cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4758) Receive error message when trying to connect to crm 2011 Webservices with https binding - javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message.
Date Wed, 16 Jan 2013 15:00:21 GMT

    [ https://issues.apache.org/jira/browse/CXF-4758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13555097#comment-13555097
] 

Colm O hEigeartaigh commented on CXF-4758:
------------------------------------------


Some questions:

a) What does the CXF request look like?
b) What does the CXF request look like over HTTP?
c) What does the policy of the endpoint look like for HTTP? (if any)

Colm.
                
> Receive error message when trying to connect to crm 2011 Webservices with https binding
- javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the
message.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-4758
>                 URL: https://issues.apache.org/jira/browse/CXF-4758
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.7.2
>         Environment: Windows 7 64 Bit. Java 1.6.37 runtime environment
>            Reporter: Jair Lopes
>            Priority: Critical
>
> I am trying to connect from a Java client with cxf to crm 2011 Web Services(on premise).
When I connected over http everything worked fine. But when I switched to HTTPS(Port 443)I
suddenly got this error:
> FEIN: Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyVerificationInFaultInterceptor@17698cbe
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error occurred when
verifying security for the message.
> 	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:155)
> 	at $Proxy46.create(Unknown Source)
> 	at GetCRm.doIt(GetCRm.java:322)
> 	at RunHttpSpnego.main(RunHttpSpnego.java:20)
> Caused by: org.apache.cxf.binding.soap.SoapFault: An error occurred when verifying security
for the message.
> 	at org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.unmarshalFault(Soap12FaultInInterceptor.java:133)
> 	at org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:59)
> 	at org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:46)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> 	at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:114)
> 	at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
> 	at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> 	at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:800)
> 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1590)
> 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1488)
> 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1307)
> 	at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50)
> 	at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:229)
> 	at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> 	at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622)
> 	at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> 	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> 	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> 	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
> 	... 3 more 
> Against first thoughts, this was not a time issue between the server and client.
> I activated WCF Tracing and got the following error:
> <Exception><ExceptionType>System.ServiceModel.Security.MessageSecurityException,
System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>A
supporting token that satisfies parameters 'System.ServiceModel.Security.Tokens.SspiSecurityTokenParameters:
> InclusionMode: AlwaysToRecipient
> ReferenceStyle: Internal
> RequireDerivedKeys: False
> RequireCancellation: True' and attachment mode 'Endorsing' was not provided.</Message><StackTrace>
  at System.ServiceModel.Security.ReceiveSecurityHeader.VerifySupportingToken(TokenTracker
tracker)
>    at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding
channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
>    at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message&amp;amp;
message, TimeSpan timeout)
>    at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message&amp;amp;
message, TimeSpan timeout)
>    at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message&amp;amp;
message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
>    at System.ServiceModel.Channels.SecurityChannelListener`1.ServerSecurityChannel`1.VerifyIncomingMessage(Message&amp;amp;
message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState)
>    at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityReplyChannel.ProcessReceivedRequest(RequestContext
requestContext, TimeSpan timeout)
>    at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.OnInnerReceiveDone()
>    at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult
result)
>    at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
>    at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
>    at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
>    at System.Runtime.InputQueue`1.Dispatch()
>    at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode,
UInt32 numBytes, NativeOverlapped* nativeOverlapped)
>    at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32
bytesRead, NativeOverlapped* nativeOverlapped)
>    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode,
UInt32 numBytes, NativeOverlapped* pOVERLAP)
> </StackTrace><ExceptionString>System.ServiceModel.Security.MessageSecurityException:
A supporting token that satisfies parameters 'System.ServiceModel.Security.Tokens.SspiSecurityTokenParameters:
> InclusionMode: AlwaysToRecipient
> ReferenceStyle: Internal
> RequireDerivedKeys: False
> RequireCancellation: True' and attachment mode 'Endorsing' was not provided.</ExceptionString></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent><E2ETraceEvent
xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>458802</EventID><Type>3</Type><SubType
Name="Warning">0</SubType><Level>4</Level><TimeCreated SystemTime="2013-01-16T13:55:44.5998534Z"
/><Source Name="System.ServiceModel" /><Correlation ActivityID="{00000000-0000-0000-0000-000000000000}"
/><Execution ProcessName="w3wp" ProcessID="8504" ThreadID="16" /><Channel/><Computer>LOGICALIS-ALT</Computer></System><ApplicationData><TraceData><DataItem><TraceRecord
xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning"><TraceIdentifier>http://msdn.microsoft.com/de-DE/library/System.ServiceModel.Security.SecurityBindingVerifyIncomingMessageFailure.aspx</TraceIdentifier><Description>The
security protocol cannot verify the incoming message.</Description>
> This only happens when trying to connect over HTTPS.
> I connect to my endpoint by using a servicestub generated with WSDL to java. The authentication
policy for the Webservice Looks like this:
> <?xml version="1.0" encoding="utf-8" ?> 
> - <wsdl:definitions targetNamespace="http://schemas.microsoft.com/xrm/2011/Contracts/Services"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://schemas.microsoft.com/xrm/2011/Contracts/Services"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
> - <wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy">
> - <wsp:ExactlyOne>
> - <wsp:All>
> - <ms-xrm:AuthenticationPolicy xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services">
>   <ms-xrm:Authentication>ActiveDirectory</ms-xrm:Authentication> 
>   </ms-xrm:AuthenticationPolicy>
> - <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> - <wsp:Policy>
> - <sp:TransportToken>
> - <wsp:Policy>
>   <sp:HttpsToken RequireClientCertificate="false" /> 
>   </wsp:Policy>
>   </sp:TransportToken>
> - <sp:AlgorithmSuite>
> - <wsp:Policy>
>   <sp:Basic256 /> 
>   </wsp:Policy>
>   </sp:AlgorithmSuite>
> - <sp:Layout>
> - <wsp:Policy>
>   <sp:Strict /> 
>   </wsp:Policy>
>   </sp:Layout>
>   <sp:IncludeTimestamp /> 
>   </wsp:Policy>
>   </sp:TransportBinding>
> - <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> - <wsp:Policy>
> - <sp:SpnegoContextToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
>   <wsp:Policy /> 
>   </sp:SpnegoContextToken>
>   </wsp:Policy>
>   </sp:EndorsingSupportingTokens>
> - <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>   <wsp:Policy /> 
>   </sp:Wss11>
> - <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> - <wsp:Policy>
>   <sp:MustSupportIssuedTokens /> 
>   <sp:RequireClientEntropy /> 
>   <sp:RequireServerEntropy /> 
>   </wsp:Policy>
>   </sp:Trust10>
>   <wsaw:UsingAddressing /> 
>   </wsp:All>
>   </wsp:ExactlyOne>
>   </wsp:Policy>
> The authentication process is handled by Spnego.
> I simply changed the Webservice endpoint for my URL and imported the neccessary certificates
into the respective java certca store
> besides that I didnĀ“t make any changes to the code.
> I have tried for a long time to make it work but without success. Can you guys tell me
more about this?
> Am I missing something in my code that I have to add to make this work?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message