WS-Security is an extension to SOAP for applying security to web-services through XML Signature and XML Encryption.
WS-Security is an extension to SOAP for applying security to web-services through XML Signature and XML Encryption.
Questions tagged [ws-security]
939 questions
7
votes
2 answers
How to enable debug logging in Apache CXF before encrypting
I already have enabled debug logs for my WS-Client like this
Client client = ClientProxy.getClient(port);
LoggingInInterceptor loggingInInterceptor = new LoggingInInterceptor();
loggingInInterceptor.setPrettyLogging(true);
LoggingOutInterceptor…
Martin Fernau
- 787
- 1
- 6
- 19
7
votes
0 answers
How to consume a Web Service (SOAP 1.1, WS-Security) from C# based on a WSDL?
I have a WSDL for a Web Service (https://facturaelectronica.dian.gov.co/habilitacion/B2BIntegrationEngine/FacturaElectronica/facturaElectronica.wsdl) which specifies that it's SOAP 1.1 and should use WS-Security.
The resulting SOAP Header should be…
Luis Londono
- 71
- 2
7
votes
0 answers
IdentityServer3 symmetric key issue on Relying Party
I just set up a SelfHost(InMem with WS-Fed) Thinktecture IdentityServer3 project example and I'm trying to use it to get a JWT, the problem is that I only recieve tokens signed with an asymmetric key using the alg RS256 but I need them to be…
user123456
- 133
- 7
7
votes
0 answers
Policy-based wss4j jax-ws handler without cfx/axis2/metro
Is there any open-source jax-ws handler that implements policy-based WS-Security that does not depend on cxf or axis2 ?
My main use case is to implement webservice clients, but using cxf or axis2 implies that I have to bring a lot of libraries just…
Philippe Sevestre
- 974
- 12
- 18
7
votes
1 answer
Creating Signed SOAP Message as a String with C#
I need to call web service that I have to send such soap request below by using C#. SoapBody and TimeStamp must be signed.
…
jQP
- 99
- 1
- 6
7
votes
2 answers
Is it possible to do a TLS handshake event in Tomcat?
I'm running an application (web service) in tomcat with TLS enabled (with certificates both for the client and the server).
I want that my application will be able to send audit message (logging) when TLS handshake fails. For example I want to log…
Yonatan Maman
- 2,428
- 1
- 24
- 34
7
votes
2 answers
WSIT/Metro doesn't understand Security SOAP header
I'm using WSIT/Metro to create a simple web-service. I'm getting the following error on the server when a client tries to connect with a simple username/passowrd authentication scheme:
2010.03.31. 19:10:33 com.sun.xml.ws.protocol.soap.MUTube…
Lóránt Pintér
- 10,152
- 14
- 47
- 53
7
votes
2 answers
Consume a Web Service that requires WS-Security from ASP.NET 4.5 Application
I need to consume a web service that requires WS-Security based on X.509 certificates from ASP.NET 4.5 application. So far i have created the web reference but i don't know how implement WS-Security. I have no problem with getting the certificate,…
Diane
- 428
- 2
- 6
- 16
7
votes
2 answers
What is the best way to learn security in java A-Z
I am j2se/jee developer and new to java security side, and planning to learn more on this subject. Can you help me guiding with proper way/recources to learn security from beginner to intermediate level. I have done google for few days and got few…
user3050112
7
votes
2 answers
How to make WSS4J load the keystore password from a callback?
I'm using Apache CXF to build a Web Service. It uses Apache WSS4J to provide WS-Security functionality. I need to make a SOAP request and it must be signed.
This is the content of the properties file I pass to…
Alex Oliveira
- 893
- 1
- 9
- 27
7
votes
2 answers
WSS4j elements order during signing SOAP message
I'm implementing web service client in Java which uses wss4j 1.6.8 for WS-Security (to be more precize I need to sign a SOAP message). Server side requires requests to have the following structure:
user1028128
- 81
- 2
- 4
6
votes
3 answers
WCF Client - How to process or ignore a MustUnderstand header element?
I'm writing a WCF Client that consumes a non-.Net web service, using WS-Security. The service's response contains a Security header with mustUnderstand set to true.
Using a ServiceModelListener, I do see actual data coming back from the service. The…
Mark Maslar
- 1,121
- 4
- 16
- 28
6
votes
2 answers
WCF certificate chain trust authentication: "The caller was not authenticated by the service."
I would like to use certificate-based encryption and verification when communicating with a WCF service. So I created test certificates, "TempCA" as my root CA and "SignedByCA" as a client certificate signed by that CA.
When I put the client…
AndiDog
- 68,631
- 21
- 159
- 205
6
votes
1 answer
Axis2+Rampart WebService Signing and Encryption
i have a problem with the security between one webservice and his client.
I use Axis2 and Rampart to build bottom up my webservice and than create the client from the generated wsdl.
I show you my code and the concrete problem.
Client.java
package…
Happo
- 71
- 1
- 3
6
votes
1 answer
Sign Soap 1.1 body with .Net Core 3.1
I want to connect from .Net Core 3.1 with C# to a web service that requires I sign the Soap 1.1 body according to WS-Security WS-Policy 2004/09.
This is a textual description of the policy requirement:
AsymmetricBindingAssertion indicates to use…
Ulf Kristiansen
- 1,571
- 3
- 22
- 34