Thanks Baskar for your reply. Yes, I have seen posts allude to Axis and xslt, but what I don't understand is that by setting the soap receiver comm. channel checkbox " Select Security Profile" on, the associated Receiver Agreement then has a section of fields open up ("Security Standard", and "....Prodedure") which actually default to the appropriate xsd setting (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd). This almost implies that SAP has in fact integrated in this wss set of values??? If not, then what does this setting actually mean?

Thanks,

Keith

Hi - we have generated the 'correct' soap message now with the wss injected, BUT we are still having an issue whereby the digest I create does not match the vendors, and thus attempting to access their WS is denied. My question now is that given my set-up below, and the fact its supposedly using the following algorithm (as per line 113 of:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf)

Password_Digest = Base64 ( SHA-1 ( nonce + createdTime + password ) )

"That is, concatenate the nonce, creation timestamp, and the password (or shared secret or

password equivalent), digest the combination using the SHA-1 hash algorithm, then include the

Base64 encoding of that result as the password (digest)."

Does anyone see anything I may be missing? Does the password have to be added to the action line? I have tried this and still not the same digest (as the venor's) gets created.

We installed the Apache .jar files (1.5.1, which we may be bumping up to 1.5.4 or higher soon) and I have set up the Axis adpter, Module settings as follows:

Processing Sequence:

1 AF_Adapters/axis/AFAdapterBean Local Enterprise Bean afreq

2 AF_Adapters/axis/HandlerBean Local Enterprise Bean xireq

3 AF_Adapters/axis/HandlerBean Local Enterprise Bean wssec

4 AF_Adapters/axis/HandlerBean Local Enterprise Bean trp

5 AF_Adapters/axis/HandlerBean Local Enterprise Bean xires

6 AF_Adapters/axis/AFAdapterBean Local Enterprise Bean afres

Module Configuration:

trp handler.type java:com.sap.aii.adapter.axis.ra.transport.http.HTTPSender

trp module.pivot true

wssec action UsernameToken Timestamp

wssec addUTElement Nonce Created

wssec handler.type java:com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender

wssec passwordType PasswordDigest

wssec pwd.password <shared secret>

wssec user <username>

xireq handler.type java:com.sap.aii.axis.xi.XI30OutboundHandler

xires handler.type java:com.sap.aii.axis.xi.XI30OutboundHandler

This is all as per Note 1039369 and by viewing other SDN posts.

Thanks,

Keith

Marked this thread as 'Answered'. Our Axis adapter set-up needed the setting

Payload Extraction = SOAP Body Child

set. After setting that, it all worked. The error occurring previously appeared to allude to a ws (pure) security issue, but the reality was that our Axis set-up was fine. The real issue was the xml formation missing the values which the above setting provides.

Thanks,

Keith

Hi Keith/Baskar,

I am doing a similar scenario with username token along with message encryption and signature for wssec.

• Username Token          Base64( SHA1 (Username+Password + Nonce + Time stamp))
• Username 4 digit code used for the consumer application as set up in Planning IT.
• Password Password for consumer application as set up by HP on the server
• Nonce Random number generated for each request by the application server
• Time stamp      Time stamp for each request

I am have deployed and using the axis protocol of soap adapter and configured the modules as shown in attached screen.

It is almost same as you did. But it gives me the below error when I use password Digest.

When I used PasswordText instead of PasswordDigest (Rest all is same), I get the below error,even though I have added it as UsernameToken Timestamp

Error While Sending Message: Additional error text from response: com.sap.engine.interfaces.messaging.api.exception.MessagingException: security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS5327E: A null value is not allowed for the created time of the time stamp. The Application Server expected the wsu:Created element. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@7d5e7d5e

I needed security configuration for encryption and signature as well  for encoding the username token. I have deployed the public provider in trusted CAs and private key pair in the default  key store.But I have still not configured the encryption modules as I wanted to get through this username token issue in the first place.

Please also find attached the security xml the provider is expecting.

Could you please help me here?

Regards,

Mahesh

Hi Mahesh

I also have similar requirement where I need to send synchronous soap request with signature and validate response along with WS Addressing.

Can you please help me how you have acheived WS security - signature and validation using soap axis adapter.

Thanks

Sapna