wsit
  1. wsit
  2. WSIT-1453

metro client fails against the service running on SOA and using SAML Token.

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Critical Critical
    • Resolution: Unresolved
    • Affects Version/s: 1.6
    • Fix Version/s: current
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

      Description

      SAML Scenario failing with metro 1.6

      Scenario details
      ==========
      Client metro-1.6 ------------> SOA Service

      Server endpoint
      ===============
      http://ejp5356-vm2.india.sun.com:8001/soa-infra/services/default/SAMLEcho!1.0*soa_a2598a78-4978-40b3-8ba2-d4cf9261ba98/SAMLMediator_ep?WSDL

      Request/Response Log
      ====================
      INFO: WSP1049: Loaded WSIT configuration from file:
      file:/scratch/aime1/NetBeansProjects/TestSAMLSOA1/build/classes/META-INF/wsit-client.xml
      ---[HTTP request -
      http://ejp5356-vm2.india.sun.com:8001/soa-infra/services/default/SAMLEcho!1.0*soa_a2598a78-4978-40b3-8ba2-d4cf9261ba98/SAMLMediator_ep]---
      Content-type:
      multipart/related;start="<rootpart*b8c99c64-092f-4e3f-81e6-24fdcbf96555@example.jaxws.sun.com>";type="application/xop+xml";boundary="uuid:b8c99c64-092f-4e3f-81e6-24fdcbf96555";start-info="text/xml"
      User-agent: JAX-WS RI 2.1.8-hudson-11-
      Soapaction: ""
      Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2,
      /; q=.2
      --uuid:b8c99c64-092f-4e3f-81e6-24fdcbf96555
      Content-Id: <rootpart*b8c99c64-092f-4e3f-81e6-24fdcbf96555@example.jaxws.sun.com>
      Content-Type: application/xop+xml;charset=utf-8;type="text/xml"
      Content-Transfer-Encoding: binary

      <?xml version='1.0' encoding='UTF-8'?><S:Envelope
      xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
      xmlns:xs="http://www.w3.org/2001/XMLSchema"
      xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
      xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"><S:Header><wsse:Security
      S:mustUnderstand="1"><wsu:Timestamp
      xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
      xmlns:ns17="http://www.w3.org/2003/05/soap-envelope"
      wsu:Id="_3"><wsu:Created>2010-07-06T11:56:18Z</wsu:Created><wsu:Expires>2010-07-06T12:01:18Z</wsu:Expires></wsu:Timestamp><saml:Assertion
      xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"
      xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
      xmlns:xs="http://www.w3.org/2001/XMLSchema" AssertionID="1278417378455"
      IssueInstant="2010-07-06T11:56:18.456Z" Issuer="www.oracle.com" MajorVersion="1"
      MinorVersion="1"><saml:Conditions NotBefore="2010-07-06T10:56:18.456Z"
      NotOnOrAfter="2010-07-06T12:56:18.456Z"
      /><saml:AttributeStatement><saml:Subject><saml:NameIdentifier
      Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">orakey</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute
      AttributeName="attribute1"
      AttributeNamespace="urn:com:sun:xml:wss:attribute"><saml:AttributeValue
      xmlns:ns5="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:ns6="http://www.w3.org/2001/XMLSchema"
      ns5:type="ns6:string">ATTRIBUTE1</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion><xenc:EncryptedKey
      xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
      xmlns:ns17="http://www.w3.org/2003/05/soap-envelope"
      Id="_5002"><xenc:EncryptionMethod
      Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ds:KeyInfo
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:type="keyInfo"><wsse:SecurityTokenReference wsu:Id="_4"><wsse:KeyIdentifier
      ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
      EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">91tYxY3ACP8PP17Mp9qTI4CcJgw=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue><Include
      xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:04a50084-32b1-41b0-b62f-e00c93e46cd6@example.jaxws.sun.com"/></xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><wsse:BinarySecurityToken
      xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
      xmlns:ns17="http://www.w3.org/2003/05/soap-envelope"
      ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
      EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
      wsu:Id="uuid_32c2aede-9867-427a-a953-280079cdd06b"><Include
      xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:0e831320-9942-4e2e-8bfa-0372fb8236a7@example.jaxws.sun.com"/></wsse:BinarySecurityToken><xenc:ReferenceList
      xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
      xmlns:ns17="http://www.w3.org/2003/05/soap-envelope"><xenc:DataReference
      URI="#_5004" /></xenc:ReferenceList><wsse:SecurityTokenReference
      xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
      xmlns:ns17="http://www.w3.org/2003/05/soap-envelope"
      wsu:Id="uuid_23263fde-d07a-4839-af59-4d1543f62bf2"
      wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><wsse:KeyIdentifier
      ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">1278417378455</wsse:KeyIdentifier></wsse:SecurityTokenReference><ds:Signature
      xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
      xmlns:ns17="http://www.w3.org/2003/05/soap-envelope"
      Id="_1"><ds:SignedInfo><ds:CanonicalizationMethod
      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces
      PrefixList="wsse S" /></ds:CanonicalizationMethod><ds:SignatureMethod
      Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /><ds:Reference
      URI="#_5003"><ds:Transforms><ds:Transform
      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces
      PrefixList="S" /></ds:Transform></ds:Transforms><ds:DigestMethod
      Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ds:DigestValue><Include
      xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:4c270b9b-650e-401d-9b37-009ceca85d6d@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference><ds:Reference
      URI="#_3"><ds:Transforms><ds:Transform
      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces
      PrefixList="wsu wsse S" /></ds:Transform></ds:Transforms><ds:DigestMethod
      Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ds:DigestValue><Include
      xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:eddbac25-fffb-4e32-af3a-31ef967149d3@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference><ds:Reference
      URI="#_4"><ds:Transforms><ds:Transform
      Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"><wsse:TransformationParameters><ds:CanonicalizationMethod
      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
      /></wsse:TransformationParameters></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
      /><ds:DigestValue><Include xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:3015a735-2f9f-416e-bf08-3ebf1633f307@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference><ds:Reference
      URI="#uuid_23263fde-d07a-4839-af59-4d1543f62bf2"><ds:Transforms><ds:Transform
      Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"><wsse:TransformationParameters><ds:CanonicalizationMethod
      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
      /></wsse:TransformationParameters></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
      /><ds:DigestValue><Include xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:a07dabb6-40a6-4735-b1c6-e086d7bf2e66@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue><Include
      xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:5211a91b-77bb-449d-a1d4-fb557667fccf@example.jaxws.sun.com"/></ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference
      wsu:Id="uuid_c21763cc-407c-4284-b37a-b745b8c03602"><wsse:Reference URI="#_5002"
      ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
      /></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><ds:Signature
      xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
      xmlns:ns17="http://www.w3.org/2003/05/soap-envelope"
      Id="_5"><ds:SignedInfo><ds:CanonicalizationMethod
      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces
      PrefixList="wsse S" /></ds:CanonicalizationMethod><ds:SignatureMethod
      Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference
      URI="#uuid_32c2aede-9867-427a-a953-280079cdd06b"><ds:Transforms><ds:Transform
      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces
      PrefixList="wsu wsse S" /></ds:Transform></ds:Transforms><ds:DigestMethod
      Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ds:DigestValue><Include
      xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:f7be1283-8817-4f35-b37a-586fd0c69e6f@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference><ds:Reference
      URI="#_1"><ds:Transforms><ds:Transform
      Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces
      PrefixList="wsu wsse S" /></ds:Transform></ds:Transforms><ds:DigestMethod
      Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ds:DigestValue><Include
      xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:61d2fc04-f962-405a-be24-88d7c0871344@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue><Include
      xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:da49254b-fd70-4a76-8225-6607746bcfb4@example.jaxws.sun.com"/></ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference><wsse:Reference
      URI="#uuid_32c2aede-9867-427a-a953-280079cdd06b"
      ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
      /></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></S:Header><S:Body
      wsu:Id="_5003"><xenc:EncryptedData
      xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
      xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5004"
      Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod
      Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /><ds:KeyInfo
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:type="keyInfo"><wsse:SecurityTokenReference><wsse:Reference URI="#_5002"
      ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
      /></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue><Include
      xmlns="http://www.w3.org/2004/08/xop/include"
      href="cid:34ed8172-67e1-4b52-9ef2-91d0f21a00d2@example.jaxws.sun.com"/></xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></S:Body></S:Envelope>

      ---[HTTP response -
      http://ejp5356-vm2.india.sun.com:8001/soa-infra/services/default/SAMLEcho!1.0*soa_a2598a78-4978-40b3-8ba2-d4cf9261ba98/SAMLMediator_ep

      • 500]---
        null: HTTP/1.1 500 Internal Server Error
        Content-type: text/xml; charset=utf-8
        Content-length: 363
        X-powered-by: Servlet/2.5 JSP/2.1
        Date: Tue, 06 Jul 2010 11:56:19 GMT
        X-oracle-dms-ecid: 0000IabbI753Z7e5xbk3yW1C6Z9_003jGF
        Soapaction: ""
        <env:Envelope
        xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault
        xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>ns0:FailedCheck</faultcode><faultstring>FailedCheck
        : failure in security
        check</faultstring><faultactor></faultactor></env:Fault></env:Body></env:Envelope>--------------------
        javax.xml.ws.soap.SOAPFaultException: FailedCheck : failure in security check
        at
        com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:189)
        at
        com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
        at
        com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
        at
        com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
        at $Proxy37.echo(Unknown Source)
        at testsamlsoa1.Main.main(Main.java:26)
        BUILD SUCCESSFUL (total time: 3 seconds)

      Server Log
      ==========
      ####<Jul 6, 2010 5:43:25 PM IST> <Error> <oracle.wsm.resources.security>
      <ejp5356-vm2> <soa_server1> <[ACTIVE] ExecuteThread: '0' for queue:
      'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1278418405141>
      <WSM-00061> <Signature digest verification failure.>
      ####<Jul 6, 2010 5:43:25 PM IST> <Error> <oracle.wsm.resources.security>
      <ejp5356-vm2> <soa_server1> <[ACTIVE] ExecuteThread: '0' for queue:
      'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1278418405142>
      <WSM-00006> <Error in receiving the request:
      oracle.wsm.security.SecurityException: WSM-00061 : Signature digest verification
      failure..>
      ####<Jul 6, 2010 5:43:25 PM IST> <Error> <oracle.wsm.resources.enforcement>
      <ejp5356-vm2> <soa_server1> <[ACTIVE] ExecuteThread: '0' for queue:
      'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1278418405143>
      <WSM-07607> <Failure in execution of assertion

      {http://schemas.oracle.com/ws/2006/01/securitypolicy}

      wss11-saml-with-certificates executor
      class
      oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.>
      ####<Jul 6, 2010 5:43:25 PM IST> <Error> <oracle.wsm.resources.enforcement>
      <ejp5356-vm2> <soa_server1> <[ACTIVE] ExecuteThread: '0' for queue:
      'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1278418405143>
      <WSM-07602> <Failure in WS-Policy Execution due to exception.>
      ####<Jul 6, 2010 5:43:25 PM IST> <Error> <oracle.wsm.resources.enforcement>
      <ejp5356-vm2> <soa_server1> <[ACTIVE] ExecuteThread: '0' for queue:
      'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1278418405144>
      <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security,
      function=agent.function.service, application=soa-infra, composite=SAMLEcho,
      modelObj=SAMLTokenEchoService,
      policy=oracle/wss11_saml_token_with_message_protection_service_policy,
      policyVersion=1,
      assertionName=

      {http://schemas.oracle.com/ws/2006/01/securitypolicy}

      wss11-saml-with-certificates.>
      ####<Jul 6, 2010 5:43:25 PM IST> <Error> <oracle.webservices.service>
      <ejp5356-vm2> <soa_server1> <[ACTIVE] ExecuteThread: '0' for queue:
      'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1278418405171>
      <OWS-04115> <An error occurred for port: FabricProvider:
      oracle.fabric.common.PolicyEnforcementException: FailedCheck : failure in
      security check.>

        Activity

        Hide
        anand_mishra added a comment -

        There is no version entry for 2.0.1.
        I shall be inculding more finer log soon.

        Show
        anand_mishra added a comment - There is no version entry for 2.0.1. I shall be inculding more finer log soon.
        Hide
        sm228678 added a comment -

        this is a bug on oracle side and we had already filed a bug against oracle SOA
        some time back

        Show
        sm228678 added a comment - this is a bug on oracle side and we had already filed a bug against oracle SOA some time back
        Hide
        kumarjayanti added a comment -

        Issue was filed on OWSM. Not a metro bug. Marking the issue as 2.1-waived instead of closing as
        WONTFIX so that it can be tracked by QE

        Show
        kumarjayanti added a comment - Issue was filed on OWSM. Not a metro bug. Marking the issue as 2.1-waived instead of closing as WONTFIX so that it can be tracked by QE
        Hide
        symonchang added a comment -

        Issue was filed on OWSM. This issue is not a metro bug. Marking the issue to 'metro2_3-exclude' as the issue is not valid in context of metro. Need to verify this issue has already been fixed in current release of OWSM.

        Show
        symonchang added a comment - Issue was filed on OWSM. This issue is not a metro bug. Marking the issue to 'metro2_3-exclude' as the issue is not valid in context of metro. Need to verify this issue has already been fixed in current release of OWSM.

          People

          • Assignee:
            symonchang
            Reporter:
            anand_mishra
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: