This discussion is archived
8 Replies Latest reply: Dec 4, 2012 3:19 AM by Anuj Dwivedi RSS

B2B-51924:  Message failed the security check - Message signing failure

sam.pipe Newbie
Currently Being Moderated
Hi,

Hoping there may be some assitance out there to suggest some other ways of problem solving this issue.

Summary:

- B2B 11.1.1.5 (lets call it HOST1)
- One trading partner (lets call them TP1) that use Websphere Partner Gateway as their B2B.
- all ebXML messages are signed and sent over HTTPS in a ASYNC pattern.
- no acknowledgement signing.
- Configured in line with http://anuj-dwivedi.blogspot.co.nz/2011/04/implementing-message-security-in-oracle.html

Issue:

- OUTBOUND messages from HOST1 --> TP1 with an acknolledgement back to HOST1 work correctly.
- INBOUND messages from TP1 --> HOST1 fail with a _"B2B-51924: Message failed the security check"_ error

This points to the certificates of TP1 not being loaded into the keystore correctly, but this has been validated and public cert and intermediate certs are all loaded correctly.

Steps I have done:

- I have an SR open with Oracle currectly.
- I have set up an additional Internal Oracle B2B environment as a second trading partner (say TP2) and confirmed that INBOUND and OUTBOUND work correctly. i.e. oracle to oracle, with signing of the messages with different self-signed certficates for HOST1 and TP2.
- I have up'ed the log level using -Dweblogic.StdoutDebugEnabled=true, -Dssl.debug=true, -Dweblogic.security.SSL.verbose=true, -Djavax.net.debug=all to see if there are any pointers to why it is failing. No obvious pointers.
- Validated that exactly the same wire message is being seen leaving TP1 as we see on the B2B HOST1, as this message goes via FW's/content switch and an XML firewall. These are the same.

So ultimately there seems to be an issue between Websphere Partner Gateway (WPG) and Oracle B2B with message siging that I can't get to the bottom of.

Questions:

- Does anyone know of any systems (WPG to Oracle B2B) with message signing that exist currently?
- Are they any other debug/test type senarios that you could suggest that I could try to either 1) get additional information out of the system to point to the issue, or 2) fix it? ;-)

Any pointers would be much appreciated.

Sam
  • 1. Re: B2B-51924:  Message failed the security check - Message signing failure
    Anuj Dwivedi Guru
    Currently Being Moderated
    Sam,
    Does anyone know of any systems (WPG to Oracle B2B) with message signing that exist currently?
    Yes, I am aware about couple of such integrations (taking care of one of them as of now :) )
    INBOUND messages from TP1 --> HOST1 fail with a "B2B-51924: Message failed the security check" error
    I would like to review the log (generated in TRACE32 mode) so you may consider forwarding the same to my id. If partner is expecting signed ack then you have add a channel in the inbound agreement which should let B2B know that which certificate should be used for signing. Also try to test with different certificates (to make sure that issue is not with TO cert) and on different environments (to make sure that it is not an env issue)

    If you still do not get a clue then configuration and wire message being sent by TP, should be reviewed. I would also like to know the Oracle SR number.

    Regards,
    Anuj
  • 2. Re: B2B-51924:  Message failed the security check - Message signing failure
    sam.pipe Newbie
    Currently Being Moderated
    Thanks Anuj,

    Really appeciate the input. You seem to be the guru of this area by the looks of the forum ;-)

    1. Glad to know there are implementations out there between oracle and WPG.

    2. The SR number is: SR 3-6300448771 : SOA Signing of B2B message fails - B2B-51924: Message failed the security check. I'll forward exactly what I attached to the SR for your refererence just incase you cannot see the SR.

    3. The partner is not expecting a signed ack. Ack's are unsigned, but as the message fails a security check, HOST1 (our oracle b2b) does not even get to sending this ack back to TP1.

    4. I am meeting with the TP today so will suggest trying some different certs.

    I'll flick you an email with the details..

    Thanks!,
    Sam
  • 3. Re: B2B-51924:  Message failed the security check - Message signing failure
    Anuj Dwivedi Guru
    Currently Being Moderated
    Sam,

    As suggested earlier, please test with different certs and on different environments and if still you face the issue then enable the B2B logging in TRACE:32 mode, run a test again and mail me the log file (soa-diagnostic log).
    You seem to be the guru of this area by the looks of the forum
    I do not consider myself a guru as I think few thousand posts or few hundred points do not make anyone Guru. I am just a novice user of this product. :)

    Regards,
    Anuj
  • 4. Re: B2B-51924:  Message failed the security check - Message signing failure
    sam.pipe Newbie
    Currently Being Moderated
    Hi Anuj,

    Unfortunately the TP has said we don't have option to test with a different certificate as they only have one environment that is externally accessable and it already has customers using these certs... I'm not convinced but am hitting a dead end down that road...

    I have been able to test the enviornment as follows:
    - Set up a second oracle B2B enviornment (lets call it TP2)
    - create another set of self signed certs (unrelated to the host certs).
    - in the HOST1 envionment, load the TP2 public cert and configure TP2 channel with message signing on.... and vise versa in the TP2..

    This basically places a B2B in the same place as what TP1 is.. I've been able to prove that INBOUND and OUTBOUND works and i;m loading the certs in the correct manner. I would upload a picture of this but there doesn't seem to be a way ;-)

    The SR has been updated with a lot of information... it has gone to development for assistance now.

    SR 3-6300448771 : SOA Signing of B2B message fails - B2B-51924: Message failed the security check

    Thanks,
  • 5. Re: B2B-51924:  Message failed the security check - Message signing failure
    Anuj Dwivedi Guru
    Currently Being Moderated
    Hi Sam,

    I think now you have no option other than waiting for development to confirm whether it is really a bug with Oracle B2B. It may be an interoperability issue or an issue with WPG itself.

    Regards,
    Anuj
  • 6. Re: B2B-51924:  Message failed the security check - Message signing failure
    sam.pipe Newbie
    Currently Being Moderated
    Thanks Anuj... appreciate the help anyway.. Will keep pushing the SR through.

    Sam
  • 7. Re: B2B-51924:  Message failed the security check - Message signing failure
    sam.pipe Newbie
    Currently Being Moderated
    Hi Anuj, all,

    We have been through the SR process and oracle released Patch.14842816 to correct this bug. More details are below just in case others have this issue.

    SR 3-6300448771 : SOA Signing of B2B message fails - B2B-51924: Message failed the security check
    Bug 14826721 : SOA SIGNING OF B2B MESSAGE FAILS - B2B-51924: MESSAGE FAILED THE SECURITY CHECK
    Bug 14842816 : XML SIGNATURE VERIFICATION FAILURE FOR ALL EBMS MESSAGES
    Patch 14842816: XML SIGNATURE VERIFICATION FAILURE FOR ALL EBMS MESSAGES

    Took a while but we got there in the end.

    Thanks for your help.

    Sam
  • 8. Re: B2B-51924:  Message failed the security check - Message signing failure
    Anuj Dwivedi Guru
    Currently Being Moderated
    Thanks Sam for sharing this info with us.

    Regards,
    Anuj

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points