Hello together,
XI7.0 calls an external webservice using SOAP. The communication runs successfully without any warning. But! The messages must be singed and encrypted.
Iu2019ve configured signature authentication. The signed messages can not being processed by external web service. The error is:
<faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:SecurityTokenUnavailable</faultcode>
<faultstring>Referenced security token could not be retrieved (Reference "#sap-23")
The output of SOAP Adapter contains 3 BinarySecurtyToken blocks, which are similar! But only one of it has SignatureValues. I mean it can be reason of the error.
My question is:
Is it possible that Security Tag has more then one BinarySecurityToken? The message is signed with PKCS#12 key, which contains 3 certificate chains. But If I take another private key without any certificate chain (self-signed) I have the same problem: 3 Binary SecurityToken.
So the question: How many Token are possible within Security Tag?? Why? If not what have I to`do?
Here is an outout of SOAP Adapter.
<SOAP:Header>
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' SOAP:mustUnderstand='1'>
<wsse:BinarySecurityToken xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='sap-3' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>SIGNATURE </wsse:BinarySecurityToken>
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>
<ds:Reference URI='#wsuid-body-51cf5350-ab2e-11dd-9ef0-00144fa86689'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>
<ds:DigestValue>E99gPpCexjdz7tk+wWp92r4DYNA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SIGNATURE VALUE </ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI='#sap-23'/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='sap-23' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'> SIGNATURE</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='sap-23' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>SIGNATURE </wsse:BinarySecurityToken>
</wsse:Security>
</SOAP:Header>
<SOAP:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='wsuid-body-51cf5350-ab2e-11dd-9ef0-00144fa86689'>
<ns1:Request xmlns:ns1='http://blabla.com /'>
<a></a>
</ns1: Request>
</SOAP:Body>
</SOAP:Envelope>
If anybody has done it have an idea how to do it please let me know.
Thank you!! Anna