none
Multiple security elements in Header RRS feed

  • Question

  • I'm receiving the following header element on message fault:

     

    <s:Header>
      <oTongue Tiedecurity
       s:mustUnderstand="1"
        xmlnsSurprise="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
       <u:Timestamp
       u:Id="_0">
        <u:Created>2007-08-09T22:06:42.124Z</u:Created>
        <u:Expires>2007-08-09T22:11:42.124Z</u:Expires>
       </u:Timestamp>
      </oTongue Tiedecurity>
      <oTongue Tiedecurity
       s:mustUnderstand="1"
        xmlnsSurprise="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
       <u:Timestamp
        u:Id="_0">
        <u:Created>2007-08-09T22:06:42.623Z</u:Created>
        <u:Expires>2007-08-09T22:11:42.623Z</u:Expires>
       </u:Timestamp>
      </oTongue Tiedecurity>
     </s:Header>

     

    Should it have two security elements in the header? If so, should the Id attributes be unique instead of both being "_0"? I only have one security element on a succesful response.

     

    Thanks,

     

    James

    Thursday, August 9, 2007 10:14 PM

Answers

  • Hello Pablo,

     

         I have figured out the issue. WCF was actually returning the two security elements as described. What was happening was one WCF service called another WCF service and the second one returned a messagefault and the first one saw it was a fault so just returned that fault as well, so when the fault was returned the first service added another security header to the message.

     

    Thanks for replying,

     

    James

    Friday, August 10, 2007 9:05 PM

All replies

  • Hi James,

     

    Is WCF returning such message ?. That soap message is not valid, only one security element with default actor should exist. A soap message can contain different security elements, but each element should be identified by a different actor (Actor attribute), which represents the intermediary entity that should process the header. 

    When a header does not contain an Actor attribute, it is considered as a header with default actor (Any intermediate can process it, usually the first).

     

    Regards,

    Pablo.

     

    Friday, August 10, 2007 3:29 PM
  • Hello Pablo,

     

         I have figured out the issue. WCF was actually returning the two security elements as described. What was happening was one WCF service called another WCF service and the second one returned a messagefault and the first one saw it was a fault so just returned that fault as well, so when the fault was returned the first service added another security header to the message.

     

    Thanks for replying,

     

    James

    Friday, August 10, 2007 9:05 PM