How to resolve 'WS Security Error : 180004'
Article ID: KB0075031
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | 5.14.0, 5.13.x |
Description
Sometimes after migrating our BW Project to BW 5.13 or BW 5.14 you could face the following error:
------------
Caused by: com.tibco.spin.soap.security.WssProcessorException: The inbound message does not conform to the policy. Error code = 180004 Exception Processing on Username Token: An invalid security token was provided (An error happened processing a Username Token {0})
at com.tibco.spin.soap.security.WSSecurityHeaderProcessor.enforceSecurityPolicy(Unknown Source)
at com.tibco.spin.soap.security.WSSecurityHeaderProcessor.process(Unknown Source)
------------
One possible reason for this error is that the EncodingType in Nonce element is missing from the client request.
This is a sample Client Request without EncodingType
========
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxxxxxxxxxxx</wsse:Password>
<wsse:Nonce/>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
========
------------
Caused by: com.tibco.spin.soap.security.WssProcessorException: The inbound message does not conform to the policy. Error code = 180004 Exception Processing on Username Token: An invalid security token was provided (An error happened processing a Username Token {0})
at com.tibco.spin.soap.security.WSSecurityHeaderProcessor.enforceSecurityPolicy(Unknown Source)
at com.tibco.spin.soap.security.WSSecurityHeaderProcessor.process(Unknown Source)
------------
One possible reason for this error is that the EncodingType in Nonce element is missing from the client request.
This is a sample Client Request without EncodingType
========
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxxxxxxxxxxx</wsse:Password>
<wsse:Nonce/>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
========
Issue/Introduction
How to resolve 'WS Security Error : 180004'
Resolution
If the Nonce EncodingType is missing from the Request header, you will probably get this error.
UsernameToken Nonce's EncodingType attribute is mandatory according to BSP (Basic Security Profile) 1.0.
The same request works fine on older versions of BW, the difference is that BW 5.13/BW 5.14 uses a newer version of the underlying library (WSS4J) with stricter validation.
This is a client request with the correct EncodingType
========
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxxxxxxxxxxx</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"></wsse:Nonce>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
========
UsernameToken Nonce's EncodingType attribute is mandatory according to BSP (Basic Security Profile) 1.0.
The same request works fine on older versions of BW, the difference is that BW 5.13/BW 5.14 uses a newer version of the underlying library (WSS4J) with stricter validation.
This is a client request with the correct EncodingType
========
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxxxxxxxxxxx</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"></wsse:Nonce>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
========
Additional Information
Feedback
Yes
No
Powered by
