ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker (ACE) SupportMessage Broker & WS-Security

Post new topicReply to topic
Message Broker & WS-Security View previous topic :: View next topic
Author Message
Vincent Vega
PostPosted: Tue Oct 16, 2012 11:35 am Post subject: Message Broker & WS-Security Reply with quote

Novice

Joined: 27 Sep 2012
Posts: 18
Location: Kiev, Ukraine

Hello

I have WSDL file with Policy part:
Code:

<wsp:Policy wsu:Id="WSHttpBinding_ID_policy">
      <wsp:ExactlyOne>
         <wsp:All>
            <sp:TransportBinding
               xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
               <wsp:Policy>
                  <sp:TransportToken>
                     <wsp:Policy>
                        <sp:HttpsToken RequireClientCertificate="false" />
                     </wsp:Policy>
                  </sp:TransportToken>
                  <sp:AlgorithmSuite>
                     <wsp:Policy>
                        <sp:Basic256 />
                     </wsp:Policy>
                  </sp:AlgorithmSuite>
                  <sp:Layout>
                     <wsp:Policy>
                        <sp:Strict />
                     </wsp:Policy>
                  </sp:Layout>
                  <sp:IncludeTimestamp />
               </wsp:Policy>
            </sp:TransportBinding>
            <sp:EndorsingSupportingTokens
               xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
               <wsp:Policy>
                  <sp:SecureConversationToken
                     sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                     <wsp:Policy>
                        <sp:BootstrapPolicy>
                           <wsp:Policy>
                              <sp:SignedParts>
                                 <sp:Body />
                                 <sp:Header Name="To"
                                    Namespace="http://www.w3.org/2005/08/addressing" />
                                 <sp:Header Name="From"
                                    Namespace="http://www.w3.org/2005/08/addressing" />
                                 <sp:Header Name="FaultTo"
                                    Namespace="http://www.w3.org/2005/08/addressing" />
                                 <sp:Header Name="ReplyTo"
                                    Namespace="http://www.w3.org/2005/08/addressing" />
                                 <sp:Header Name="MessageID"
                                    Namespace="http://www.w3.org/2005/08/addressing" />
                                 <sp:Header Name="RelatesTo"
                                    Namespace="http://www.w3.org/2005/08/addressing" />
                                 <sp:Header Name="Action"
                                    Namespace="http://www.w3.org/2005/08/addressing" />
                              </sp:SignedParts>
                              <sp:EncryptedParts>
                                 <sp:Body />
                              </sp:EncryptedParts>
                              <sp:TransportBinding>
                                 <wsp:Policy>
                                    <sp:TransportToken>
                                       <wsp:Policy>
                                          <sp:HttpsToken RequireClientCertificate="false" />
                                       </wsp:Policy>
                                    </sp:TransportToken>
                                    <sp:AlgorithmSuite>
                                       <wsp:Policy>
                                          <sp:Basic256 />
                                       </wsp:Policy>
                                    </sp:AlgorithmSuite>
                                    <sp:Layout>
                                       <wsp:Policy>
                                          <sp:Strict />
                                       </wsp:Policy>
                                    </sp:Layout>
                                    <sp:IncludeTimestamp />
                                 </wsp:Policy>
                              </sp:TransportBinding>
                              <sp:SignedSupportingTokens>
                                 <wsp:Policy>
                                    <sp:UsernameToken
                                       sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                                       <wsp:Policy>
                                          <sp:WssUsernameToken10 />
                                       </wsp:Policy>
                                    </sp:UsernameToken>
                                 </wsp:Policy>
                              </sp:SignedSupportingTokens>
                              <sp:Wss11>
                                 <wsp:Policy />
                              </sp:Wss11>
                              <sp:Trust10>
                                 <wsp:Policy>
                                    <sp:MustSupportIssuedTokens />
                                    <sp:RequireClientEntropy />
                                    <sp:RequireServerEntropy />
                                 </wsp:Policy>
                              </sp:Trust10>
                           </wsp:Policy>
                        </sp:BootstrapPolicy>
                     </wsp:Policy>
                  </sp:SecureConversationToken>
               </wsp:Policy>
            </sp:EndorsingSupportingTokens>
            <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
               <wsp:Policy />
            </sp:Wss11>
            <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
               <wsp:Policy>
                  <sp:MustSupportIssuedTokens />
                  <sp:RequireClientEntropy />
                  <sp:RequireServerEntropy />
               </wsp:Policy>
            </sp:Trust10>
            <wsaw:UsingAddressing />
         </wsp:All>
      </wsp:ExactlyOne>
   </wsp:Policy>


I have a problem with authorization.
Here is what I did:

1. My flow
MQInput -> Compute -> SOAPRequest -> …
In compute node I wrote:

Code:

SET OutputRoot.Properties.IdentitySourceType = 'usernameAndPassword';
SET OutputRoot.Properties.IdentitySourceToken = 'ххх';
SET OutputRoot.Properties.IdentitySourcePassword = 'yyyyy;


2. I made Policy Set (with UserName authentication token) and Policy Set Binding. Wrote this Policy Set an Policy Binding in my BAR file

My SOPARequest makes this request:

Code:

<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
   <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
      <s:Security
         xmlns:s="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
         xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
         soapenv:mustUnderstand="1">
         <s:UsernameToken u:Id="unt_20">
            <s:Username>xxx</s:Username>
            <s:Password
               Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yyyyyy</s:Password>
         </s:UsernameToken>
      </s:Security>
      <wsa:To>http://xxxxxxxx
      </wsa:To>
      <wsa:ReplyTo>
         <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous
         </wsa:Address>
      </wsa:ReplyTo>
      <wsa:MessageID>urn:uuid:8E42EA41DC2B2CE91A1350300865332
      </wsa:MessageID>
      <wsa:Action>http://xxxxxxxx
      </wsa:Action>
   </soapenv:Header>
   <soapenv:Body>
....


I get this response

Code:
 
Reason
   Text:CHARACTER:The message could not be processed. This is most likely because the action 'http://xxxxxx' is incorrect or
because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The
 security context token would be invalid if the service aborted the channel due to inactivity.
To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.
         lang:CHARACTER:en-US



First that I can see there is not the part IncludeTimestamp in SOAP request. How can I add it to my request?
As far as I understand it must be like this:

Code:

<o:Security s:mustUnderstand="1"
         xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <u:Timestamp u:Id="_0">
            <u:Created>2012-10-16T07:47:50.291Z</u:Created>
            <u:Expires>2012-10-16T07:52:50.291Z</u:Expires>
         </u:Timestamp>
      </o:Security>


Maybe I have one more mistake… Help me...

WMB: 7.0.0.3
Back to top
View user's profile Send private message Visit poster's website
lancelotlinc
PostPosted: Tue Oct 16, 2012 11:41 am Post subject: Reply with quote

Jedi Knight

Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA

Wow ! Great post. Excellent due diligence.

You are doing all the right things. Are the SSL certs up-to-date? If you use SoapUI or curl, are you able to submit a transaction to the host?
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER
Back to top
View user's profile Send private message Send e-mail
lancelotlinc
PostPosted: Tue Oct 16, 2012 11:45 am Post subject: Re: Message Broker & WS-Security Reply with quote

Jedi Knight

Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA

Vincent Vega wrote:
First that I can see there is not the part IncludeTimestamp in SOAP request. How can I add it to my request?
As far as I understand it must be like this:

Code:

<o:Security s:mustUnderstand="1"
         xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <u:Timestamp u:Id="_0">
            <u:Created>2012-10-16T07:47:50.291Z</u:Created>
            <u:Expires>2012-10-16T07:52:50.291Z</u:Expires>
         </u:Timestamp>
      </o:Security>


Maybe I have one more mistake… Help me...

WMB: 7.0.0.3



Yes, you can do this.

Code:
In the XPath Expressions table, click Add to associate XPath to each of the parts that you created in Step 10, as shown in the following table.Name XPath
app_encparts_response Envelope, Header, Security, Signature
app_signparts_response Envelope, Header, Security, Timestamp
app_encparts_request Envelope, Header, Security, Signature
app_signparts_request Envelope, Header, Security, Timestamp


http://publib.boulder.ibm.com/infocenter/wmbhelp/v8r0m0/topic/com.ibm.etools.mft.samples.wssecsamp.doc/doc/setup_policy.htm
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER
Back to top
View user's profile Send private message Send e-mail
mqjeff
PostPosted: Tue Oct 16, 2012 11:48 am Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

You likely forgot a checkbox in the security profile...
http://publib.boulder.ibm.com/infocenter/wmbhelp/v7r0m0/topic/com.ibm.etools.mft.doc/ab60140_.htm
Back to top
View user's profile Send private message
lancelotlinc
PostPosted: Tue Oct 16, 2012 11:59 am Post subject: Reply with quote

Jedi Knight

Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA

I found this APAR which has a ring to similarity to you, although it says if you are on 7.0.0.3 then you are already patched. What is the 'effective level' of your runtime? Use mqsireportbroker to find the effective level.

http://www-01.ibm.com/support/docview.wss?uid=swg1IC66875

IC66875: SOAP FAULT IF SOAP REQUEST MESSAGE HAS BOTH ACTOR ATTRIBUTE AND TIMESTAMP ELEMENT IN THE SECURITY HEADER.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER
Back to top
View user's profile Send private message Send e-mail
Vincent Vega
PostPosted: Tue Oct 16, 2012 11:59 am Post subject: Reply with quote

Novice

Joined: 27 Sep 2012
Posts: 18
Location: Kiev, Ukraine

lancelotlinc wrote:
Wow ! Great post. Excellent due diligence.

You are doing all the right things. Are the SSL certs up-to-date? If you use SoapUI or curl, are you able to submit a transaction to the host?



Yes, SSL certs up-to-date. My prodaction end point is: https://zzzzz.com/yyyy/ For the test I changed it to http://zzzz.com/yyy to catch traffic by Wireshark.

I have test programm on .net for a test. It works fine with this web service
There are only 2 lines on .net

Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace Test
{
   class Program
   {
      static void Main(string[] args)
      {
         var c = new ID.IDClient();
         c.ClientCredentials.UserName.UserName = "xxxxx";
         c.ClientCredentials.UserName.Password = "yyyyyyyy";

         /*Console.WriteLine("Получение возвратов ...");

         var rts = c.GetCreditReturns(DateTime.Today.AddDays(-1), DateTime.Now);

         foreach(var r in rts)
            Console.WriteLine("ФИО: {0}, № договора: {1}", r.FullName, r.CreditDeal);*/

         var st = c.SetCoBrMemberData(new DeltaBank.MemberData
         {
            BankCard = "1234",
            ComfortCard = 10000000016,
            Approved = DateTime.Today.AddDays(-1),
            Activated = DateTime.Today,
            LastName = "Иванов",
            FirstName = "Иван",
            MiddleName = "Иванович",
            Birthday = new DateTime(1960, 1, 1),
            CellPhone = "(055) 123-44-55",
            IdCode = "123456789"
         });

         Console.WriteLine("Status: {0}, {1}", st.Id, st.Description);
      }
   }
}

[/b]

Last edited by Vincent Vega on Tue Oct 16, 2012 12:14 pm; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website
Vincent Vega
PostPosted: Tue Oct 16, 2012 12:03 pm Post subject: Reply with quote

Novice

Joined: 27 Sep 2012
Posts: 18
Location: Kiev, Ukraine

lancelotlinc wrote:
I found this APAR which has a ring to similarity to you, although it says if you are on 7.0.0.3 then you are already patched. What is the 'effective level' of your runtime? Use mqsireportbroker to find the effective level.

http://www-01.ibm.com/support/docview.wss?uid=swg1IC66875

IC66875: SOAP FAULT IF SOAP REQUEST MESSAGE HAS BOTH ACTOR ATTRIBUTE AND TIMESTAMP ELEMENT IN THE SECURITY HEADER.


Quote:

$ bash
bash-3.00$ mqsireportbroker WBRK
BIP8927I: Broker Name 'WBRK'
Install path = '/opt/IBM/mqsi/7.0'
Work path = '/var/mqsi'
Broker UUID = 'b9a3a02e-2401-0000-0080-c51da6ac402a'
Process id = '749816'
Queue Manager = 'QMBRK'
User lil path = ''
User exit path = ''
Active user exits = ''
LDAP principal = ''
LDAP credentials = ''
ICU converter path = ''
Trusted (fastpath) Queue Manager application = 'false'
Configuration change timeout = '600' seconds
Internal configuration timeout = '600' seconds
Statistics major interval = '60' minutes
Operation mode = 'enterprise'
Fixpack capability level = '' (effective level '7.0.0.1')
Broker registry format = 'v7.0'
Administration security = ''
Multi-instance Broker = 'false'
Shared Work Path = 'none'
Start as WebSphere MQ Service = 'undefined'
HTTP listener port = '7080'


I'll update my server tommorow.
Back to top
View user's profile Send private message Visit poster's website
lancelotlinc
PostPosted: Tue Oct 16, 2012 12:09 pm Post subject: Reply with quote

Jedi Knight

Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA

Here is another APAR which may apply to your transaction, and suggests you may need 7.0.0.4 rather than 7.0.0.3 on your runtime.

http://www-01.ibm.com/support/docview.wss?uid=swg1IC75612
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER
Back to top
View user's profile Send private message Send e-mail
Vincent Vega
PostPosted: Tue Oct 16, 2012 12:09 pm Post subject: Reply with quote

Novice

Joined: 27 Sep 2012
Posts: 18
Location: Kiev, Ukraine

mqjeff wrote:
You likely forgot a checkbox in the security profile...
http://publib.boulder.ibm.com/infocenter/wmbhelp/v7r0m0/topic/com.ibm.etools.mft.doc/ab60140_.htm


I read this, but I understand that it is for encryption message. Am I right?
My message is not encrypted.
Back to top
View user's profile Send private message Visit poster's website
Vincent Vega
PostPosted: Tue Oct 16, 2012 12:11 pm Post subject: Reply with quote

Novice

Joined: 27 Sep 2012
Posts: 18
Location: Kiev, Ukraine

lancelotlinc wrote:
Here is another APAR which may apply to your transaction, and suggests you may need 7.0.0.4 rather than 7.0.0.3 on your runtime.

http://www-01.ibm.com/support/docview.wss?uid=swg1IC75612


Thanks, I'll try
Back to top
View user's profile Send private message Visit poster's website
mqjeff
PostPosted: Tue Oct 16, 2012 12:23 pm Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

Your original message states
Quote:
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false" />
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
</wsp:Policy>
</sp:TransportBinding>

That maps to the options on the Message Level Protection panel.

But before you change that, and after you apply fixpack 4, you should make sure to mqsichangebroker -f all so that you take advantage of the features of FixPack 4, rather than still having a capability level of FixPack 1.
Back to top
View user's profile Send private message
Vincent Vega
PostPosted: Wed Oct 17, 2012 10:04 am Post subject: Reply with quote

Novice

Joined: 27 Sep 2012
Posts: 18
Location: Kiev, Ukraine

Thanks for help.
I resolved problem with TimeStamp, but now I have another problem. Little bit more about my configurations. I have 2 servers (I’ve updated their today):
Production: wmb 7.0.0.4, aix 6 (x64)
Test: wmb 7.0.0.4, windows xp (x86)
The Keystore, Truststore, Policy Set and Policy Set Bindings are the same on these servers.
Message broker Toolkit 7.0.0.5.

I have 2 BAR files. In test BAR file SOAPRequest node “Web service URL” is http://xxxxx, in production BAR file “Web service URL” is httpS://xxxxx. I did this for catch soap request by Wireshark (http://www.wireshark.org/)

I put the cert in trust store and key store.
After server’s update I have this soap request:


Now I can see Timestamp, but mistake is still exist

Ok. Go to the next level of my quest. In WSDL I have:

Code:

<wsp:Policy>
   <sp:BootstrapPolicy>
      <wsp:Policy>
         <sp:SignedParts>
            <sp:Body />
            <sp:Header Name="To"
               Namespace="http://www.w3.org/2005/08/addressing" />
            <sp:Header Name="From"
               Namespace="http://www.w3.org/2005/08/addressing" />
            <sp:Header Name="FaultTo"
               Namespace="http://www.w3.org/2005/08/addressing" />
            <sp:Header Name="ReplyTo"
               Namespace="http://www.w3.org/2005/08/addressing" />
            <sp:Header Name="MessageID"
               Namespace="http://www.w3.org/2005/08/addressing" />
            <sp:Header Name="RelatesTo"
               Namespace="http://www.w3.org/2005/08/addressing" />
            <sp:Header Name="Action"
               Namespace="http://www.w3.org/2005/08/addressing" />
         </sp:SignedParts>
         <sp:EncryptedParts>
            <sp:Body />
         </sp:EncryptedParts>


It means I must sign Body and some parts of Header and encrypt Body. Is it right?
I tried different configurations but anything doesn’t work. How can I implement this sign and encryption? What certificate should I use? I have only one cert for SSL connection.

My last Policy settings:






















I can't deploy my BAR file with this settings. I have mistake



Code:

 MB7BROKER.default ) A Java exception was thrown whilst calling the Java JNI method ''method_com_ibm_broker_axis2_Axis2NodeRegistrationUtil_registerSyncRequestNode''. The Java exception was ''BIP3726E: com.ibm.broker.axis2.MbSoapException: Failed to setup Axis2''. The Java stack trace was ''Frame : 0 com.ibm.broker.axis2.MbSoapException: Failed to setup Axis2
   @: com.ibm.broker.axis2.Axis2NodeRegistered$SOAPConfig.<init>(Axis2NodeRegistered.java:314)
   @: com.ibm.broker.axis2.Axis2NodeRegistered.<init>(Axis2NodeRegistered.java:135)
   @: com.ibm.broker.axis2.Axis2EngineManager.registerNode(Axis2EngineManager.java:81)
   @: com.ibm.broker.axis2.Axis2NodeRegistrationUtil.registerSyncRequestNode(Axis2NodeRegistrationUtil.java:351)
Frame : 1 com.ibm.broker.axis2.MbSoapException: Configuration using PS and binding failed
   @: com.ibm.broker.axis2.Axis2NodeRegistered$SOAPConfig.setupSOAPPipeline(Axis2NodeRegistered.java:768)
   @: com.ibm.broker.axis2.Axis2NodeRegistered$SOAPConfig.<init>(Axis2NodeRegistered.java:269)
   @: com.ibm.broker.axis2.Axis2NodeRegistered.<init>(Axis2NodeRegistered.java:135)
   @: com.ibm.broker.axis2.Axis2EngineManager.registerNode(Axis2EngineManager.java:81)
   @: com.ibm.broker.axis2.Axis2NodeRegistrationUtil.registerSyncRequestNode(Axis2NodeRegistrationUtil.java:351)
Frame : 2 com.ibm.broker.axis2.MbSoapException: Keystore exception
   @: com.ibm.broker.axis2.Axis2NodeRegistered$SOAPConfig.policySetConfiguration(Axis2NodeRegistered.java:1891)
   @: com.ibm.broker.axis2.Axis2NodeRegistered$SOAPConfig.setupSOAPPipeline(Axis2NodeRegistered.java:738)
   @: com.ibm.broker.axis2.Axis2NodeRegistered$SOAPConfig.<init>(Axis2NodeRegistered.java:269)
   @: com.ibm.broker.axis2.Axis2NodeRegistered.<init>(Axis2NodeRegistered.java:135)
   @: com.ibm.broker.axis2.Axis2EngineManager.registerNode(Axis2EngineManager.java:81)
   @: com.ibm.broker.axis2.Axis2NodeRegistrationUtil.registerSyncRequestNode(Axis2NodeRegistrationUtil.java:351)
Frame : 3 com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS7280E: Тип ключа Token Generator [http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3] не соответствует типу ключа шифрования, определенному в стратегии.
   @: com.ibm.wsspi.wssecurity.core.SoapSecurityException.format(SoapSecurityException.java:77)
   @: com.ibm.ws.wssecurity.confimpl.PrivateGeneratorConfig.validate(PrivateGeneratorConfig.java:914)
   @: com.ibm.ws.wssecurity.handler.PolicyOutboundConfig.init(PolicyOutboundConfig.java:3126)
   @: com.ibm.ws.wssecurity.handler.PolicyOutboundConfig.<init>(PolicyOutboundConfig.java:255)
   @: com.ibm.ws.wssecurity.handler.WSSecurityBindingLoaderImpl.loadCustom(WSSecurityBindingLoaderImpl.java:379)
   @: com.ibm.broker.axis2.Axis2NodeRegistered$SOAPConfig.policySetConfiguration(Axis2NodeRegistered.java:1816)
   @: com.ibm.broker.axis2.Axis2NodeRegistered$SOAPConfig.setupSOAPPipeline(Axis2NodeRegistered.java:738)
   @: com.ibm.broker.axis2.Axis2NodeRegistered$SOAPConfig.<init>(Axis2NodeRegistered.java:269)
   @: com.ibm.broker.axis2.Axis2NodeRegistered.<init>(Axis2NodeRegistered.java:135)
   @: com.ibm.broker.axis2.Axis2EngineManager.registerNode(Axis2EngineManager.java:81)
   @: com.ibm.broker.axis2.Axis2NodeRegistrationUtil.registerSyncRequestNode(Axis2NodeRegistrationUtil.java:351)''.   

Correct the error, and if necessary redeploy the flow. 
Back to top
View user's profile Send private message Visit poster's website
Vincent Vega
PostPosted: Wed Oct 17, 2012 10:07 am Post subject: Reply with quote

Novice

Joined: 27 Sep 2012
Posts: 18
Location: Kiev, Ukraine

Quote:
com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS7280E: Тип ключа Token Generator [http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3] не соответствует типу ключа шифрования, определенному в стратегии.


translate:

Quote:
Key type Token Generator does not match the encryption key, as defined in the strategy.
Back to top
View user's profile Send private message Visit poster's website
salvador.wbi
PostPosted: Mon Jun 16, 2014 2:01 pm Post subject: Same error! Reply with quote

Novice

Joined: 10 Jul 2009
Posts: 18
Location: Monterrey, Mexico

Hello guys!

Currently I'm facing the same problem, @Vincent Vega, did you solve this issue? I would appreciate your help!
_________________
"The problem with people who have no vices is that generally you can be pretty sure they're going to have some pretty annoying virtues."
Back to top
View user's profile Send private message
Vincent Vega
PostPosted: Mon Jun 16, 2014 3:27 pm Post subject: Re: Same error! Reply with quote

Novice

Joined: 27 Sep 2012
Posts: 18
Location: Kiev, Ukraine

salvador.wbi wrote:
Hello guys!

Currently I'm facing the same problem, @Vincent Vega, did you solve this issue? I would appreciate your help!


Unfortunately I didn't have time for solve this problem. My business department demand result and I used proxy service on .net
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker (ACE) SupportMessage Broker & WS-Security
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.