I was simply attempting to see if the fact that the “auth” parameter of the connector and the “auth” parameter of the soapClient are different could explain the fact that webMethods does not attempt to use a client certificate when establishing the HTTPS session with the remote server.Īfter trying the solution from Gerardo, using Consumer Web Services Endpoint Alias, I tried to use your solution by calling :setKeyAndChain. I agree that I should not be modifying the connector service generated by webMethods when I created the consumer Web Service Descriptor from the WSDL file. I tried to use the builtin certificate ssos from the DEFAULT_IS_KEYSTORE, and also one I added myself, which is called abc and webMethods does not attempt to authenticate to the remote web service.Īny other idea how I can force webMethods to use a client certificate? Maybe some other configuration missing?Īny debug I can enable in Web Methods to better understand what is happening? I am not dismissing your suggestion, in fact once I am able to get Web Methods to use a client certificate, I will likely use an Endpoint Alias. That resulted in the same behavior, webMethods not using any client certificate authentication. I also tried to not edit the binder, and instead set the endponitAlias service input when calling my connector: So that proves that it is using my Endpoint Alias called abc. I was not sure if I had done it the right way, so I edited my Web Service Consumer Endpoint called “abc” and instead of “localhost” I put “badlocalhost”, then submitted a claim. A network capture still shows that Web Methods is not sending any client certificate to the server, because the “Certificate, Client Key Exchange” packet still shows a certificate length of 0. I attempted to invoke connector with only the request as input. clicked on Binders tab, and set the Port alias to abc: I opened up the Consumer web service descriptor. I used tcpdump to capture all the packages into a file, and then I used Wireshark to analyze that result, and what I see is that webMethods does not attempt to use any client certificate as can see in the trace below, packet 10 the “Certificate, Client Key Exchange”, in the details of the packet, the “Certificates Length” is set to 0 (no certificate was sent by web methods) : Received fatal alert: handshake_failure When I call the service, I get a fault with fault/reasons/reasons/*body set to: Note: using useJSSE=Yes forces webMethods to use the Java security encryption routines instead of webMethods builtin routines, this is required to support TLSv1.1 and TLSv1.2 _url: https:/my./the/soap/service (this isn’t the real url) So I wrote a little wrapper around the web service connector to set the following inputs:Īuth/transport/serverCerts/keyStoreAlias : DEFAULT_IS_KEYSTOREĪuth/transport/serverCerts/keyAlias : ssos Then, to keep things simple, instead of trying to add a new private key under Security -> Keystore -> Keystore List, I decided to attempt to use the pre-existing default Key Alias key called ssos in Keystore alias DEFAULT_IS_KEYSTORE, as being the client certificate. I’m not sure this was absolutely required to tell Integration Server to trust the certificates issued by this CA, but just in case I did that. I added the remote server root CA and intermediate CA certificates in my /common/conf/platform_truststore.jks by using a tool called “KeyStore Explorer”, then I reloaded the “DEFAULT_IS_TRUSTSTORE” using Web Methods admin console -> Security -> Keystore, and for DEFAULT_IS_TRUSTSTORE I clicked on the Reload icon. The consumer Web Service Connector is not sending the client certificate to the remote server. My issue is that I need to use a client certificate to authenticate at the transport level to a remote web service server, using https, and this is not working. If the provider of the web service does not ask for authentication of any sort, I am able to invoke this Web Service Connector by setting the request input (in my case: tns:request), setting up _url to the http or https address of the server which will process the transaction.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |