Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Unable to sign SOAP header parts in WS-security profile

SA-59307

Summary



Unable to sign a part of the SOAP header in the WS-Security profile.
There are two service options and both must sign a header part (the signature part or the user specific identification part). On adding these parts to the WS-security profile, the service fails and an error is generated in the log file.



Error Messages



PRRuntimeException


Steps to Reproduce

  1. Create a WS-security profile.
  2. Add the configuration type Timestamp and Signature.
  3. In the signature, set the signature parts on the Timestamp.
  4. Execute the service.

Root Cause



Only the SOAP header can be signed if the correct element configuration is entered.

Both setSignatureParts and setEncryptionParts elements use the below syntax for the part name identifiers:


{Element}{http://some.namespace.url}ElementName

To sign the entire SOAP message header element, the Signature Parts value must be set on the WS-Security Profile outflow tab as below:
 
For a SOAP 1.1 envelope:


{Element}{http://schemas.xmlsoap.org/soap/envelope/}Header
 
For a SOAP 1.2 envelope:


{Element}{http://www.w3.org/2003/05/soap-envelope}Header
 
To sign individual headers within the SOAP envelope header, identify each header that requires signing.

For example, sign the WS-Security UsernameToken header as below.


{Element}{http://schemas.xmlsoap.org/ws/2002/07/secext}UsernameToken


Resolution



Perform the following local-change:

Sign the Body and Timestamp part in the header for this part name.

Body;{Element}{http://docs.acme-open.org/wss/2004/01/acme-200401-wss-wssecurity-utility-1.0.xsd}Timestamp

For more information on how to sign individual headers within the SOAP envelope header, refer to: https://community.pega.com/knowledgebase/articles/creating-soap-connector-uses-digital-signature-and-encryption

 

Published November 29, 2018 - Updated December 2, 2021

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us