Hi,
I am using the policy wss10_saml_token_with_message_protection_service_policy for Service Bus 12c proxy service and getting the error while verifying the signature digest. I am doing the testing using SOAP Ui.
I am able to understand it's an issue in verifying the signature digest but unable to debug and conclude the cause of this issue as i did the necessary setup. And using the appropriate keys for encryption and signing. Also tried overriding the policy configuration at policy level and Service bus end point level too.
Policy Settings are:
- Time Stamp included, Signing entire request body, no signing for SAML token and X 509 token.
- No signature encryption checked and kept default values for all other attributes.
Configured only Message Security section in WSM Domain Configuration and used JKS as the key store. Used the trusted certificate entry of client as signing alias and own public key as enc alias.
Following is the error stack trace i am seeing. Please let me know if there is any thing missing or any other insights into this issue. The logs generated by setting xml.debug.verify also did not help much. I am thinking the issue may be something to do with Canonicalization of XML.
Caused by: com.bea.wli.sb.security.wss.WssHandlerException: General web service security error
at com.bea.wli.sb.security.wss.WssHandlerImpl.generateInboundRequestBLE(WssHandlerImpl.java:1499)
at com.bea.wli.sb.security.wss.WssHandlerImpl.handleInboundRequestException(WssHandlerImpl.java:1457)
at com.bea.wli.sb.security.wss.WssHandlerImpl.handleInboundRequestException(WssHandlerImpl.java:1444)
at com.bea.wli.sb.service.disi.handlerchain.handlers.InboundWssPhase1DISIHandler.dispatch(InboundWssPhase1DISIHandler.java:107)
... 43 more
Caused by: com.bea.wli.sb.security.wss.WssException: oracle.wsm.security.SecurityException: WSM-00061 : Signature digest verification failure. The system property xml.debug.verify should be enabled for the details about the digest calculations during verification phase (note xml.debug.verify slows down the signature verification for very large messages).
Caused by:-
at com.bea.wli.sb.security.wss.wsm.WsmInboundHandler.handleRequestException(WsmInboundHandler.java:350)
at com.bea.wli.sb.security.wss.WssHandlerImpl.handleInboundRequestException(WssHandlerImpl.java:1442)
... 44 more
Caused by: oracle.wsm.security.SecurityException: WSM-00061 : Signature digest verification failure. The system property xml.debug.verify should be enabled for the details about the digest calculations during verification phase (note xml.debug.verify slows down the signature verification for very large messages).
Caused by:-
at oracle.wsm.security.policy.scenario.processor.Wss10MessageSecurityProcessor.verify(Wss10MessageSecurityProcessor.java:482)
at oracle.wsm.security.policy.scenario.processor.Wss10X509TokenProcessor.verify(Wss10X509TokenProcessor.java:301)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.receiveRequest(Wss10SamlWithCertsScenarioExecutor.java:184)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:642)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:44)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:515)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:427)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:374)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:103)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1270)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:563)
at oracle.j2ee.ws.common.wsm.SecurityAgentTube.processRequest(SecurityAgentTube.java:201)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber.access$100(Fiber.java:127)