The web service policy is the problem here. You could try adding a security binding in a local policy file, so that CXF gets the information it needs for the outbound request.
Colm. On Mon, Mar 14, 2016 at 11:33 AM, Christian Mokbel <[email protected]> wrote: > I dont control the web service, to be able to modify the wsdl file. > > here are the requirements: > Signing Requirements > The Service Requestor, when producing the SOAP packet, must sign the all > headers and the body using a certificate issued by an issuer approved by > the Ministry of Health and Long-Term Care. > The digital signature will require: > Attribute > Requirement > Key Identifier Type > Binary Security Token Direct Reference > Signature Canonicalization > http://www.w3.org/2001/10/xml-exc-c14n# > Signature Algorithm > One of: > • http://www.w3.org/2000/09/xmldsig#rsa-sha1 > • http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 > • http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 > • http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 > Digest Algorithm > One of: > • http://www.w3.org/2000/09/xmldsig#sha1 > • http://www.w3.org/2001/04/xmldsig-more#sha384 > • http://www.w3.org/2001/04/xmlenc#sha256 > • http://www.w3.org/2001/04/xmlenc#sha512 > > Sample Header provided: > <soapenv:Header> > <ns2:EBS wsu:Id="id-1" xmlns:ns2="http://ebs.health.ontario.ca/"; > > > <SoftwareConformanceKey>444361ee-277f-7732-c684-7a9923jfgh1b</SoftwareConformanceKey> > <AuditId>35870880-3701-47b7-a34d-439ee754d211</AuditId> > </ns2:EBS> > <ns2:IDP wsu:Id="id-2" xmlns:ns2="http://idp.ebs.health.ontario.ca/"; > > <ServiceUserMUID>4523894</ServiceUserMUID> > </ns2:IDP> > <wsse:Security SOAP-ENV:mustUnderstand="1"> > <wsu:Timestamp wsu:Id="id-3"> > <wsu:Created>2012-06-20T17:58:42.580Z</wsu:Created> > <wsu:Expires>2012-06-20T17:59:12.580Z</wsu:Expires> > </wsu:Timestamp> > <wsse:UsernameToken wsu:Id="id-4"> > <wsse:Username>[email protected]</wsse:Username> > <wsse:Password Type="wsse:PasswordText">Cliffsammy12!</wsse:Password> > </wsse:UsernameToken> > <wsse:BinarySecurityToken EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > " > > wsu:Id="X509-02F859690D5C74E20913402151228211">MIICMzCCAZygAwIBAgIET1e+dDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzENMAsGA1UEChMET0hJUDEVMBMGA1UECxMMUmVnaXN0cmF0aW9uMRcwFQYDVQQEw4xNDIuMTQ1LjcwLjE3NzAeFw0xMjAzMDcyMDAwNTJaFw0xMzAzMDcyMDAwNTJaMF4xCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ0wCwYDVQQKEwRPSElMRUwEwYDVQQLEwxSZWdpc3RyYXRpb24xFzAVBgNVBAMTDjE0Mi4xNDUuNzAuMTc3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs/JIP6CE5IkfTnD/c56K+QAYqETdLvW1xXJ6ipkVhjjC2ASKuuH4fvhbyxo2B4VugsL9r4E5jHEKoi+GDKOLlLZRfSy0cB8IcpXonAuGqMzhCoEQ1CdxNb9etMyvQGRKEBgniKKxTvpTyZdpYDi92up5E+FYL3jEejhp+1iDFJQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHn8VZS169BJMa4E6SNLnY7u80zSh90mbrTUWjM1dEicv3jQMMsrWHfoCt+nRSqfNLUTLc8U0LqiB3jnnNJgJt1T7Sp8eUZPdH0gY3i83ZXA8HDFKMZF3qL8I8ncu8FPcZGYBNhYrGjXXsuqXimiTIjxgm06ErRa/51szOFFxWrB</wsse:BinarySecurityToken> > <ds:Signature Id="SIG-6" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > <ds:SignedInfo> > <ds:CanonicalizationMethod Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns > wsdl wsp wsse wsu xs xsi" > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:CanonicalizationMethod> > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; > /> > <ds:Reference URI="#id-1"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces > PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi" > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> > > <ds:DigestValue>gpejbitTQxuMOhUirdbGNtHjsGhAArhAp3ByFuG9cHs=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#id-2"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces > PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi" > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> > > <ds:DigestValue>ZWKvgN+eB0NFmQHPGYN5RoSZzbuboqKLzLcV6PEOz3E=</ds:DigestValue> > </ds:Reference> > Electronic Business Services Sensitivity: Low > Final December 2012 Version 3.0 > Page 35 of 37 > <ds:Reference URI="#id-3"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces > PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse xs xsi" > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> > > <ds:DigestValue>1AvUG2EE6+bgpJBe1TB4teUkKD4lRsw69BozDFQMGGE=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#id-4"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces > PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsu xs xsi" > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> > > <ds:DigestValue>Lw6C0//TpU0uuta+9pjDPfD0aOokdgbVOEM9eaWcGjo=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#id-5"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec sp tns wsdl wsp > wsse wsu xs xsi" > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > /> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> > > <ds:DigestValue>lGKOfXxmbsLds9+tD4eaCObTCdGNXDF/PY9LjDUPl9Y=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > > Yn5iRnjs/T2+nNgW8pArIgqc445RwL2wYPHZaydVJk0oUXV5B4nzU4fgX/sQTcY0O5vuReP8th4QZoGG6tSnxuBfqiDd2rkRZDrdgotJT++WzhMLdt1J0Kah0aZVCWabQrxeGY2N3QDuMWr5PSlm1RWbkA3W5B4YLaD+S/j3QKc= > </ds:SignatureValue> > <ds:KeyInfo Id="KI-02F859690D5C74E20913402151228312"> > <wsse:SecurityTokenReference wsu:Id="STR-02F859690D5C74E20913402151228413"> > <wsse:Reference URI="#X509-02F859690D5C74E20913402151228211" ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > /> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > </wsse:Security> > </soapenv:Header> > > > > > ________________________________________________________________ > > *[image: WinkLogo-128x128-20140429]* > > *Christian Mokbel* > > Founder & CEO > > Wink Technologies Inc. > > 255 Hymus Blvd, Suite 1000, Pointe Claire, Quebec, Canada, H9R 1G6 > > *Office: *+1. 514-447-2057 ext.222 | *Cell.:* +1.514.770.5317 | > *Fax.:* +1.888.764.2470 > > *Toll-Free:* +1.888.764.4318 ext. 222 | *Skype:* chmokbel > > *Email :* *[email protected] <[email protected]>* > > *Web: **www.DownloadWink.com <http://www.downloadwink.com/>* > > > > This e-mail and any attachments may contain confidential information. If > you are not the intended recipient, please notify the sender immediately by > return e-mail, delete this e-mail and destroy any copies. Any dissemination > or use of this information by a person other than the intended recipient is > unauthorized and may be illegal. Wink Technologies reserves the right to > monitor all e-mail communications through its networks for quality control > purposes. > > > > Ce message électronique et les fichiers qui y sont joints peuvent contenir > des renseignements confidentiels. Si vous n’êtes pas le destinataire visé, > veuillez en aviser immédiatement l’expéditeur en répondant à ce message; > effacez ensuite le message et détruisez toute copie. La diffusion ou > l’usage de ces renseignements par une personne autre que le destinataire > visé n’est pas autorisé et peut constituer un acte illégal. Technologies > clin d'oeil se réserve le droit de surveiller toutes les communications > transmises par courrier électronique par l’intermédiaire de ses réseaux à > des fins de contrôle de la qualité. > > On Mon, Mar 14, 2016 at 7:01 AM, Colm O hEigeartaigh <[email protected]> > wrote: > >> It's not enough to have a "SignedParts" policy in the WSDL, you also need >> a >> security binding policy so that CXF knows how to sign the request. >> >> Colm. >> >> On Fri, Mar 11, 2016 at 2:34 PM, chmokbel <[email protected]> wrote: >> >> > I'm trying to use a webservice at >> > https://ws.conf.ebs.health.gov.on.ca:1441/EDTService/EDTService?wsdl >> > >> > The first "Invalid Policy" error i got was caused by requiredParts >> headers >> > with empty namespace. I modified the RequiredPartsBuilder.java to ignore >> > this error. >> > >> > Then i got the following error, which i'm not sure how to handle: >> > >> > Mar 11, 2016 9:29:23 AM >> > org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean >> > buildServiceFromWSDL >> > INFO: Creating Service {http://edt.health.ontario.ca/}EDTService from >> > WSDL: >> > https://ws.conf.ebs.health.gov.on.ca:1441/EDTService/EDTService?wsdl >> > Mar 11, 2016 9:29:24 AM >> > >> > >> org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor >> > handleMessage >> > SEVERE: >> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts >> > assertion cannot be fulfilled without binding. At least one binding >> > assertion (TransportBinding, AsymmetricBinding, SymmetricBinding) must >> be >> > specified in policy. >> > Mar 11, 2016 9:29:24 AM org.apache.cxf.phase.PhaseInterceptorChain >> > doDefaultLogging >> > WARNING: Interceptor for >> > { >> > >> http://edt.health.ontario.ca/}EDTService#{http://edt.health.ontario.ca/}getTypeList >> > has thrown exception, unwinding now >> > org.apache.cxf.ws.policy.PolicyException: Assertion of type >> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts >> > could >> > not be asserted: >> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts >> > assertion cannot be fulfilled without binding. At least one binding >> > assertion (TransportBinding, AsymmetricBinding, SymmetricBinding) must >> be >> > specified in policy. >> > at >> > >> > >> org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:72) >> > at >> > >> > >> org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:72) >> > at >> > >> > >> org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:40) >> > at >> > >> > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) >> > at >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) >> > at >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) >> > at >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) >> > at >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) >> > at >> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) >> > at >> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) >> > at com.sun.proxy.$Proxy41.getTypeList(Unknown Source) >> > at com.pointofviewsoftware.ohip.OHIP.main(OHIP.java:248) >> > >> > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: >> Assertion >> > of type >> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts >> > could >> > not be asserted: >> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts >> > assertion cannot be fulfilled without binding. At least one binding >> > assertion (TransportBinding, AsymmetricBinding, SymmetricBinding) must >> be >> > specified in policy. >> > at >> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161) >> > at com.sun.proxy.$Proxy41.getTypeList(Unknown Source) >> > at com.pointofviewsoftware.ohip.OHIP.main(OHIP.java:248) >> > Caused by: org.apache.cxf.ws.policy.PolicyException: Assertion of type >> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts >> > could >> > not be asserted: >> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts >> > assertion cannot be fulfilled without binding. At least one binding >> > assertion (TransportBinding, AsymmetricBinding, SymmetricBinding) must >> be >> > specified in policy. >> > at >> > >> > >> org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:72) >> > at >> > >> > >> org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor.handleMessage(SecurityVerificationOutInterceptor.java:40) >> > at >> > >> > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) >> > at >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) >> > at >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) >> > at >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) >> > at >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) >> > at >> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) >> > at >> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) >> > ... 2 more >> > >> > >> > >> > -- >> > View this message in context: >> > >> http://cxf.547215.n5.nabble.com/SignedParts-assertion-cannot-be-fulfilled-without-binding-tp5766838.html >> > Sent from the cxf-user mailing list archive at Nabble.com. >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
