I dont control the web service, to be able to modify the wsdl file. here are the requirements: Signing Requirements The Service Requestor, when producing the SOAP packet, must sign the all headers and the body using a certificate issued by an issuer approved by the Ministry of Health and Long-Term Care. The digital signature will require: Attribute Requirement Key Identifier Type Binary Security Token Direct Reference Signature Canonicalization http://www.w3.org/2001/10/xml-exc-c14n# Signature Algorithm One of: • http://www.w3.org/2000/09/xmldsig#rsa-sha1 • http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 • http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 • http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 Digest Algorithm One of: • http://www.w3.org/2000/09/xmldsig#sha1 • http://www.w3.org/2001/04/xmldsig-more#sha384 • http://www.w3.org/2001/04/xmlenc#sha256 • http://www.w3.org/2001/04/xmlenc#sha512
Sample Header provided: <soapenv:Header> <ns2:EBS wsu:Id="id-1" xmlns:ns2="http://ebs.health.ontario.ca/"; > <SoftwareConformanceKey>444361ee-277f-7732-c684-7a9923jfgh1b</SoftwareConformanceKey> <AuditId>35870880-3701-47b7-a34d-439ee754d211</AuditId> </ns2:EBS> <ns2:IDP wsu:Id="id-2" xmlns:ns2="http://idp.ebs.health.ontario.ca/"; > <ServiceUserMUID>4523894</ServiceUserMUID> </ns2:IDP> <wsse:Security SOAP-ENV:mustUnderstand="1"> <wsu:Timestamp wsu:Id="id-3"> <wsu:Created>2012-06-20T17:58:42.580Z</wsu:Created> <wsu:Expires>2012-06-20T17:59:12.580Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken wsu:Id="id-4"> <wsse:Username>[email protected]</wsse:Username> <wsse:Password Type="wsse:PasswordText">Cliffsammy12!</wsse:Password> </wsse:UsernameToken> <wsse:BinarySecurityToken EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 " wsu:Id="X509-02F859690D5C74E20913402151228211">MIICMzCCAZygAwIBAgIET1e+dDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzENMAsGA1UEChMET0hJUDEVMBMGA1UECxMMUmVnaXN0cmF0aW9uMRcwFQYDVQQEw4xNDIuMTQ1LjcwLjE3NzAeFw0xMjAzMDcyMDAwNTJaFw0xMzAzMDcyMDAwNTJaMF4xCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ0wCwYDVQQKEwRPSElMRUwEwYDVQQLEwxSZWdpc3RyYXRpb24xFzAVBgNVBAMTDjE0Mi4xNDUuNzAuMTc3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs/JIP6CE5IkfTnD/c56K+QAYqETdLvW1xXJ6ipkVhjjC2ASKuuH4fvhbyxo2B4VugsL9r4E5jHEKoi+GDKOLlLZRfSy0cB8IcpXonAuGqMzhCoEQ1CdxNb9etMyvQGRKEBgniKKxTvpTyZdpYDi92up5E+FYL3jEejhp+1iDFJQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHn8VZS169BJMa4E6SNLnY7u80zSh90mbrTUWjM1dEicv3jQMMsrWHfoCt+nRSqfNLUTLc8U0LqiB3jnnNJgJt1T7Sp8eUZPdH0gY3i83ZXA8HDFKMZF3qL8I8ncu8FPcZGYBNhYrGjXXsuqXimiTIjxgm06ErRa/51szOFFxWrB</wsse:BinarySecurityToken> <ds:Signature Id="SIG-6" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#id-1"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> <ds:DigestValue>gpejbitTQxuMOhUirdbGNtHjsGhAArhAp3ByFuG9cHs=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-2"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> <ds:DigestValue>ZWKvgN+eB0NFmQHPGYN5RoSZzbuboqKLzLcV6PEOz3E=</ds:DigestValue> </ds:Reference> Electronic Business Services Sensitivity: Low Final December 2012 Version 3.0 Page 35 of 37 <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse xs xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> <ds:DigestValue>1AvUG2EE6+bgpJBe1TB4teUkKD4lRsw69BozDFQMGGE=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsu xs xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> <ds:DigestValue>Lw6C0//TpU0uuta+9pjDPfD0aOokdgbVOEM9eaWcGjo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-5"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec sp tns wsdl wsp wsse wsu xs xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> <ds:DigestValue>lGKOfXxmbsLds9+tD4eaCObTCdGNXDF/PY9LjDUPl9Y=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Yn5iRnjs/T2+nNgW8pArIgqc445RwL2wYPHZaydVJk0oUXV5B4nzU4fgX/sQTcY0O5vuReP8th4QZoGG6tSnxuBfqiDd2rkRZDrdgotJT++WzhMLdt1J0Kah0aZVCWabQrxeGY2N3QDuMWr5PSlm1RWbkA3W5B4YLaD+S/j3QKc= </ds:SignatureValue> <ds:KeyInfo Id="KI-02F859690D5C74E20913402151228312"> <wsse:SecurityTokenReference wsu:Id="STR-02F859690D5C74E20913402151228413"> <wsse:Reference URI="#X509-02F859690D5C74E20913402151228211" ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> ________________________________________________________________ *[image: WinkLogo-128x128-20140429]* *Christian Mokbel* Founder & CEO Wink Technologies Inc. 255 Hymus Blvd, Suite 1000, Pointe Claire, Quebec, Canada, H9R 1G6 *Office: *+1. 514-447-2057 ext.222 | *Cell.:* +1.514.770.5317 | *Fax.:* +1.888.764.2470 *Toll-Free:* +1.888.764.4318 ext. 222 | *Skype:* chmokbel *Email :* *[email protected] <[email protected]>* *Web: **www.DownloadWink.com <http://www.downloadwink.com/>* This e-mail and any attachments may contain confidential information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Wink Technologies reserves the right to monitor all e-mail communications through its networks for quality control purposes. Ce message électronique et les fichiers qui y sont joints peuvent contenir des renseignements confidentiels. Si vous n’êtes pas le destinataire visé, veuillez en aviser immédiatement l’expéditeur en répondant à ce message; effacez ensuite le message et détruisez toute copie. La diffusion ou l’usage de ces renseignements par une personne autre que le destinataire visé n’est pas autorisé et peut constituer un acte illégal. Technologies clin d'oeil se réserve le droit de surveiller toutes les communications transmises par courrier électronique par l’intermédiaire de ses réseaux à des fins de contrôle de la qualité. On Mon, Mar 14, 2016 at 7:01 AM, Colm O hEigeartaigh <[email protected]> wrote: > It's not enough to have a "SignedParts" policy in the WSDL, you also need a > security binding policy so that CXF knows how to sign the request. > > Colm. > > On Fri, Mar 11, 2016 at 2:34 PM, chmokbel <[email protected]> wrote: > > > I'm trying to use a webservice at > > https://ws.conf.ebs.health.gov.on.ca:1441/EDTService/EDTService?wsdl > > > > The first "Invalid Policy" error i got was caused by requiredParts > headers > > with empty namespace. I modified the RequiredPartsBuilder.java to ignore > > this error. > > > > Then i got the following error, which i'm not sure how to handle: > > > > Mar 11, 2016 9:29:23 AM > > org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean > > buildServiceFromWSDL > > INFO: Creating Service {http://edt.health.ontario.ca/}EDTService from > > WSDL: > > https://ws.conf.ebs.health.gov.on.ca:1441/EDTService/EDTService?wsdl > > Mar 11, 2016 9:29:24 AM > > > > > org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor > > handleMessage > > SEVERE: > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts > > assertion cannot be fulfilled without binding. At least one binding > > assertion (TransportBinding, AsymmetricBinding, SymmetricBinding) must be > > specified in policy. > > Mar 11, 2016 9:29:24 AM org.apache.cxf.phase.PhaseInterceptorChain > > doDefaultLogging > > WARNING: Interceptor for > > { > > > http://edt.health.ontario.ca/}EDTService#{http://edt.health.ontario.ca/}getTypeList > > has thrown exception, unwinding now > > org.apache.cxf.ws.policy.PolicyException: Assertion of type > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts > > could > > not be asserted: > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts > > assertion cannot be fulfilled without binding. At least one binding > > assertion (TransportBinding, AsymmetricBinding, SymmetricBinding) must be > > specified in policy. > > at > > > > > org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:72) > > at > > > > > org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:72) > > at > > > > > org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:40) > > at > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > > at > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > > at > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) > > at com.sun.proxy.$Proxy41.getTypeList(Unknown Source) > > at com.pointofviewsoftware.ohip.OHIP.main(OHIP.java:248) > > > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: > Assertion > > of type > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts > > could > > not be asserted: > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts > > assertion cannot be fulfilled without binding. At least one binding > > assertion (TransportBinding, AsymmetricBinding, SymmetricBinding) must be > > specified in policy. > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161) > > at com.sun.proxy.$Proxy41.getTypeList(Unknown Source) > > at com.pointofviewsoftware.ohip.OHIP.main(OHIP.java:248) > > Caused by: org.apache.cxf.ws.policy.PolicyException: Assertion of type > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts > > could > > not be asserted: > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts > > assertion cannot be fulfilled without binding. At least one binding > > assertion (TransportBinding, AsymmetricBinding, SymmetricBinding) must be > > specified in policy. > > at > > > > > org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:72) > > at > > > > > org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:40) > > at > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > > at > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > > at > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) > > ... 2 more > > > > > > > > -- > > View this message in context: > > > http://cxf.547215.n5.nabble.com/SignedParts-assertion-cannot-be-fulfilled-without-binding-tp5766838.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
