org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message

Stack Overflow | Joseph Hwang | 5 months ago
  1. 0

    Unsupported parameter: javax.crypto.spec.IvParameterSpec when decrypting a gcm message on java 8

    ws-users | 9 months ago | Stefan Müller
    org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:218)
  2. 0

    Unsupported parameter: javax.crypto.spec.IvParameterSpec when decrypting a gcm message on java 8

    ws-users | 9 months ago | Stefan Müller
    org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:218)
  3. Speed up your debug routine!

    Automated exception search integrated into your IDE

  4. 0

    JAVA - CXF WS-security "A security error was encountered when verifying the message"

    Stack Overflow | 6 months ago | BrK
    org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:218)
  5. 0

    I am trying to connect from a Java client with cxf to crm 2011 Web Services(on premise). When I connected over http everything worked fine. But when I switched to HTTPS(Port 443)I suddenly got this error: FEIN: Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyVerificationInFaultInterceptor@17698cbe Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message. at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:155) at $Proxy46.create(Unknown Source) at GetCRm.doIt(GetCRm.java:322) at RunHttpSpnego.main(RunHttpSpnego.java:20) Caused by: org.apache.cxf.binding.soap.SoapFault: An error occurred when verifying security for the message. at org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.unmarshalFault(Soap12FaultInInterceptor.java:133) at org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:59) at org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.handleMessage(Soap12FaultInInterceptor.java:46) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:114) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:800) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1590) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1488) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1307) at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:229) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133) ... 3 more Against first thoughts, this was not a time issue between the server and client. I activated WCF Tracing and got the following error: <Exception><ExceptionType>System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>A supporting token that satisfies parameters 'System.ServiceModel.Security.Tokens.SspiSecurityTokenParameters: InclusionMode: AlwaysToRecipient ReferenceStyle: Internal RequireDerivedKeys: False RequireCancellation: True' and attachment mode 'Endorsing' was not provided.</Message><StackTrace> at System.ServiceModel.Security.ReceiveSecurityHeader.VerifySupportingToken(TokenTracker tracker) at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy) at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message&amp;amp; message, TimeSpan timeout) at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout) at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Channels.SecurityChannelListener`1.ServerSecurityChannel`1.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState) at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityReplyChannel.ProcessReceivedRequest(RequestContext requestContext, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.OnInnerReceiveDone() at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult result) at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result) at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously) at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item) at System.Runtime.InputQueue`1.Dispatch() at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped) at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP) </StackTrace><ExceptionString>System.ServiceModel.Security.MessageSecurityException: A supporting token that satisfies parameters 'System.ServiceModel.Security.Tokens.SspiSecurityTokenParameters: InclusionMode: AlwaysToRecipient ReferenceStyle: Internal RequireDerivedKeys: False RequireCancellation: True' and attachment mode 'Endorsing' was not provided.</ExceptionString></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent><E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>458802</EventID><Type>3</Type><SubType Name="Warning">0</SubType><Level>4</Level><TimeCreated SystemTime="2013-01-16T13:55:44.5998534Z" /><Source Name="System.ServiceModel" /><Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /><Execution ProcessName="w3wp" ProcessID="8504" ThreadID="16" /><Channel/><Computer>LOGICALIS-ALT</Computer></System><ApplicationData><TraceData><DataItem><TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning"><TraceIdentifier>http://msdn.microsoft.com/de-DE/library/System.ServiceModel.Security.SecurityBindingVerifyIncomingMessageFailure.aspx</TraceIdentifier><Description>The security protocol cannot verify the incoming message.</Description> This only happens when trying to connect over HTTPS. I connect to my endpoint by using a servicestub generated with WSDL to java. The authentication policy for the Webservice Looks like this: <?xml version="1.0" encoding="utf-8" ?> - <wsdl:definitions targetNamespace="http://schemas.microsoft.com/xrm/2011/Contracts/Services" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://schemas.microsoft.com/xrm/2011/Contracts/Services" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"> - <wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy"> - <wsp:ExactlyOne> - <wsp:All> - <ms-xrm:AuthenticationPolicy xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services"> <ms-xrm:Authentication>ActiveDirectory</ms-xrm:Authentication> </ms-xrm:AuthenticationPolicy> - <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> - <wsp:Policy> - <sp:TransportToken> - <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false" /> </wsp:Policy> </sp:TransportToken> - <sp:AlgorithmSuite> - <wsp:Policy> <sp:Basic256 /> </wsp:Policy> </sp:AlgorithmSuite> - <sp:Layout> - <wsp:Policy> <sp:Strict /> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp /> </wsp:Policy> </sp:TransportBinding> - <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> - <wsp:Policy> - <sp:SpnegoContextToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy /> </sp:SpnegoContextToken> </wsp:Policy> </sp:EndorsingSupportingTokens> - <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy /> </sp:Wss11> - <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> - <wsp:Policy> <sp:MustSupportIssuedTokens /> <sp:RequireClientEntropy /> <sp:RequireServerEntropy /> </wsp:Policy> </sp:Trust10> <wsaw:UsingAddressing /> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> The authentication process is handled by Spnego. I simply changed the Webservice endpoint for my URL and imported the neccessary certificates into the respective java certca store besides that I didn´t make any changes to the code. I have tried for a long time to make it work but without success. Can you guys tell me more about this? Am I missing something in my code that I have to add to make this work?

    Apache's JIRA Issue Tracker | 4 years ago | Jair Lopes
    javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message.

    1 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.apache.cxf.binding.soap.SoapFault

      A security error was encountered when verifying the message

      at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault()
    2. Apache CXF Runtime WS Security
      PolicyBasedWSS4JInInterceptor.handleMessage
      1. org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:216)
      2. org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)
      3. org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)
      4. org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
      5. org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
      5 frames
    3. Apache CXF Core
      ChainInitiationObserver.onMessage
      1. org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
      2. org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
      2 frames
    4. Apache CXF Runtime HTTP Transport
      AbstractHTTPDestination.invoke
      1. org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
      1 frame
    5. JBoss Web Services - Stack CXF Runtime Client
      RequestHandlerImpl.handleHttpRequest
      1. org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:108)
      1 frame
    6. org.jboss.wsf
      ServletHelper.callRequestHandler
      1. org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134)
      1 frame
    7. JBoss Web Services - Stack CXF Runtime Client
      CXFServletExt.invoke
      1. org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
      1 frame
    8. Apache CXF Runtime HTTP Transport
      AbstractHTTPServlet.doPost
      1. org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
      2. org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
      2 frames
    9. JavaServlet
      HttpServlet.service
      1. javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
      1 frame
    10. JBoss Web Services - Stack CXF Runtime Client
      CXFServletExt.service
      1. org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
      1 frame
    11. JBoss Web Services - SPI
      WSFServlet.service
      1. org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
      1 frame
    12. JavaServlet
      HttpServlet.service
      1. javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      1 frame
    13. Undertow Servlet
      ServletDispatchingHandler.handleRequest
      1. io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
      2. io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      3. io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      3 frames
    14. WildFly: Undertow
      SecurityContextAssociationHandler.handleRequest
      1. org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      1 frame
    15. Undertow Core
      PredicateHandler.handleRequest
      1. io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      1 frame
    16. Undertow Servlet
      ServletAuthenticationCallHandler.handleRequest
      1. io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
      2. io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      2 frames
    17. Undertow Core
      PredicateHandler.handleRequest
      1. io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      1 frame