Skip to Content

Connecting SuccessFactors APIs using WCF .NET (C#)

Dec 10, 2017 at 12:18 PM


avatar image

Dear All,

I'm struggling to integrate with SuccessFactors API using WCF in .NET.
I need to encrypt and sign the body of the message. Here is how I set it up in SOAPUI:

1. I'm provided with JKS keystore that contains two certficates: public and keypair:

2. I import keystore to SOAPUI

3. Configure Outgoing security for Signature and Encryption

4. Configure Incoming security

5. Setup security for request:

Launching the request responds correctly.

Now I setup the same in WCF .NET by Adding Service Reference which creates proxy classes.

Using Keystore Explorer I export both certificates from JKS as:


I setup my config as below:

<binding name="Example_TestBinding">
<security defaultAlgorithmSuite="TripleDesRsa15" authenticationMode="MutualCertificate" requireDerivedKeys="false" includeTimestamp="false" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" requireSignatureConfirmation="false"> <localClientSettings detectReplays="true"/> <localServiceSettings detectReplays="true"/> </security>
<textMessageEncoding messageVersion="Soap11"/>
<httpsTransport authenticationScheme="Basic" manualAddressing="false" maxReceivedMessageSize="524288000" transferMode="Buffered"/>
<endpoint address="" binding="customBinding" bindingConfiguration="Example_TestBinding" contract="WebServiceTest.Example_Test" name="Example_Test"/> </client>

and calling the service:

string certServicePath = @"public_test_hci_cert.cer";
string certClientPath = @"test_soap_ui.p12";
string certPass = @"pass";
var client = new Example_TestClient();

X509Certificate2 certClient = new X509Certificate2(certClientPath, certClientPassword);
client.ClientCredentials.ClientCertificate.Certificate = certClient;

X509Certificate2 certService = new X509Certificate2(certServicePath);
client.ClientCredentials.ServiceCertificate.DefaultCertificate = certService;

var response = client.Example_Test(requestObj);

When running this example posted request arrives to the web service correctly. However, WCF doesn't seem to understand the response and therefore is unable to decrypt it.

"TheEncryptedKey clause was not wrapped with the required 
encryption token 'System.IdentityModel.Tokens.X509SecurityToken'."
at System.ServiceModel.Security.WSSecurityJan2004.WrappedKeyTokenEntry.CreateWrappedKeyToken(String id,String encryptionMethod,String carriedKeyName,SecurityKeyIdentifier unwrappingTokenIdentifier,Byte[] wrappedKey,SecurityTokenResolver tokenResolver)\r\n ...

The WCF Tracelog doesn't give more info than:

The security protocol cannot verify the incoming message

Anyone is having similar issue?


01.png (17.6 kB)
02.png (10.9 kB)
03.png (33.3 kB)
04.png (36.3 kB)
05.png (10.2 kB)
06.png (30.7 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers