You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2013/01/16 16:00:21 UTC
[jira] [Commented] (CXF-4758) Receive error message when trying to
connect to crm 2011 Webservices with https binding -
javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying
security for the message.
[ https://issues.apache.org/jira/browse/CXF-4758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13555097#comment-13555097 ]
Colm O hEigeartaigh commented on CXF-4758:
------------------------------------------
Some questions:
a) What does the CXF request look like?
b) What does the CXF request look like over HTTP?
c) What does the policy of the endpoint look like for HTTP? (if any)
Colm.
> Receive error message when trying to connect to crm 2011 Webservices with https binding - javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-4758
> URL: https://issues.apache.org/jira/browse/CXF-4758
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.7.2
> Environment: Windows 7 64 Bit. Java 1.6.37 runtime environment
> Reporter: Jair Lopes
> Priority: Critical
>
> I am trying to connect from a Java client with cxf to crm 2011 Web Services(on premise). When I connected over http everything worked fine. But when I switched to HTTPS(Port 443)I suddenly got this error:
> FEIN: Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyVerificationInFaultInterceptor@17698cbe
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message.
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:155)
> at $Proxy46.create(Unknown Source)
> at GetCRm.doIt(GetCRm.java:322)
> at RunHttpSpnego.main(RunHttpSpnego.java:20)
> Caused by: org.apache.cxf.binding.soap.SoapFault: An error occurred when verifying security for the message.
> at org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.unmarshalFault(Soap12FaultInInterceptor.java:133)
> at org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:59)
> at org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:46)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:114)
> at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
> at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:800)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1590)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1488)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1307)
> at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50)
> at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:229)
> at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622)
> at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
> ... 3 more
> Against first thoughts, this was not a time issue between the server and client.
> I activated WCF Tracing and got the following error:
> <Exception><ExceptionType>System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>A supporting token that satisfies parameters 'System.ServiceModel.Security.Tokens.SspiSecurityTokenParameters:
> InclusionMode: AlwaysToRecipient
> ReferenceStyle: Internal
> RequireDerivedKeys: False
> RequireCancellation: True' and attachment mode 'Endorsing' was not provided.</Message><StackTrace> at System.ServiceModel.Security.ReceiveSecurityHeader.VerifySupportingToken(TokenTracker tracker)
> at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
> at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message&amp; message, TimeSpan timeout)
> at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout)
> at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
> at System.ServiceModel.Channels.SecurityChannelListener`1.ServerSecurityChannel`1.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState)
> at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityReplyChannel.ProcessReceivedRequest(RequestContext requestContext, TimeSpan timeout)
> at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.OnInnerReceiveDone()
> at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult result)
> at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
> at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
> at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
> at System.Runtime.InputQueue`1.Dispatch()
> at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
> at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
> at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
> </StackTrace><ExceptionString>System.ServiceModel.Security.MessageSecurityException: A supporting token that satisfies parameters 'System.ServiceModel.Security.Tokens.SspiSecurityTokenParameters:
> InclusionMode: AlwaysToRecipient
> ReferenceStyle: Internal
> RequireDerivedKeys: False
> RequireCancellation: True' and attachment mode 'Endorsing' was not provided.</ExceptionString></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent><E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>458802</EventID><Type>3</Type><SubType Name="Warning">0</SubType><Level>4</Level><TimeCreated SystemTime="2013-01-16T13:55:44.5998534Z" /><Source Name="System.ServiceModel" /><Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /><Execution ProcessName="w3wp" ProcessID="8504" ThreadID="16" /><Channel/><Computer>LOGICALIS-ALT</Computer></System><ApplicationData><TraceData><DataItem><TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning"><TraceIdentifier>http://msdn.microsoft.com/de-DE/library/System.ServiceModel.Security.SecurityBindingVerifyIncomingMessageFailure.aspx</TraceIdentifier><Description>The security protocol cannot verify the incoming message.</Description>
> This only happens when trying to connect over HTTPS.
> I connect to my endpoint by using a servicestub generated with WSDL to java. The authentication policy for the Webservice Looks like this:
> <?xml version="1.0" encoding="utf-8" ?>
> - <wsdl:definitions targetNamespace="http://schemas.microsoft.com/xrm/2011/Contracts/Services" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://schemas.microsoft.com/xrm/2011/Contracts/Services" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
> - <wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy">
> - <wsp:ExactlyOne>
> - <wsp:All>
> - <ms-xrm:AuthenticationPolicy xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services">
> <ms-xrm:Authentication>ActiveDirectory</ms-xrm:Authentication>
> </ms-xrm:AuthenticationPolicy>
> - <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> - <wsp:Policy>
> - <sp:TransportToken>
> - <wsp:Policy>
> <sp:HttpsToken RequireClientCertificate="false" />
> </wsp:Policy>
> </sp:TransportToken>
> - <sp:AlgorithmSuite>
> - <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> - <sp:Layout>
> - <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> </wsp:Policy>
> </sp:TransportBinding>
> - <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> - <wsp:Policy>
> - <sp:SpnegoContextToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy />
> </sp:SpnegoContextToken>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> - <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy />
> </sp:Wss11>
> - <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> - <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing />
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> The authentication process is handled by Spnego.
> I simply changed the Webservice endpoint for my URL and imported the neccessary certificates into the respective java certca store
> besides that I didnĀ“t make any changes to the code.
> I have tried for a long time to make it work but without success. Can you guys tell me more about this?
> Am I missing something in my code that I have to add to make this work?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira