The message is failing validation against the Basic Security Profile 1.1 spec. The spec states:
R3030 Any BINARY_SECURITY_TOKEN EncodingType attribute MUST have a value of " http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary ". However, in your message a lower case "base64Binary" value is used, which is not correct. You can either fix this in your code or else turn off Basic Security Profile validation. Colm. On Fri, Jul 21, 2017 at 7:08 PM, NicholaiX <[email protected]> wrote: > Hi, > I unfortunately don't know much about SOAP, so I don't know if this is a > "duh" type question. Please forgive in advance! > > I have configured STS and I'm getting a request which is causing an > exception. I am looking for hints or pointers on how to handle this > scenario. > > This is the exception: > > Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R3030: Any > BINARY_SECURITY_TOKEN EncodingType attribute MUST have a value of > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > soap-message-security-1.0#Base64Binary" > > -- > The request I'm receiving is this, which has the EncodingType as the secext > namespace. > > > <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; > xmlns:a="http://www.w3.org/2005/08/addressing"; > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-utility-1.0.xsd" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-secext-1.0.xsd" > xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; > xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization";> > <s:Header> > <a:Action > s:mustUnderstand="1">http://schemas.microsoft.com/windows/ > pki/2009/01/enrollment/RST/wstep</a:Action> > <a:MessageID>urn:uuid:0d5a1441-5891-453b-becf- > a2e5f6ea3749</a:MessageID> > <a:ReplyTo> > <a:Address>http://www.w3.org/2005/08/addressing/anonymous</ > a:Address> > </a:ReplyTo> > <a:To s:mustUnderstand="1">https://localhost:9999/sts</a:To> > <wsse:Security s:mustUnderstand="1"> > <wsse:BinarySecurityToken > ValueType="http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/ > Enrollment/DeviceEnrollmentUserToken" > EncodingType="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary">...token > edited for space...</wsse:BinarySecurityToken> > </wsse:Security> > </s:Header> > <s:Body> > <wst:RequestSecurityToken> > > <wst:TokenType>http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/ > Enrollment/DeviceEnrollmentToken</wst:TokenType> > > <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue > </wst:RequestType> > <wsse:BinarySecurityToken > ValueType="http://schemas.microsoft.com/windows/pki/ > 2009/01/enrollment#PKCS10" > EncodingType="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary">...cert > edited for space...</wsse:BinarySecurityToken> > <ac:AdditionalContext > xmlns="http://schemas.xmlsoap.org/ws/2006/12/authorization";> > <ac:ContextItem Name="TargetedUserLoggedIn"> > <ac:Value>true</ac:Value> > </ac:ContextItem> > > </ac:AdditionalContext> > </wst:RequestSecurityToken> > </s:Body> > </s:Envelope> > > > > > -- > View this message in context: http://cxf.547215.n5.nabble. > com/STS-How-to-handle-BinarySecurityToken-when-it-s- > not-as-expected-tp5782018.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
