tilln / jmeter-wssecurity

WS-Security Plugin for JMeter
MIT License
12 stars 8 forks source link

DerivedKeyToken Implementation #35

Open rahmnathan opened 4 years ago

rahmnathan commented 4 years ago

I have a use-case that requires usage of a DerivedKeyToken. From what I can tell this is not currently supported by this plugin. I'd be happy to work on the implementation, but would require some direction. In the past, I've mostly relied on WSDLs to auto-configure the necessary security elements which isn't an option here.

Any guidance that anyone could provide on how to implement this? Thanks!

tilln commented 4 years ago

Hi @rahmnathan

I don't think the implementation itself would be very complicated, as wss4j apparently provides good support for DerivedKeyToken usage, though the challenges may be on the JMeter side.

Two options I can see for your situation:

  1. Generic implementation. If you really want to extend this plugin, then I would suggest you start looking at how to model this as a JMeter element, and how to represent all input parameters as GUI fields.

    Extending the currently implemented "SOAP Message Signer/Encrypter" may be difficult though. There may be quite a few new parameters to be added, and most of them may not be relevant to the existing functionality.

    Options may be another set of plugin classes with their own, different GUIs, or refactor the existing ones to use a custom GUI rather than the BeanInfoSupport based one. The latter is not flexible enough, e.g. does not allow for dynamic/dependent fields (i.e. selecting a dropdown value shows or hides other GUI fields).

  2. Specific implementation. It may be a lot easier (compared to option 1) to write some custom code that solves your immediate problem.

    I would suggest you start with a JSR223 PreProcessor and use the wss4j DOM API (the dependencies of which come with this plugin) to "manually" create the WSSecurity header.

    As a starting point I would look at wss4j unit tests, e.g. DerivedKeyTest.java or SecurityContextTokenTest.java.

    Then use the WSSecDKSign and/or WSSecDKEncrypt classes with your particular parameters.

Perhaps you can provide some more details, e.g. what you would do with the DerivedKeyToken, i.e. sign or encrypt or both, whether there is a SecurityContextToken involved or not etc., perhaps a sample message (with just the relevant parts and sensitive content redacted).

rahmnathan commented 4 years ago

I really appreciate the response @tilln. Here's an example request I need to replicate -

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
    <soap:Header>
        <Action xmlns="http://www.w3.org/2005/08/addressing"
                xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                wsu:Id="_7f108edb-bd67-4cff-af6b-38af5da2ca0a">
            Redacted
        </Action>
        <MessageID xmlns="http://www.w3.org/2005/08/addressing"
                   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                   wsu:Id="_0cd38f38-0a72-47ae-a2b9-db7d27fff7df">
            Redacted
        </MessageID>
        <To xmlns="http://www.w3.org/2005/08/addressing"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            wsu:Id="_edf7467b-84da-4552-9b9d-2d779231c007">
            Redacted
        </To>
        <ReplyTo xmlns="http://www.w3.org/2005/08/addressing"
                 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                 wsu:Id="_eff07866-9c7d-412c-992c-a520bb740cf6">
            <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
        </ReplyTo>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                       soap:mustUnderstand="true">
            <wsu:Timestamp wsu:Id="TS-814a3ef1-9996-4207-ad9b-5191cc179f7f">
                <wsu:Created>2020-09-23T15:51:40.306Z</wsu:Created>
                <wsu:Expires>2020-09-23T15:56:40.306Z</wsu:Expires>
            </wsu:Timestamp>
            <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                               Id="EK-749658b2-8a1b-46b7-9aba-b1f8459d62d6">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference
                            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <wsse:KeyIdentifier
                                EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                                ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">
                            Redacted
                        </wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>
                        Redacted
                    </xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedKey>
            <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
                                 wsu:Id="DK-259c4a2d-8fae-44b2-a5b9-48a463a244f3">
                <wsse:SecurityTokenReference
                        xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
                        wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
                        wsu:Id="STR-7f06b182-b32f-4478-9b1f-923130efb99b">
                    <wsse:Reference URI="#EK-749658b2-8a1b-46b7-9aba-b1f8459d62d6"
                                    ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
                </wsse:SecurityTokenReference>
                <wsc:Offset>0</wsc:Offset>
                <wsc:Length>24</wsc:Length>
                <wsc:Nonce>Redacted</wsc:Nonce>
            </wsc:DerivedKeyToken>
            <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
                                 wsu:Id="DK-741d3040-e905-493d-b5c8-e236fd7abbda">
                <wsse:SecurityTokenReference
                        xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
                        wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
                        wsu:Id="STR-077a0cfd-dfa8-472c-a570-ad1a4e5d200b">
                    <wsse:Reference URI="#EK-749658b2-8a1b-46b7-9aba-b1f8459d62d6"
                                    ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
                </wsse:SecurityTokenReference>
                <wsc:Offset>0</wsc:Offset>
                <wsc:Length>32</wsc:Length>
                <wsc:Nonce>Redacted</wsc:Nonce>
            </wsc:DerivedKeyToken>
            <xenc:ReferenceList lns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:DataReference URI="#ED-569c59f2-27e7-4f5a-b375-ef07d24bce91"/>
                <xenc:DataReference URI="#ED-31a31b56-ff39-4e60-bff6-596dc707f0e2"/>
                <xenc:DataReference URI="#ED-63162a51-545f-4b53-9717-77d39eab032d"/>
            </xenc:ReferenceList>
            <wsse:BinarySecurityToken
                    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                    wsu:Id="X509-7201e6f5-4cc1-410a-909a-abb0ebfe9251">
                Redacted
            </wsse:BinarySecurityToken>
            <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                Id="ED-31a31b56-ff39-4e60-bff6-596dc707f0e2"
                                Type="http://www.w3.org/2001/04/xmlenc#Element">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference
                            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <wsse:Reference URI="#DK-741d3040-e905-493d-b5c8-e236fd7abbda"
                                        ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk"/>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>
                        Redacted
                    </xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedData>
            <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                Id="ED-63162a51-545f-4b53-9717-77d39eab032d"
                                Type="http://www.w3.org/2001/04/xmlenc#Element">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference
                            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <wsse:Reference URI="#DK-741d3040-e905-493d-b5c8-e236fd7abbda"
                                        ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk"/>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>
                        Redacted
                    </xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedData>
        </wsse:Security>
    </soap:Header>
    <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
               wsu:Id="_a2ae1793-c756-42e3-82d8-eb6da720bb0e">
        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-569c59f2-27e7-4f5a-b375-ef07d24bce91"
                            Type="http://www.w3.org/2001/04/xmlenc#Content">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <wsse:SecurityTokenReference
                        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <wsse:Reference URI="#DK-741d3040-e905-493d-b5c8-e236fd7abbda"
                                    ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk"/>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>
                    Redacted
                </xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </soap:Body>
</soap:Envelope>

I suppose option 2 is probably the way to start. Once that is working, I can try to back-port it into the plugin if I have time. Again, I really appreciate the help here. I'm not much of ws-security expert. I'll take a look at those test files you sent next week.

tilln commented 4 years ago

I am no expert myself, but here is some code that should get you started.

Put this inside a "JSR223 PreProcessor" underneath the "HTTP Sampler" (presumably).

You'll have to insert your keystore parameters and the header parts (which I don't know due to their encryption).

Though this does not insert the second, 24-byte derived key (DK-259c4a2d-8fae-44b2-a5b9-48a463a244f3) and the BinarySecurityToken (X509-7201e6f5-4cc1-410a-909a-abb0ebfe9251) that are apparently not used.

/* wss4j v2.2.2
 * Warning: Slight API changes since then! 
 * source: https://github.com/apache/ws-wss4j/blob/wss4j-2.2.2/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java#L108-L128
 */

import org.apache.wss4j.common.WSEncryptionPart
import org.apache.wss4j.common.util.XMLUtils
import org.apache.wss4j.dom.WSConstants
import org.apache.wss4j.dom.message.WSSecDKEncrypt
import org.apache.wss4j.dom.message.WSSecEncryptedKey
import org.apache.wss4j.dom.message.WSSecHeader

// Keystore setup:
def cryptoProps = new java.util.Properties()
cryptoProps.setProperty("org.apache.wss4j.crypto.merlin.keystore.type", /*e.g.*/ "JCEKS")
cryptoProps.setProperty("org.apache.wss4j.crypto.merlin.keystore.file", "<INSERT_FILENAME>")
cryptoProps.setProperty("org.apache.wss4j.crypto.merlin.keystore.password", "<INSERT_PASSWORD>")
def crypto = org.apache.wss4j.common.crypto.CryptoFactory.getInstance(cryptoProps)

// Parse HTTP Sampler payload:
def factory = javax.xml.parsers.DocumentBuilderFactory.newInstance()
factory.setNamespaceAware(true)
def docBuilder = factory.newDocumentBuilder()
def doc = docBuilder.parse(new org.xml.sax.InputSource(new java.io.StringReader(sampler.getArguments().getArgument(0).getValue())))
def secHeader = new WSSecHeader(doc)
secHeader.insertSecurityHeader()

// EncryptedKey
//   EK-749658b2-8a1b-46b7-9aba-b1f8459d62d6
def encrKeyBuilder = new WSSecEncryptedKey(secHeader)
encrKeyBuilder.setUserInfo("<INSERT_KEY_ALIAS>")
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER)
encrKeyBuilder.prepare(crypto)

// Derived key encryption
//    DK-741d3040-e905-493d-b5c8-e236fd7abbda
def encrBuilder = new WSSecDKEncrypt(secHeader)

// Define parts to encrypt:
// Body 
//    ED-569c59f2-27e7-4f5a-b375-ef07d24bce91
encrBuilder.getParts().add(new WSEncryptionPart("Body", "http://schemas.xmlsoap.org/soap/envelope/", "Content"))
// some headers:
//    ED-31a31b56-ff39-4e60-bff6-596dc707f0e2 
//    ED-63162a51-545f-4b53-9717-77d39eab032d
// INSERT HEADERS, e.g.
//encrBuilder.getParts().add(new WSEncryptionPart("HEADER ELEMENT", "HEADER NAMESPACE", "Element"))
encrBuilder.getParts().add(new WSEncryptionPart("Timestamp", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Element"))

encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_256)
// 2.2.2
encrBuilder.setExternalKey(encrKeyBuilder.getSymmetricKey().getEncoded(), encrKeyBuilder.getId())
doc = encrBuilder.build()
/* 2.3.0
encrBuilder.setTokenIdentifier(encrKeyBuilder.getId())
doc = encrBuilder.build(encrKeyBuilder.getSymmetricKey().getEncoded())
*/
encrKeyBuilder.prependToHeader()
encrKeyBuilder.prependBSTElementToHeader()

// Set HTTP Sampler payload:
sampler.getArguments().getArgument(0).setValue(XMLUtils.prettyDocumentToString(doc))
rahmnathan commented 4 years ago

@tilln Your sample helped me out a lot. Based on that sample, I also implemented some base signature logic. If you're able to help me out more (It's sort of off topic at this point), here's where I'm at -

import org.apache.wss4j.common.WSEncryptionPart
import org.apache.wss4j.common.crypto.CryptoFactory
import org.apache.wss4j.common.util.XMLUtils
import org.apache.wss4j.dom.WSConstants
import org.apache.wss4j.dom.handler.WSHandlerConstants
import org.apache.wss4j.dom.message.WSSecDKEncrypt
import org.apache.wss4j.dom.message.WSSecDKSign
import org.apache.wss4j.dom.message.WSSecEncryptedKey
import org.apache.wss4j.dom.message.WSSecHeader
import org.apache.wss4j.dom.message.WSSecSignature
import org.xml.sax.InputSource

import javax.xml.parsers.DocumentBuilderFactory

// Parse HTTP Sampler payload:
def factory = DocumentBuilderFactory.newInstance()
factory.setNamespaceAware(true)
def docBuilder = factory.newDocumentBuilder()
def doc = docBuilder.parse(new InputSource(new StringReader(sampler.getArguments().getArgument(0).getValue())))
def secHeader = new WSSecHeader(doc)
secHeader.insertSecurityHeader()

// Signature

// Keystore setup:
def signatureProperties = new Properties()
signatureProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.type", /*e.g.*/ "jks")
signatureProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file", "/home/nathan/Downloads/keystore-ws.jks")
signatureProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password", "redacted")
signatureProperties.setProperty(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
def signatureInstance = CryptoFactory.getInstance(signatureProperties)

WSSecSignature signatureBuilder = new WSSecSignature(secHeader);
signatureBuilder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
signatureBuilder.setUseSingleCertificate(true)
signatureBuilder.setUserInfo("redacted", "redacted")
signatureBuilder.getParts().add(new WSEncryptionPart("Body", "http://schemas.xmlsoap.org/soap/envelope/", "Content"))
signatureBuilder.getParts().add(new WSEncryptionPart("Action", "http://www.w3.org/2005/08/addressing", "Content"))
signatureBuilder.getParts().add(new WSEncryptionPart("MessageID", "http://www.w3.org/2005/08/addressing", "Content"))
signatureBuilder.getParts().add(new WSEncryptionPart("To", "http://www.w3.org/2005/08/addressing", "Content"))
signatureBuilder.getParts().add(new WSEncryptionPart("ReplyTo", "http://www.w3.org/2005/08/addressing", "Content"))
signatureBuilder.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
signatureBuilder.prepare(signatureInstance)
doc = signatureBuilder.build(signatureInstance)
signatureBuilder.prependBSTElementToHeader()

//def signBuilder = new WSSecDKSign(secHeader)
//signBuilder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE)
//signBuilder.setUserInfo("redacted", "redacted")
//signBuilder.getParts().add(new WSEncryptionPart("Body", "http://schemas.xmlsoap.org/soap/envelope/", "Content"))
//signBuilder.getParts().add(new WSEncryptionPart("Action", "http://www.w3.org/2005/08/addressing", "Content"))
//signBuilder.getParts().add(new WSEncryptionPart("MessageID", "http://www.w3.org/2005/08/addressing", "Content"))
//signBuilder.getParts().add(new WSEncryptionPart("ReplyTo", "http://www.w3.org/2005/08/addressing", "Content"))
//signBuilder.getParts().add(new WSEncryptionPart("To", "http://www.w3.org/2005/08/addressing", "Content"))
//signBuilder.getParts().add(new WSEncryptionPart("From", "http://www.w3.org/2005/08/addressing", "Content"))
//signBuilder.getParts().add(new WSEncryptionPart("ReplyTo", "http://www.w3.org/2005/08/addressing", "Content"))
//signBuilder.getParts().add(new WSEncryptionPart("RelatesTo", "http://www.w3.org/2005/08/addressing", "Content"))
//signBuilder.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
//signBuilder.setCrypto(signatureInstance)
//signBuilder.prepare()
//doc = signBuilder.build()

// Encryption

// Keystore setup:
def encryptionProperties = new Properties()
encryptionProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.type", /*e.g.*/ "JCEKS")
encryptionProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file", "/home/nathan/Downloads/truststore-ws.jks")
encryptionProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password", "redacted")
def encryptionInstance = CryptoFactory.getInstance(encryptionProperties)

// EncryptedKey
//   EK-749658b2-8a1b-46b7-9aba-b1f8459d62d6
def encrKeyBuilder = new WSSecEncryptedKey(secHeader)
encrKeyBuilder.setUserInfo("redacted")
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER)
encrKeyBuilder.prepare(encryptionInstance)

// Derived key encryption
//    DK-741d3040-e905-493d-b5c8-e236fd7abbda
def encrBuilder = new WSSecDKEncrypt(secHeader)

// Define parts to encrypt:
// Body
//    ED-569c59f2-27e7-4f5a-b375-ef07d24bce91
encrBuilder.getParts().add(new WSEncryptionPart("Body", "http://schemas.xmlsoap.org/soap/envelope/", "Content"))
// some headers:
//    ED-31a31b56-ff39-4e60-bff6-596dc707f0e2
//    ED-63162a51-545f-4b53-9717-77d39eab032d
// INSERT HEADERS, e.g.
//encrBuilder.getParts().add(new WSEncryptionPart("HEADER ELEMENT", "HEADER NAMESPACE", "Element"))
encrBuilder.getParts().add(new WSEncryptionPart("Signature", "http://www.w3.org/2000/09/xmldsig#", "Element"))

encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_256)
// 2.2.2
encrBuilder.setExternalKey(encrKeyBuilder.getSymmetricKey().getEncoded(), encrKeyBuilder.getId())
doc = encrBuilder.build()
/* 2.3.0
encrBuilder.setTokenIdentifier(encrKeyBuilder.getId())
doc = encrBuilder.build(encrKeyBuilder.getSymmetricKey().getEncoded())
*/
encrKeyBuilder.prependToHeader()
encrKeyBuilder.prependBSTElementToHeader()

// Set HTTP Sampler payload:
sampler.getArguments().getArgument(0).setValue(XMLUtils.prettyDocumentToString(doc))

And the fault I get as a response

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>These policy alternatives can not be satisfied: 
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SymmetricBinding: Received Timestamp does not match the requirements
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}ProtectionToken
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}RequireDerivedKeys
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AlgorithmSuite: The symmetric key length does not match the requirement
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Basic256
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}IncludeTimestamp
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}EncryptSignature
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}OnlySignEntireHeadersAndBody
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}EndorsingSupportingTokens: The received token does not match the endorsing supporting token requirement
{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization}OptimizedMimeSerialization</faultstring></soap:Fault></soap:Body></soap:Envelope>
tilln commented 4 years ago

Hi @rahmnathan

Sorry, but you'll have to debug this issue yourself, I'm afraid. As I said, I'm not an expert, so I wouldn't be of much help anyway.

At least you've got pretty clear policy violation error messages, so it shouldn't be too hard.

rahmnathan commented 4 years ago

Thanks again for the help @tilln