Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Custom security policy in OWSM

3383174Feb 1 2018 — edited Feb 9 2018

I have to communicate with a third party webservice via two-way SSL using X509 token for authentication, I have tried using oracle/wss11_x509_token_with_message_protection_client_policy, but the issue is that the downstream webservice do not expect anything encrypted on message level. I have tried making a copy of the policy, where I have removed everything which has to do with encryption (as the only change to the original policy), but then it fails with:

The signature confirmation value is invalid. Expected : <MArTXS0e+h66toFTUBnrsLuc1yA=, ACeOWKSq9wI5/WI20GPnm8ThX4uUxqmzzZsUg2GfSSTdcefIJ/2T9r2ffBw60S0H52gmafLrMJBMwqZB06jHZC2ZA1T8cPTH5rXF8lG4dAYdRZM+VEos88tXjOjCy5rLTkdQNDOHktrRPYqiN4ro4sUZEWvYfaLSDfLHvLfkdqmP8cPNbjMqXUn9ssXPBkm+55mdQNcnOkbxNpyokBWZ0Ii/O4/dKUz/V8LDDUEIn0Ytgre5udIxBdNGnamnNlGxj3YUM0KjAwItsR4TdmXKxOa0qRkYOgG1eoCtq2Oi2zaAlRKxA6n/rGVz51A5XvE6l5gniiwRL66uQIeBlSGs7w==, >, Actual : <>

I have also tried making the same from a template, but that just gives me a Generic Error.

The policy I have to implement is as such:

<wsp:UsingPolicy wssutil:Required="true"/>

<wsp:Policy wssutil:Id="Wssp1.2-2007-Wss1.1-X509-Basic256.xml">

  <ns1:AsymmetricBinding xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

   <wsp:Policy>

<ns1:InitiatorToken>

<wsp:Policy>

<ns1:X509Token ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">

<wsp:Policy>

<ns1:RequireThumbprintReference/>

<ns1:WssX509V3Token11/>

</wsp:Policy>

</ns1:X509Token>

</wsp:Policy>

</ns1:InitiatorToken>

<ns1:RecipientToken>

<wsp:Policy>

<ns1:X509Token ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">

<wsp:Policy>

<ns1:RequireThumbprintReference/>

<ns1:WssX509V3Token11/>

</wsp:Policy>

</ns1:X509Token>

     </wsp:Policy>

</ns1:RecipientToken>

<ns1:AlgorithmSuite>

<wsp:Policy>

      <ns1:Basic256/>

     </wsp:Policy>

</ns1:AlgorithmSuite>

    <ns1:Layout>

<wsp:Policy>

<ns1:Lax/>

</wsp:Policy>

    </ns1:Layout>

    <ns1:IncludeTimestamp/>

<ns1:ProtectTokens/>

<ns1:OnlySignEntireHeadersAndBody/>

   </wsp:Policy>

  </ns1:AsymmetricBinding>

  <ns2:Wss11 xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

   <wsp:Policy>

<ns2:MustSupportRefKeyIdentifier/>

<ns2:MustSupportRefIssuerSerial/>

<ns2:MustSupportRefThumbprint/>

<ns2:MustSupportRefEncryptedKey/>

<ns2:RequireSignatureConfirmation/>

   </wsp:Policy>

  </ns2:Wss11>

</wsp:Policy>

<wsp:Policy wssutil:Id="Wssp1.2-2007-SignBody.xml">

  <ns3:SignedParts xmlns:ns3="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

   <ns3:Body/>

  </ns3:SignedParts>

</wsp:Policy>

Any pointer on how to implement the above mentioned policy would be very much welcome.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 9 2018
Added on Feb 1 2018
#soa-process-management, #soa-suite-discusssions
2 comments
257 views