Protecting my SOAP Resource with WS-Security, I get the error Signature-0 was not accepted
search cancel

Protecting my SOAP Resource with WS-Security, I get the error Signature-0 was not accepted

book

Article ID: 4400

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

  I Configure WSS service to handle WS-security enveloppes when protecting
  the soap resource /myservice/services/OpenSecWebService/serviceWSS, the
  service fails and I'd like to know what means the error seen :

  Trying to resolve id: #id-6B4F79D3E5B3A12A5E147248702585410
  Found nodeElem http://schemas.xmlsoap.org/soap/envelope/:Body
  Check if Timestamp covered by header or Envelope? signedElem=4signatureType=-124
  SM_WSC_00629 - Unspecified acceptance error.
  SM_WSC_00624 - Signature-0 was not accepted.
  SM_WSC_00909 - Failed to validate signature
  dispatch request failed.

Environment

WSS Agent 12.52SP1CR04 64bit on Apache 2.4 on RedHat 6 64bit; Policy Server 12.52SP1CR04 on RedHat 6 64bit;

Cause

  In the XML Signature Restrictions pane, you need to select :

  Must Cover Body of Message
  Require Signature over wsu:Timestamp Element

  as per documentation :

  "If the authentication scheme is configured to require the
  timestamp element, the digital signature must cover that timestamp."

  https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/web-services-security-wss-configuration/configure-authentication-schemes-to-verify-user-identities-obtained-from-web-service-requests/ws-security-authentication-introduced

Resolution

  Configuring the SOAP signature restriction in the pane

    "XML Signature Restrictions"

  by selecting these options :

    Must Cover Body of Message
    Require Signature over wsu:Timestamp Element

  it solves the issue.

Additional Information

N/A

Powered by Wolken Software