WCF service does not understand SOAP 'Security' header
-
Thursday, August 05, 2010 9:32 PM
Hi,
I have a WCF client that makes a request for a SAML 1.1 token from a Security Token Service (STS). Once my client receives that token, it forwards it to the WCF service I am trying to invoke. However, once the service receives the message, I'm getting the error:
"The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not understood by the recipient of this message, causing the message to not be processed."Is there something I have to configure on the WCF Service side so it will be able to understand and process the SOAP security headers?
All Replies
-
Thursday, August 05, 2010 11:20 PM
It depends what you want to do. If you want the server to actually understand the SAML, verify its signature, expose it to you in the security API and etc you need to configure a security element in its binding.
If you wish none of that I believe you can write a message inspector on the server side to mark the security header as understood (so exception is not thrown), not sure about the details.
http://webservices20.blogspot.com/
WCF Security, Performance And Testing Blog- Marked As Answer by Mog LiangModerator Friday, August 13, 2010 6:04 AM
-
Thursday, August 05, 2010 11:23 PM
It depends what you want to do. If you want the server to actually understand the SAML, verify its signature, expose it to you in the security API etc. you need to configure a security element in the server binding.
If you wish none of that I believe you can write a message inspector on the server side to mark the security header as understood (so exception is not thrown), not sure about the details.
http://webservices20.blogspot.com/
WCF Security, Performance And Testing Blog
