How to resolve 'WS Security Error : 180004'

How to resolve 'WS Security Error : 180004'

book

Article ID: KB0075031

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix BusinessWorks 5.14.0, 5.13.x

Description

Sometimes after migrating our BW Project to BW 5.13 or BW 5.14 you could face the following error:
------------
Caused by: com.tibco.spin.soap.security.WssProcessorException: The inbound message does not conform to the policy. Error code = 180004 Exception Processing on Username Token: An invalid security token was provided (An error happened processing a Username Token {0})
at com.tibco.spin.soap.security.WSSecurityHeaderProcessor.enforceSecurityPolicy(Unknown Source)
at com.tibco.spin.soap.security.WSSecurityHeaderProcessor.process(Unknown Source)
------------
One possible reason for this error is that the EncodingType in Nonce element is missing from the client request.

This is a sample Client Request without EncodingType
========
<soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken>
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxxxxxxxxxxx</wsse:Password>
            <wsse:Nonce/>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>
========

Resolution

If the Nonce EncodingType is missing from the Request header, you will probably get this error.
UsernameToken Nonce's EncodingType attribute is mandatory according to BSP (Basic Security Profile) 1.0.

The same request works fine on older versions of BW, the difference is that BW 5.13/BW 5.14 uses a newer version of the underlying library (WSS4J) with stricter validation.

This is a client request with the correct EncodingType
========
<soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken>
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxxxxxxxxxxx</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"></wsse:Nonce>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>
========

Issue/Introduction

How to resolve 'WS Security Error : 180004'

Additional Information

http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#Nonce/@EncodingType_Attribute_Mandatory
Powered by Wolken Software