It took me quite a bit of trial and error to figure out what went where in SoapUi. I find their documentation to be lacking.
I'll just tell you how I have it set up in the hope that it helps: a) Under Keystores you have the path to the keystore that contains your client public and private key. Password is the keystore password. The default client alias in the keystore, then the password for the private key. b) Under Truststores you have the path to the keystore that contains the public cert of the server. The Password is the truststore password. I left the default alias and password blank. c) Under "Incoming" the "Decrypt" keystore is the path to the keystore (a). The "Signature" is (b). The password is for the keystore. d) Under "Outgoing" the default alias is the alias for your client key in (a). If you have a signature action set up, the Keystore specified will be (a). The "alias" and "password" will be the alias for the client private key. Now to associate these configurations with SoapUi requests, there are several places to do this. You can do it globally for a particular service endpoint by double clicking on the green hourglass for the interface in the tree. In the window that comes up, select the "Service Endpoints" tab. Put the outgoing and incoming ws-configurations there, and they will apply to all operations. Or, for each request, you double click to open the request window. In the bottom left there is a menu for "Authentication and Security related settings". You can specify your incoming and outgoing profile there. You can also right click directly in the window where your request xml appears, select the "Outgoing WSS" from the context menu and then either "Apply" or "Remove All". So, it sounds like SoapUi is not finding the "Incoming" ws configuration, or your truststore. When you get the response back, look in the bottom of that window and there is the WSS log. Click on it and you should see "WS-Security processing results" there that will help you debug your problem. If I had to guess, you might have the keystore and truststore switched around in (c). Also, SoapUi caches things up. I found it difficult to trust it, so when I made changes to WS-Security configuration in SoapUi, I often closed the project and opened it back up to make sure it was using my latest changes. Hope this helped. -- Andy -----Original Message----- From: Paul Avijit [mailto:[email protected]] Sent: Monday, April 21, 2014 5:36 PM To: [email protected] Subject: CXF (WS-Security) + SoapUI Hi, I have a Web service implemented using CXF which is secured with WS-Security (X.509 Encryption). I have tested it successfully using a CXF client. I have configured WS-Security in SoapUI. But when I test using SoapUI I get the following error: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid All configuration that I have done in CXF client is present in SoapUI. I could not find in SoapUI the equivalent of the following configuration (constructor argument of WSS4JOutInterceptor) that I have in CXF client, which is resulting in the error. I know it is this configuration as when I delete this configuration from the CXF client I get the same error. <entry key="encryptionUser" value="myservicekey"/> Can anyone please let me know how to test this using SoapUI. Thanks in advance for the help to CXF experts in this mailing list. Regards Paul
