Issue:
I Configure WSS service to handle WS-security enveloppes when protecting
the soap resource /myservice/services/OpenSecWebService/serviceWSS, the
service fails and I'd like to know what means the error seen :
Trying to resolve id: #id-6B4F79D3E5B3A12A5E147248702585410
Found nodeElem http://schemas.xmlsoap.org/soap/envelope/:Body
Check if Timestamp covered by header or Envelope? signedElem=4signatureType=-124
SM_WSC_00629 - Unspecified acceptance error.
SM_WSC_00624 - Signature-0 was not accepted.
SM_WSC_00909 - Failed to validate signature
dispatch request failed.
Environment:
WSS Agent 12.52SP1CR04 64bit on Apache 2.4 on RedHat 6 64bit; Policy Server 12.52SP1CR04 on RedHat 6 64bit;
Cause:
In the XML Signature Restrictions pane, you need to select :
Must Cover Body of Message
Require Signature over wsu:Timestamp Element
as per documentation :
"If the authentication scheme is configured to require the
timestamp element, the digital signature must cover that timestamp."
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/web-services-security-wss-configuration/configure-authentication-schemes-to-verify-user-identities-obtained-from-web-service-requests/ws-security-authentication-introduced
Resolution:
Configuring the SOAP signature restriction in the pane
"XML Signature Restrictions"
by selecting these options :
Must Cover Body of Message
Require Signature over wsu:Timestamp Element
it solves the issue.
Additional Information:
N/A
KB : TEC1691635