security>

</SOAP:Header>

<SOAP:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='wsuid-body-51cf5350-ab2e-11dd-9ef0-00144fa86689'>

<ns1:Request xmlns:ns1='http://blabla.com /'>

<a></a>

</ns1: Request>

</SOAP:Body>

</SOAP:Envelope>

If anybody has done it have an idea how to do it please let me know.

Thank you!! Anna

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Dear Anna

I also need to use the similar soap header to call synchronous web service from PI 7.3 dual stack.

I am trying to achieve this through receiver soap adapter with webServiceSecurity profile.

I have done the required config on receiver agreement but still not able to get the digital signatures.

I really appreciate if you can provide any pointers on this.

Thanks

Sapna