1 Reply Latest reply: May 20, 2013 4:25 PM by 655264 RSS

    InvalidSecurity Error while accessing Webservice

    1008835
      Hi,

      I am getting an "*InvalidSecurity*" error while accessing webservice.

      Below is the error, which I got while invoking the webservice :

      <env:Envelope
      xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
      <env:Header/>
      <env:Body>
      <env:Fault
      xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <faultcode>ns0:InvalidSecurity</faultcode>
      <faultstring>InvalidSecurity : error in processing the WS-Security security header</faultstring>
      <faultactor/>
      </env:Fault>
      </env:Body>
      </env:Envelope>


      Thanks
      Abheek

      Edited by: 1005832 on May 14, 2013 6:16 AM
        • 1. Re: InvalidSecurity Error while accessing Webservice
          655264
          The error was generated on the endpoint and indicates that the SOAP request message had incorrect WS-Security information in its headers. The SOAP response message you included doesn't contain specific information about what is wrong (we wouldn't want to reveal too much to hackers, of course!).

          Without seeing the SOAP request message and the WS-SecurityPolicy that the endpoint requires, it's impossible to tell what's wrong.
          Other important information:
          - what version of WLS are you running?
          - is the endpoint a WLS JAX-WS or a WLS JAX-RPC web service?
          - is WS-Security configured using native WLS WS-Security (e.g. @Policy) or using OWSM WS-Security (i.e. @SecurityPolicy)?
          - what specific policy is being used to enforce security at the endpoint (the advertised WSDL for the endpoint should contain this)