Friday, August 17, 2012

InvalidSecurity : error in processing the WS-Security security header

Problem:

When invoking a SOA Suite 11g composite, I get the following response:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
   <env:Header/>
   <env:Body>
      <env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <faultcode>ns0:InvalidSecurity</faultcode>
         <faultstring>InvalidSecurity : error in processing the WS-Security security header</faultstring>
         <faultactor/>
      </env:Fault>
   </env:Body>
</env:Envelope>

Analysis:

The service being invoked included the string "ABCS" in the service name (e.g., HelloWorldABCSRequestor). This is to conform to AIA Foundation Pack naming conventions. When AIA Foundation Pack is installed, it deployed multiple policies and policy sets.

Certain policy sets, as shown below, may apply to your services.


If you edit AIA_ABCS_WSClientPolicySet, it applies to any SOA composite name with the string "ABCS" in it.

It's these policy sets that are enforcing security on your service, even though the service does not have an OWSM policy explicitly attached to it.


Solution:

To disable these relevant AIA OWSM 11g policy sets:

1. Log in to EM console (e.g., http://host:7001/em)

2. Navigate to Farm_soa_domain > WebLogic Domain > (right-click on) soa_domain > Web Services > Policy Sets

3. For each of these policy sets:
  • AIA_ABCS_WSClientPolicySet
  • AIA_ABCS_WSServicePolicySet
4. Click on "Edit"

5. Uncheck the "Enabled" checkbox

6. For the resource scope, make the following change for "SOA Composite Name":
*ABCS*        <-- old
*NotABCS*  <-- new
7. Click Next > Next > Save

8. This usually takes effect within 1-5 minutes.



Applicable Versions:
  • Oracle SOA Suite 11g (11.1.1.4+)
  • Oracle AIA Foundation Pack 11g (11.1.1.4+)

Ahmed Aboulnaga

3 comments:

Anonymous said...

HI Ahmed,
cannot we use a username and password to get ride of it. Is it necessary we uncheck and apply the settings to weblogic??? If user/pwd is it same as that of weblogic and weblogic password????

bhushan said...

Smart solution

Anonymous said...

Just following the exact steps solved the problem ...