WS-Security is an extension to SOAP for applying security to web-services through XML Signature and XML Encryption.
WS-Security is an extension to SOAP for applying security to web-services through XML Signature and XML Encryption.
Questions tagged [ws-security]
939 questions
4
votes
1 answer
How do I get WCF to send the password in digest mode when using UserNameOverTransport binding? (Converting WSE3.0 code to WCF)
I'm trying to convert this WSE3.0 code to WCF:
// we use Microsoft WSE 3.0 to insert the username token in the soap header.
// This strategy takes care of creating and inserting the Nonce and Created elements
// for us, as well as creating a…
Redwood
- 66,744
- 41
- 126
- 187
4
votes
2 answers
How can I configure WCF to only sign the TimeStamp header
I am trying to configure my WCF client to create a SOAP 1.1 request that includes WS-Addressing, WS-Security and TLS.
The security requirements are that the message includes a Username Token, TimeStamp and that the TimeStamp is signed using an…
Edward
- 1,043
- 10
- 24
4
votes
0 answers
How to support multiple certificates for CXF client
I have a SOAP-client application that calls a third-party SOAP endpoint and we use SSL to have access to it. Now the certificate is expiring in a few months and we received a new certificate of our third-party. Now we use Apache CXF client for…
KENG_1080
- 55
- 5
4
votes
2 answers
IBM DataPower 3.7.1.x issues with WCF clients
I'm trying to consume an IBM DataPower 3.7.1.x web service in WCF getting the following error message:
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted…
YONDERBOI
- 103
- 1
- 5
4
votes
1 answer
How paypal can protect customers data from there Business partners?
If business partner of paypal using paypal's web service in its website.If the web service is asking for username and password of its customer,how paypal can protect customers data from there Business partners?How soap transaction can take place…
sun
- 183
- 1
- 5
4
votes
2 answers
C# Runtime Error when implementing WSSE Security Headers with custom fields in SOAP request
I am trying to send a SOAP request to a web service that uses WSSE and UsernameToken for authentication. The sample query is as follows (masking confidential data):
Vesnog
- 773
- 2
- 16
- 33
4
votes
0 answers
How do I stop WCF from accepting insecure messages?
I'm trying to set up a WCF service with authentication built in. I want to use a custom UserNamePasswordValidator to validate the credentials sent in messages.
If I use a standard wsHttpBinding, I can get this working without problems using the…
ldam
- 4,412
- 6
- 45
- 76
4
votes
1 answer
WCF Soap client unable to resolve URI in signature to compute digest
I am trying to consume a SOAP 1.1 web service that runs on top of Oracle Web Logic, from a WCF client. The service implements the standard Oasis WS-Security 1.2, with body signing and encryption (sign before encrypt) and algorithms Basic256Sha256,…
Guillermo Gutiérrez
- 17,273
- 17
- 89
- 116
4
votes
1 answer
WebServicesClientProtocol add EncodingType to Nonce in Security header
Similar question: How do I add an EncodingType attribute to the Nonce element of a UsernameToken in WSE 3.0 (.NET)
I'm trying to modify header that is send by WebServicesClientProtocol to service.
Unfortunately Microsoft's implementation of WSSE…
Misiu
- 4,738
- 21
- 94
- 198
4
votes
1 answer
Creating a SOAP Header with WS-Addressing and WS-Security from scratch
I am sending out a SOAP message from a windows service to an http endpoint (regular aspx page that will just accept the whole SOAP envelope). The overall operation is async, the actual response comes back at a later time. The nature of the setup…
Carl
- 406
- 4
- 17
4
votes
0 answers
An error was discovered processing the header in SoapUI
I try to intercept encrypted soap message in wildfly 10 with soapUI. Deployment is successful.
First below pics are outgoing ws-security configuration which includes signature and encryption.
* Signature
Keystore - client keystore
Alias - alias of…
Joseph Hwang
- 1,337
- 3
- 38
- 67
4
votes
1 answer
WCF - Java web service interop - Signed outgoing message not accepted
I try to sign a message using a certificate and a private key to call a java (JBoss) web service, but the server refuses to accept my signed message. It only echoes back the same message that I've sent.
I have successfully signed the outgoing…
Simon
- 129
- 6
4
votes
0 answers
Apache CXF - Configure WSS4JInInterceptor
I'm using Apache CXF + WS-Security in my project when connecting to the server.
When server's response is received I must validate the signature of SignatureConfirmation, Timestamp, SOAP-body with server's public key, which is included as…
Oleg
- 2,984
- 8
- 43
- 71
4
votes
2 answers
Spring-WS: how to use WebserviceTemplate with pre-generated SOAP-envelope
Can you use a Spring-WS WebserviceTemplate for calling a webservice and avoid that it generates a SOAP-envelope? That is, the message already contains an SOAP-Envelope and I don't want that the WebserviceTemplate wraps another one around it. :-)
The…
Dr. Hans-Peter Störr
- 25,298
- 30
- 102
- 139
4
votes
2 answers
Standard web services v Secure web services
I ask this question in anticipation as part of a project. I have experience of developing and consuming web services in the past and am au fait with those. However I have been told that as part of this next project I will need to use "secure" web…
anonym0use
- 2,936
- 4
- 25
- 26