StickyMcGinty
Reputation: 445
WCF client exception -"Message security verification failed, The signature verification failed" - how can I debug further?
Getting the following exception when my WCF client gets a response calls a Java based Spring Web Services server -
System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message security verification failed.
<StackTrace>
at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.TransactionRequestChannelGeneric`1.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Exxx.Client.xxxService.xxxx.submitx(submitXxxRequest request)
at xxx.Client.ExxxService.exxxsClient.Exxx.Client.ExxxService.exxxs.submitxxx(submitxxxRequest request)
at xxx.Client.ExxxService.exxxsClient.submitxxx(submissionRequest submissionRequest)
at xxx.Client.ClientService.Submitxxx(String xxxId, String username, Int32 batchType)
at xxx.Main.Start()
at ESubmission.Service.SchedulerService.CreateInstance(String assemblyName, Object argsObj)
at ESubmission.Service.SchedulerService.LoadAssembly(BOESubmissionSchedule eSubmissionSchedule)
at ESubmission.Service.SchedulerService.<>c__DisplayClass2.<RunSchedules>b__0()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
</StackTrace>
<ExceptionString>System.ServiceModel.Security.MessageSecurityException: Message security verification failed. ---> System.Security.Cryptography.CryptographicException: The signature verification failed.
at System.IdentityModel.SignedXml.VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter)
at System.IdentityModel.SignedXml.StartSignatureVerification(SecurityKey verificationKey)
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver, Object signatureTarget, String id)
at System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteSignatureEncryptionProcessingPass()
at System.ServiceModel.Security.LaxModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message& message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message& message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
--- End of inner exception stack trace ---</ExceptionString>
The Inner Exception - The signature verification failed.
<InnerException>
<ExceptionType>System.Security.Cryptography.CryptographicException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
<Message>The signature verification failed.</Message>
<StackTrace>
at System.IdentityModel.SignedXml.VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter)
at System.IdentityModel.SignedXml.StartSignatureVerification(SecurityKey verificationKey)
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver, Object signatureTarget, String id)
at System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteSignatureEncryptionProcessingPass()
at System.ServiceModel.Security.LaxModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message& message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message& message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
</StackTrace>
<ExceptionString>System.Security.Cryptography.CryptographicException: The signature verification failed.
at System.IdentityModel.SignedXml.VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter)
at System.IdentityModel.SignedXml.StartSignatureVerification(SecurityKey verificationKey)
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver, Object signatureTarget, String id)
at System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteSignatureEncryptionProcessingPass()
at System.ServiceModel.Security.LaxModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message& message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message& message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)</ExceptionString>
The Java based server web-service seems to process my request fine but I'm having the above trouble with the response. Note: I have no access to the server side of things - I can request changes and query actions but that's all
The set-up
- WCF .NET 3.5 client web-service
- Java Spring Web Services 2.1.0 (SOAP protocol implementation) + Apache WSS4J 1.6.7 (WS-Security 1.1 implementation) server
- The following security binding in config:
[customBinding]
[binding name="MY_BINDING"]
[transactionFlow/]
[security defaultAlgorithmSuite="Basic256Rsa15" authenticationMode="MutualCertificate"
messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
requireDerivedKeys="false" messageProtectionOrder="SignBeforeEncrypt"
allowSerializedSigningTokenOnReply="true" securityHeaderLayout="Lax"
requireSignatureConfirmation="true"
enableUnsecuredResponse="true"]
[secureConversationBootstrap authenticationMode="CertificateOverTransport"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireDerivedKeys="false" /]
[/security]
[textMessageEncoding messageVersion="Soap11WSAddressing10"/]
[httpsTransport requireClientCertificate="true"/]
[/binding]
[/customBinding]
Binding has been modified in code like so
public static CustomBinding GetServiceBinding() { //Get custom binding reference from app.config CustomBinding binding = new CustomBinding(SettingsLookup.WcfCustomBindingName); binding.ReceiveTimeout = new TimeSpan(0, 0, 15, 0); binding.SendTimeout = new TimeSpan(0, 0, 15, 0); // Get the x509ProtectionParams from the security element X509SecurityTokenParameters tokenParameters = new X509SecurityTokenParameters(); tokenParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial; tokenParameters.RequireDerivedKeys = false; tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; // Reference the asymettric security element AsymmetricSecurityBindingElement securityBindingElement = binding.Elements.Find<AsymmetricSecurityBindingElement>(); // Set the X509SecurityTokenParameters to point to the one's just configured. This is for symetric encryption, for asymetric this line needs to change //securityBindingElement.ProtectionTokenParameters = tokenParameters; securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; securityBindingElement.InitiatorTokenParameters = tokenParameters; securityBindingElement.LocalClientSettings.DetectReplays = false; securityBindingElement.IncludeTimestamp = true; securityBindingElement.LocalClientSettings.TimestampValidityDuration = new TimeSpan(12, 0, 0); return binding; }What I can't seem to do is:
Figure out which signature has failed? The stack trace for the inner exception mentions
System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignatureso I presumed the Primary Signature was the main envelope body signature? Contradictory to this, however, is the line in the StackTraceSystem.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeaderwhich would lead me to think that it's a header element - but which one?Check the signatures in a Console application or something similar using
System.Security.Cryptography.Xml.SignedXmlclasses to verify in a separate, isolated environment which of the signatures are returning false forCheckSignature()- I have tried this and cant seem to get it to return true for elements in my request from WCF (I've pulled the request from fiddler)
Any and all help appreciated
Upvotes: 0
Views: 7323
Answers (2)
StickyMcGinty
Reputation: 445
Update: as requested by Yaron, request and response messages below -
Couldn't add this to the body of the question due to size limits
REQUEST
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_3">http://www.xxxxx.xx/xxxx/v1/submitxxxxRequest</a:Action>
<a:MessageID u:Id="_4">urn:uuid:759216c6-eebf-4a65-b1e9-8dde47bee45c</a:MessageID>
<a:To s:mustUnderstand="1" u:Id="_5">https://wss.xxx.xxx.xxx/exxxx1/</a:To>
<a:From u:Id="_6">
<a:Address>http://example.com/</a:Address>
</a:From>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-060792f1-35d1-4d5e-bdcc-c29847a039a7-1">
<u:Created>2013-01-29T15:29:44.185Z</u:Created>
<u:Expires>2013-01-30T03:29:44.185Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken>
<!-- Removed-->
</o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">oNEIRj8uPIkIP4+BfAo/CmYDwzk=</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>AUbgDqZQRmameOEExgcK4m+3umf//4xl5kPt+7X84yHvprlZkta0Xp20/cmZLxJjTo8SeCPGjVSh0062+FCXBqsG1JBOcCRB+ulvM2fb0QoALyR8qxa+IyEnWS6XHecf8navZQ2SzsPRke9NZ/1YHaFdImYmediE0BH3/Mtc5KbwPxHgUeK/K/So9L+nJiPgvbLNwCMIdI0Tkcefb+8gPnNE3RK5oCb4sFeWzb6l+KSTtcMSd+3wrzC0iztdryvNuUCizK+P3ElndLM/IGCWY7kXOsbalNE2iv2MvTnW3DN/xNh8/2hg8KDuFATgChMXh9fmqAg94Zqd8Z6gKYBs8A==</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"></e:DataReference>
</e:ReferenceList>
</e:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>ArKSZjaaytFKKWquZw2neYuML9I=</DigestValue>
</Reference>
<Reference URI="#_3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>2YgeR5vFw0ICk8r+wiaVYknO4E8=</DigestValue>
</Reference>
<Reference URI="#_4">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>MCtfgxgeH95HKveKjpMXAbNrDz0=</DigestValue>
</Reference>
<Reference URI="#_5">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>ynr1icJszUi4OG5vt0usO0419As=</DigestValue>
</Reference>
<Reference URI="#_6">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>y8jXxE1bLmeg6vJi9iqKczNvEDo=</DigestValue>
</Reference>
<Reference URI="#uuid-060792f1-35d1-4d5e-bdcc-c29847a039a7-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>0t9JLZ1xs/Kg1kNEsLXzFHirlNo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>n6yTehZLf9uI4wR/YMEfecW5IMMtOFHrMlfZhXRz3d9I412s3Z7rqjGz4NEmnJkpRj3vIWDryywk5ms3jmvKfb3L9tpCsZcRN6wDzfBtV0T5cI+dGx1h/wILQpth73U9p1ejAUXLV21eQPxrlDyeeurg6FNJCO9/MZUkNY4uuEMy1kyrbg4MwxK8TQ8JSAOcOQDEwyqtUU1kYWckw8ht4OpKCATiasAsy1l2bNgQOhfZ8YmGJ3g1YEedb4MKh4RozS3UnEB5ryjtHPZRlITCNcu2jTjH5PCdTzWH8RcIFPHFUgLfMHMuDVaLhfaFvqzC8D2bBTlvvrqO6FNY+UcvYg==</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-b4a8c5b5-0509-4536-b68a-57c396db4496-2"></o:Reference>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod>
<e:CipherData>
<e:CipherValue>njNbaa7uxaB1U1oPZFWQFbedoPmFs8bAmdLMblTeDYtzdTMSsU65gNerLtBfdG24pSlYR7Q2AyN2xbvsO/m7JuJTqcm3hb56UXqJu/p84tf6GvoQYPnkJSnObGC83/Ujkv1zrAENAHdD3YgWNI57DrE7BWi3sXA6juP58uD7annHIy+AJoW7SSSC2SKaXkmmkISB1JHlr9HOXcsa5GUrGRWVLLWFKjBWHq1wHOZNsQW8d89sRLQ7kJyaZH1AWtYzXXq6KwJO3TuVUbuhC3uFDRPAmFd6hg6lXeXGIMuswXKYei/7KazDmXpIfJKEfEMvBKrY2m3+MF5CJvlC6jmabU1w0/Jmz4GWMX0804BnpxkNFdxHVlMgWTdtxPwph25t9n9Hsia+n7FW60FbN9i1+hz5Zl2OGbrpv6T7pQwhhUGuHmGy3PWjOVWp/CLnyS+VAh5Mwk6JLGHODCKpM9HV+sFxP9P+vNExPU0ILGhavOiofw7bgqVl3+eukGYk5GI9+CT8R86b8QMt1+j1cZihECODT8raVYxqK6kJcafdaKh+qQ/gEbCgjnZE9OMpgr43/FBi6tz6TkdoNCCizcD7euGmze432JwI3BRC4xfzc700W1nllIvQiCFqAW8VHqGcru/QB1HC6Om54eu9knZAdeobBMjmjJseZC9M/pKeTLKjAhWoxY6rO5VJR5XL+H6jv1E7Vdnjy/4QRtktdd4gQhksoxIFlmxGrFtMvRbmmMmtCKIiD1g+iCq3v7jJtXiMe64wCPDeuieev7tWYPM3Fb1xzaqWixXkPhuQuTAiwi0Muqi4OFl9Jbskihb5rURi85QgnCBTjDCK7+X9kWxy7O7xm1BwV0xM0QmtP4lTVXQzNUAmQC+174QgOmKMLna3YNw+emphWrI0jeIIj9VNB4Ps5TYhDHYERH4vu3QWrHzHrin+VwnpPPnwSE1vLeeIgGB9DedV5odjsK84kQqWP3GxkRh5WtgHwIWhB9YyZ1eQlDy2l3xjmrwQ3pUtGgbDCJd0N5L0Oe7PNnACDfPJ1MdZw0plIQqMaGITSJMySC86LFdUYPAnnWMSkDynrNwSvOYk90zFPCrxUQ76bbFQju5+DqzODJ94ZcwVWI8qoPhqgx95rirmYQjmUyBJZ+VpAa6v+0e40rBwY7U+Sqe7GzcmxpdKStEQdOZ0FP5lw+CO3NVqr4hnf1s7Usle3zuQhWjvTPLVUTRIiKuEial61wlL8yKER6c3M2YOnLMGchZA6ddKO3kR1WzV2n+/a/Id06ZSuOqu6vvV/alEKRdK6zORutqoQLPfj5F/YiprESSpwkEAzHZuxNHPTXXDgNBhfrcs3TsuusSOtTUNKT93Z1sSsE7bLZVqqaXzQDXzjpBosUtSJrW6MDmY19ux82UJswhOiK2KLUs2+QHENnOUwbSkId0n3ROCKXpT+JM9U5LsswpoiSdFGk9/WUj/ogA2mXA7yGu03Bp7sBldbeZSU+ho9Ix6dpznkYdroa4u84WOSfCH0Kb7X7stBuZ9IgOKml5xr3c8FJVOlUPGyGSMn5J8SYTmsLt9HLLsM8sJiDBvguaQgN8YR6zk/qA/xXK2yGIlfRZIqkfow/vb9hpm5YdByeokyABSml9KcvhjCOGZIkgltW19txFtzPGYX0Dc7F/xteREwRMqO3cuqEE/Ufl3N6pRnR+9NHnJHPqkSexH1h5aHXylaWNQbsdvkQTT9co7Z5dtAAOSe1PsCHUaex0dXMzROG4FFRwjiu2YrNqDMPXItlkHn3ScK4XBoLhyVS8PPnWnGfYvR5iQRXHoZTmEZKqBAOoVaUVRftBWa/j4GW0NKD6GE8N8qtMCvFyALkL7XvIXKwZ+LhDOivVp1phmFxdIpG1KWLhotfPskFzXxeOxPOariFnxV4UEIEbI+Oso1BC8UF2rSWkbIpErPQfygnGEB/RCPlTigIi80MJkEvzL41H8lSJJ9Gng3jvPP8W5sJ/YOE4+QK6MtwS8heQdcPDCcV3m6lKwQ/c0xHtVA/65uLmADS16XINr6uUicnxOodH2lq8Ju08sMCHFjwMK9SnSN96nJ1rcgoH2dCR6S7yWf/wKx9QaFmcXKouwhE3xbgU2UUF2NjM3gbuhkqXZouZL1m9bpP94LUhEnt/IhQ4Q0QdeHLD3iLzfxuq5vdxxbEcfugMHOleMRAHAdEhnG0bk88YbPflwobs0kUFtNO1AttZxokGDnlS1gRuty/m+42d0/58aXtkdQDeWg47XKaLOqfiCobi7C6EqAKJgNKf52uax93HYO3peJd6wG2i1yKbSyXv1VKoAVw9LrmhUMcQVNuehs56DrXO21RGeqehxCk8JIRHaEtcBEYym2reVGm4AHf44UUDmi8b8vUZG1vWw2KulEQ09Q+nYCg4l1FNWk7KsIguUFt7lqa6c4/HY32NaI6Q9LEh3o/BTgDFKT7Icq6s/aiySFk1aS90tsBt9TJ8WnsM3ork5HVCgLYl1bLkDAjb5NEZoLwU5wE2JsIbhTYAkjJZMSznr6Pa5tlD/rzpZ6xF1+CF979Gkic3AKIS1b17TLpZiUcT24b2D2yda0tNxGIxuDbN60TC5C9SL8e/MAqRQ9wRI2sLFOk+ZdxiIo7tFnGNxIlV89iTnbXjy93XI7mq4ifGZwywj56AaSuCWML46ZOsbP9Jpo26n6QbbSQxLZHzMuIGwr26NF4ebXvHnbetwqyu5oY2j9ilfGfjNG4i+c85nhz+8hrrVA/VrRTDLIYcUCh1ax63ZbyTF2TyFI3e5DwNvnh2c8LQ1Ppajjek8SQZOqnWmmzAj9lNtfHQ8+8mmuS642oaGks7PE/ZaKUiKfv0CQTlOhY7QfB6SKX9tmo/jtyI7KD7sETygLAlSVjEiVI0uMn3cXtKSrLSwsKxdBgerLvQHZV4JyMl087oFUgGCNk6v5m7GBMfByys7tftlIXKtGa/GWpRvw4XO355HkZQSBr5L3zTplJZCeyiO42n9q0ow5SEqObrRmIlA11Oei6eRk8IQWmgNlnLHI/++CVKdlm4e4BZx/L8djTRf3S6wBVqVsTTluHLAu9+1whkARjAnGWAxvsYIQYNdjA95coYRFkdkwZJnUv0lRHq7bIRIkg96fVygMheC09RbGHd4vBo5/8wDRQkK0upM+1QhM/Gg/zbdFKRIP5EhYBPqmWhV5RYsV7m78Q2FLHEMnkcVFxYOOSUbTcQ3MmmR9gCgV9KSNVKzlhA1tFXDkF1s5wcC4WDahtxEHeFzYz+l0JmskIxJRSn5mT3+pEG81bvanAPnub2mtoXs7zN8Eb01SPusy1GVkq/AFHjyJNQNuPaWVY1gcM8mFk/Y041Bo3qmS/APp5YTrtm7wiUbmf6EnimwtHZ8z90/VytAVBp8iR22jyN642YiONCmKqLHncSAEUR74aoOSld5qJS/wqzAl8A5DXSYtkbmFJj4z9KBbAoBQ1bsAw7jFdbBsfhTTyWNknLtdkhVtFJueGqL6t+iHxxo376l4DZh+CKbhTAM3Gmqx6mwChJLnJcTh0cZ/pjpCvDjMrvAijrhm9iYkNdx7u/0RKXkod84MZeX39dDbvknL44FiYkhJw3zaNmFzh8bJEFEx0HzhXVPiMCSBDttuJI8VSyOjnA7aUGL46UGUwM+Sku0Xr6/UY0fbray7fhRlMMYUOBg316c79NfRubAWh4LK3uUufwoJGyY2oKKnUGaPC3dosYVZoKn7dHqWc6AvuKknkUo+c6ACPD6qR3FjrV9frHR8kzxpXjpq0E4bzq2vXkEB1/A6NBBLnyqjhu9vKqM59OJhKdujQpz2INQAWer6WFZ0332OMgYj5EKskxLQvb/KcHq4wbfx4l+BBHw5ZTe12606iHbeVJT9yRehAuGWt2b99UqmlahsO4BZ7czSY3KxNoxF6C6BRJqNAPflEFUcWkGXb3PZByZouB4zpht4oUmn2AT+ZVk6vxCFcKgS4S7/VMsD/69bXARMVaVwDXqy40ffVW10ZJOxrvmpoG6nKRLiDfgkdVdxysWusgXO3/3E+vPP5Mn0RnX0bT6pxZMbVvgi81SeOXrkJQ82Gk5G2xw6CnoTft/c3G25bO3O8WbfwNqU8juYmxYttvjZcRUgtssfsogRlVZeEWw7sLG/L2wycsuTsBtuWyBHb1bz7QEYtf2LiYgdtOmcjJvFr6hmaPVcSk437Oirk0iRwbbfox1cmNpC8dODjOe1pcoirPsO22ARDZ019xsf27zPoweduj+pFql57rdr/kEIpW8paQlWyae7FEZPyce9boV5Gf+pE0mq6IHqSpRNhLbkgiJyeVBK3qSiDMtZgVRcTOu9yfH9bkBTOtmL369YP+glnqo4Np1sqrHrEuu3LxrYWxEkzgkPWjF91sKgJ1il6zmpbVUIPDUyBghL+dMUW6rVIwnuWAs0AcRugy3mhgzuZ7hMIjYSWYDjXCn4mmgIqJXuw+oItjiLqs3ypxZGiHsGh3pBK2DOTaNDtd0bhgicZGl0InTt3nOovnq6lZkHGSVTbx9AqAdC/tH4wi+1qnZlSLMCxoJMrtIYScz2WsFNERb8r/k4+9EZOR/tE2QcLPgnhajUEeeEr2f4yBod8ojqTejNp9XdwfXr9rn/UZ7ZP0n0kKKlW9o/oMI/p1acVox5sndxXYtluRFwS+kauCBM6Pvkx94rQ5TGduVDP/3j2yxOV1BmFt1M0gxi7eimTEFJVLZ/B4N9gPd40B5KkipmQtd1Rq58FFcbcdxQC8D+kBD2wPliejvMou6KuopmZ2x8gMF7NAS6KVe/02AFOJSAYz+HgJTL9eXEFlvmF6pGx4vPhTzrN9YRMeYciKVNSAjEkvHGnTIMxU3sGL6LWn357BQRWtgggJPxpG29q1MTh0X0srp5+fKNFgbStZv9duzU15YzFsJ8++flgXnD1K6OGdreQarUCXG0qdoX12+bKN1ZJZfi2j7xVTl2Fpp4YAtjAo1xzQh1ec6g6xZDZOnv3l50EW7Ke9E/v9i6pLQWQwVw6/vugpaWXpb+nzTL9yekznOl+07lgcC1D4JQrn31AAjtasTmGr3bEm7LjTnMV9l9sFayhu9QrfQqHhNrebLuuCSlDteT4q972N76rl04qkBy7JiflFlD5UIKZ5kXsgTyWK54NL9vB06vfOCGbL5B27R0QduZOg1DsD6oJGDfF41YdXCNU+65AjoeKod+qwXxu6vLd6dwmkZaVFeWlJg7JpYPrGkddM9W/MHXFyBNQ3TT1lIqqDjTkY2kkGk0ROvKZF5kRuPdVcXhmffdS8auZq9W2Nvx7X2+u9oqxIqm29GVvRBgsigrqQFlj5rU92XjUhGSBvffCrCpCyp7/IQd/inPveumGNj0o1agD6FgpNSp0v1USNDMo9t6jwf1hmxR0y/bdz6xv/iB34GxXcD2wiJEON/EPQYZz3bqIjaDdyZBZSgGP4jqXfyMbqExr6MAaWCISSHQFVKvLopjPlLSuK87aVrJChr1AxjPz8YI6dbMwSHI9AByS77T0Fh+wj3xDBVdr48xhxQcS11wNIG42lUh1Mw41m81LvsfktbhzAQ6xOe9woa+n2mEvczXUnGZFLALbREa3cWIssJMivj19jonrXIUKcwBR8fp6PtCWHD+T7OpU2sWuo4ezLJRP6zZCrJzccU5rJ3jvB/MDXRywCPj+Rmo2TGttxDsNq5nCESMQdtCempmyzGohkw9orCd3IwnFjyd0pHwHzzIWlaltdhwVrtn2CbfqQ3ZQVIVOHUVZcy6+o3L2PDOxNp/ikQbebBch6B7X6M0BBVX3TJsVE/0GXmleaP5oLTXA940M+wVzvNQdpbMSGbs4tBffY5eJL+/2kL/rMeorHWuhKcMYh6mz6GgGA4/YI6+cWCAbqgVsPhSCdCVOG248ln14w3Mm5pWWVYS0aWbwxyOhDkDXyleYfSeTCX03ovxHokmMZN+M17ogx3V7mXrw1p7YVo5MRiBP575pE3iNcDoKmFBFbu9q32kZvZAdsiuQNnKCrSIP0kYxcRJ4/og/GI+JfZJtbNKgjn4IyPCFsD72uUbGkE4752n1ZgiWFgp61VacHD+OuIU2aLpuyGXHfqtBw5HdVKgtW+KoDkqXZr8hjYsWbATflt9GcvcM2paJKnvL+OrWXHz+TUZod9kkFRKzQQ4LsBQ4KV4cAIFg11JKY3wSrJuT/6rbAG4gQ/uvaJLx39uCguusmnfQ6Rb7+WbGjjh/2TtnatMmJSBFMtY92JJUdn/E7/gExQjoch3Ki/bAN4umO9L8/CfR+SS9yZKas1A16sITMhq0bhSC4rGpo9HfkzSceJT4TOd/BedWGTg5PfvpgeNH0b7kJTYatTDLVUqcy49JdARIuDJ522PhEjx813ArrBj302MsmHgj1E+wtPnhsCGa7cHehxe2rvpwuNhGfvFBhB5mdJNjRyu4sThkfzT0fQ4JMGhdCj4AGRUfE+b+OzuDhKix9HmV/H7R3XPyVyXt3JC8YyUFCD5jth0MEWn94V5fu5EONOBv/vvcB4bQkHtZcRLuW0NgDBOPRZ2bvVyUcM4GbjqXE24nMjQL9WYdQBarZ6yb4aXIWWijflY0JquqmIZUGzSb0w36fII7HQ5JDaH93yMpvvFRTd1rAUY11kZVa/PVvISujU4dJIrXCL2PrMKBcPGZfNim0N27Qv9Iwjw/QXAtgc3bnNiR1IN88uC9Zrsnnf68jxv64XGsFyrwBkpWg74SfmIW53uupi/A9B65B+HImGkUPdxzvTP9wVC9McxeGlZznKswcWgKg0+WAW5FX8bk54ET+Em05qPHSpg23eSpOnIJKyAVzHgol3jSxBdgVZO8woyiYHTVtYYmgq6JUFM6meImVfq3Jj4ejhy3f26VbRa5cn46g6VCRzbbvZUH6GHoEMBWeKvy/Pnkccexsuy/7fq14HvLpYw8GrMLH8fxxdt1EGits5i2vRjVgkNXHPId54CEzU5Z6meyyeEgFpOHj/Zn7BDmeKm1MkvxVFo+p5ELN065OpsIh6zFQTKpKDEMBEmXXhW4Ptn44S7pDUTUsmmaZwjJNoeoAT3YXLQk9racrAaubASkvthb+sNpEDRMZOvAmOagyUWsQy9/j8QghqPia5KiD0qW2dkeT1yWlAVdLqtpRNqU2JSjugf9hwGhZQdEaODfJj4TtaxgxfUEYwGnoaLoAwFDjK5LYu9nfDqrt0FOlyuZOxxwkB9hwYouS9Lhfy3Yzi9xgTKWB4V0t9u1LdpKwBF3GRnFp0OOxqYhN0woFNE0CYWpAtVRx9IoK6DsInu1U5BIq+7dOOzhwn+1wYKcm5KWFtLuZecTmOc2GC0lCJTeaADmuf+4M7ScdR/74R75AyGELY+zZOWlSXNAHmDMlVWn5lXznRZ9Q3/q0azRK5A8H7almVeYADhVKPY50vzFAZu59BIYrUw0d1lQMeWa/OLHk3AwZLOnSzf16FIcpm+ueXypopJbiOe7mAGZqHxh/N+0Fp5lL8Q65r3I3GjJdfU6Bx2E7aYgjq54rYH8hiDNeNYi00hVMxy2+VWTgK9Dfsfc7YzKcXlS00gT+VxFvKlMspCNjHorZdURpwsE5LFK1pylU1WIqD1RHRmZSA+K0GWc5saFZaCc/4/y84N1a2n8EzSPo7jTmRem+AZO+Pl5SaltglZlPGzQedHCeJ41vMNsCf09RIjR3uU+EHlENNN1xOgD/SC/wujTEflil/9h5/9GMiHBRqw3t3qyaycYsulPlqLRO7XK9iUg7p6oymXeYFJZEOUn2GxoKruPfUy6OVGf1qddMpaaswG+mI9BC2lTo5yyCZx17v9oP6k/dpoLO4VUz8Jk7b90G7hWbe6pzeiqcOFVpF7mTmZW67g7VqQiS1J+l/CE7sqQESVn/gMrTUmi+Pwaim16t9E9YjNaH0pAo4UuFsXUPa8+XjsmrN2/Uykys8yw1ny3E3PJHwEN6cxwHJ/xib67QQp4iZ+ZMGeVDWwZeTZokuub0FthEu0Tq/JG9zteGbrvURIq9y1n861hdZ04FIpjU1XqNYVKLKqbEx56NPlcmq9jAievj05jz7UjrLS9KUBt8OffbWf62pqq6DTxXtduz1t1iWKfSvPDMHVYQDuAxeK+aJTo+2QXVFLVLfYjwoMpqTRseMZQQLve6bXQrOH0/sSuixQOOOXAtyVm9lKc919Bo+hDAuEisFfhjlA/a41FE3g4ncH6jk2nUkr6bRraNpo9mY63JckBU0RhJvl1t3yVwBsBu+hpS8AAzBzgabOZuVTy6jOj95/tktN3nFAHxVi1Z+P2L7UGQqe9LCXOeLoU5d23eYAcTM8z4Go2bybwQfar0WZU61bJ8lXoDTNc4Yry0w7XPHMMd/1Wt9hLNDumgCcZxtzvFUI/w/iMGWE031yMnTEiax4M6Hu61+a9FHc0+7wkOvUuVhrPYmu/AJv/PMRycE471fjaY4ozWvjI6RYS/T/M3pqPbfAIQJRxHZWOmnujVWzKgkhSiDgQFZksvT9fjoKfSE7gnDXHk2tnxvbx/MUaUPqJGsttAyv2efXbeqw+qN17k8gBFNdiZW/uKeht1tNOKiGrxKDJVzLGYw88k=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
RESPONSE
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-574D52A06E52AF3EE4135947330291524">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=XXX-Issuing-CA,DC=XXX,DC=net</ds:X509IssuerName>
<ds:X509SerialNumber>79408981557796405248060</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>er/9uf5ssREPDuqM+se+BX4rQaOFC73XlCSd+3Sqy/2ifnWA6FMS0lJ30Gnm2n9Ce4DusC3JCxgKSbITCn4ddHMFiy5/532bhh6vIOLEn2mIZwf3XkSNPbit0dIuDXzEV+bbmxW94Vy/hHauSacUzZN0/n4qTEii2pisWUx8OwSUQ7OUyWEZ9DkynZ/WofVCSvGAufYL+exY8XUWFRepm6rWED0k9yNBfbcZ2YKlgmBy3TEB1W7KB+VvSDfxUgTthVvjIosBojXQCPGdP6mONy59/Gxm2BcWzYTr9xzBBTicQGCH780MFmLH/BZby3GPioQyV3+tCdpjjTG4jdoLOA==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-59"></xenc:DataReference>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-58">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsa SOAP-ENV"></ec:InclusiveNamespaces>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#id-52">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>GFAtBwpzYjMSEYH7Duk+slEfc4Y=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-53">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>OrY4HPfi3cAW+vlBPYm2/fT+fjM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-54">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>7iU/1JeLjAExQOkZdo9ZIB7b+hs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-55">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>wm8HiqQXlaagQyZuYS2i3OqYXGI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-56">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>IGFJ58avXiQXLEce7T0FG0LRlDs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-57">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>w99rafTw8pKc/n1NNUgE6HY8fU4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#TS-51">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse wsa SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>WE4iIBB4g9gWGpwt3vJ/sOI199o=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#SC-50">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse wsa SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>nsxvRxURon7NXk0Ts/435VWpYdo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>HrlESvWPyLCnfjSDsUmHq1/ZoMXhJJIyWwWeZhkhb3Y3wjbUsYJOyaEWbL+zdLC+PxC8ioCGTOxdl1iGqbQPUBVGdD6tklLdJart+aFRtuvu9dD9a/hBcR19s9AiN76V89+H/JYLFFJ2ZQ2RBERznHOgNcnjmAcerWzL4pikPpAs8zedk+G7gfWF2oZ+2DKhTWz9gkxVZvcwFG1eP1CeJE9JT3IjwGOYDUAVWRvGnGxK+WjzZXGhvjmqQcUdfycqDAAxISs5/F3WS7lZZBDLRaMlnOKF2rCUdk2Ynxx3N5ypMij/hJ9bR8BIGj20VZPdZmVleFHFFu9LUOG7qqyhTw==</ds:SignatureValue>
<ds:KeyInfo Id="KI-574D52A06E52AF3EE4135947330285222">
<wsse:SecurityTokenReference wsu:Id="STR-574D52A06E52AF3EE4135947330285223">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Digi-Sign CA Digi-SSL Xp,OU=Terms and Conditions of use: http://www.digi-sign.com/repository,O=Digi-Sign Limited,L=x,ST=x,C=IE</ds:X509IssuerName>
<ds:X509SerialNumber>332400447372114521873343220359135431141</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-51">
<wsu:Created>2013-01-29T15:28:22.852Z</wsu:Created>
<wsu:Expires>2013-01-30T03:28:22.852Z</wsu:Expires>
</wsu:Timestamp>
<wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" Value="n6yTehZLf9uI4wR/YMEfecW5IMMtOFHrMlfZhXRz3d9I412s3Z7rqjGz4NEmnJkpRj3vIWDryywk5ms3jmvKfb3L9tpCsZcRN6wDzfBtV0T5cI+dGx1h/wILQpth73U9p1ejAUXLV21eQPxrlDyeeurg6FNJCO9/MZUkNY4uuEMy1kyrbg4MwxK8TQ8JSAOcOQDEwyqtUU1kYWckw8ht4OpKCATiasAsy1l2bNgQOhfZ8YmGJ3g1YEedb4MKh4RozS3UnEB5ryjtHPZRlITCNcu2jTjH5PCdTzWH8RcIFPHFUgLfMHMuDVaLhfaFvqzC8D2bBTlvvrqO6FNY+UcvYg==" wsu:Id="SC-50"></wsse11:SignatureConfirmation>
</wsse:Security>
<wsa:From xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-55">
<wsa:Address>https://wss.xxx.xxxx.xxx/exxxxx1/</wsa:Address>
</wsa:From>
<wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1" wsu:Id="id-56">http://www.w3.org/2005/08/addressing/anonymous</wsa:To>
<wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-53">http://www.xxxxx.xxx/exxxx/v1/submitxxxFault</wsa:Action>
<wsa:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-54">urn:uuid:1bb2caaa-8900-4ba8-9bab-6ce7a4c8b5ba</wsa:MessageID>
<wsa:RelatesTo xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-57">urn:uuid:759216c6-eebf-4a65-b1e9-8dde47bee45c</wsa:RelatesTo>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-52">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-59" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#EK-574D52A06E52AF3EE4135947330291524"></wsse:Reference>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>zlDlBzico4mvxJUWO1ONL2C2RVpOK8Ii3WNInBMO9W7DCHAe+WzjfKxuwpXUC6F+oRcvG+uDKkkJEgcZ9oeezwJQmeN6taJWyCSxCOsmx2parKfiYkfX0HZLmo+/bB+ApgeFJ8xAu4TzckPTFD9RwOnlyh9hgwMa7oXa+P9hhljXOXabGinoa0GHAm+F16CAc/3Q7Utzd7z8XTBMnPVDg+dFXp8vtNTIORDSYYHc68XQmpMRAfQE3U5pypCIUb9GaLW/0gP3n9hAtIubqtVNAa1+i8uI9WNsWF5PfwdKL0sB7RzYX8JRBTqTLYbg6akDuUIBQiCbi0MTMg15uqSGs2PCsS5LUJUGU5XLotavpClonaxkURzJwwFeb8BxrHEQAXe/TrFKrne4lMzn84EegL1ETLw9Swgby1AzLEktvM7xVM509dIVPuhJuwcfJi+fpGjSNWw60VBplR6XGfcGOdjVI+JGCq/OyWrY2bM+hGOhmTErm3R73n2dI3F9NGjwgrf87+IT5gDLwCNoKrBc2R3Ku++035XxXbh9RWNQR74YsPNL93m9W5DxTaBQPSTeL01+zbWN95nyAqKM+47VT6sEaKYCIBHkXUIoqf0X1hJj/nwNNY8WABXKN8Kzd8HalumIEg2woTJXS9yhH+sQlHw4acz4ifTyZQupGBoyBiHcpx9swPGzFNOC9UFsMuQV/UVmhlV+LZmasGf8O/XJa7/nJZzXzGQnEWtMNK+TE8dYDGTAXF41GryHOuc7QoxswF8EreThEEDkrrvJWXOO27VWK8wN7zEo7ev1Lvq5FZk=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Upvotes: 0
StickyMcGinty
Reputation: 445
Yaron - you were correct with your comments. Turning off InclusiveNamespaces on the server fixed the issue (The vendor turned off Basic Security Profile 1.1 compliance on their side). My .NET client didn't like the InclusiveNamespaces element at all - pity it just couldn't say so!
Many thanks again Yaron
Upvotes: 2
Related Questions
- WCF Error - Message security verification failed
- WCF Authentication - An error occurred when verifying security for the message
- WCF No signature message parts were specified for messages with the XXX action
- WCF Exception thrown when debugging application that calls service
- WCF - How to debug "The signature verification failed" messages
- Debugging WCF and Web Client Communication
- How to debug WCF
- C# Webservice error: Message security verification failed
- "The signature or decryption was invalid" when trying to access web service over WSE or WCF
- Debugging WCF Web Service Faults