none
How to consume a secured WCF service with security TransportWithMessageCredentials from Java client? RRS feed

  • Question

  • We have developed a service and deployed it in behind a load balancer with HTTPS and TransportWithMessageCredentials configured. We can consume the service from .NET clients. But when we try to consume the same from a Java client we get exception.

     

    AxisFault faultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurity faultSubcode: faultString: An error occurred when verifying security for the message. faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:An error occurred when verifying security for the message

     

     

    What configuration, if any, is required in the Java Client?

    Monday, August 22, 2011 11:50 AM

All replies

  • Axis supports WS-Security out-of -box, take a look at this blog post for information.

    Cheers,

    Bali


    --------------------------------------
    Mark As Answer or Vote As Helpful if this helps.
    Monday, August 22, 2011 11:58 AM
  • Downgrade to basic binding to determine if your binding is the problem. Everything works with basic. If you can't connect on basic, you have other issues that you need to resolve. If it does, you can change back to your axis binding knowing that it is possibly a configuration issue with axis.

    DPS Bali indicates that axis supports WS-* however, I know that java only supports SOAP 1.1 which is available only on basic binding. Java does not support SOAP 1.2 which is available on other bindings. It's something to keep in mind.


    Alvin Bruney ASP.NET MVP www.lulu.com/owc
    Tuesday, August 23, 2011 5:01 PM
  • Hi Alvin,

    We are using BasicHttpBinding only. Without https and security it is working fine. The moment we introduce security mode = TransportWithMessageCredential and ClientCredentialType="Windows" we start getting the exception

    An error occurred when verifying security for the message

     

     

    Wednesday, August 24, 2011 8:37 AM
  •  

    Update: The windows authentication has been removed and custom authentication is used. However, we are still getting the same error.

    Here is the service behavior

    Note: Names changed for privacy.

                    <behavior name="MyServiceBehavior">

              <dataContractSerializer maxItemsInObjectGraph="2147483646" />

              <serviceMetadata httpGetEnabled="true" />

              <serviceDebug includeExceptionDetailInFaults="true" />

              <serviceCredentials>

                <userNameAuthentication userNamePasswordValidationMode="Custom"

                  customUserNamePasswordValidatorType="MyUsernameValidator, MyCommonFramework" />

              </serviceCredentials>

              <useRequestHeadersForMetadataAddress>

                <defaultPorts>

                  <add scheme="http" port="80"/>

                  <add scheme="https" port="443"/>

                </defaultPorts>

              </useRequestHeadersForMetadataAddress>

            </behavior>

     

    Monday, September 5, 2011 12:58 PM
  • Transportwithmessage requires authentication, it won't work any other way. Verify that your custom authentication is working correctly and that your identities have the required permissions.

    One more tick up my sleeve. Have you tried mapping the certificates to windows accounts? For that, you'll need to enable WCF to use client certificate mapping.

    If you've done all this, it's time to enable verbose logging on WCF to flush out the error. http://blogs.msdn.com/b/madhuponduru/archive/2006/05/18/601458.aspx


    Alvin Bruney ASP.NET MVP www.lulu.com/owc
    Wednesday, September 7, 2011 5:56 PM
  • I am seeing the same error message. Did you find the solution?
    Thursday, April 12, 2012 6:06 PM