Topic
  • 9 replies
  • Latest Post - ‏2013-05-21T17:23:21Z by shiufun
Chris.Z
Chris.Z
70 Posts

Pinned topic DataPower SSL connection to WCF/IIS/.net

‏2013-04-29T17:25:04Z |

This it the error we are getting when trying to test our connection.  Note that this same web service works fine when it's on HTTP.  Once we put it on HTTPS we get these errors.

First of all, what does Invalid Transport Protocol mean?  I tried googling to no success.
Second, where is this store:///dp/transport-check.xsl located?  I do not see that in our file menu....
Lastly, I'm pretty sure the sever on the backend is using the wrong SSL cert.  When you go to that webpage in your browser it says it is not validated.  It is a valid company cert, but their domain is "sub.sub.domain.com"  And the cert is just "*domain.com".  I am told they need a cert for their sub domains.  I admit to now knowing so much about certs and why just *domain.com wouldn't work.

Any help is appreciated.

Thanks.

Updated on 2013-04-29T18:01:15Z at 2013-04-29T18:01:15Z by Chris.Z
  • kenhygh
    kenhygh
    2087 Posts

    Re: DataPower SSL connection to WCF/IIS/.net

    ‏2013-04-29T17:38:00Z  

    Chris,

    First, turn on 'debug' mode so you can see more details. Second, store:///dp/ is a hidden directory, you cannot get to it. Third, is this being called with 'http://' but over SSL?

     

    Ken

  • Chris.Z
    Chris.Z
    70 Posts

    Re: DataPower SSL connection to WCF/IIS/.net

    ‏2013-04-29T17:44:56Z  
    • kenhygh
    • ‏2013-04-29T17:38:00Z

    Chris,

    First, turn on 'debug' mode so you can see more details. Second, store:///dp/ is a hidden directory, you cannot get to it. Third, is this being called with 'http://' but over SSL?

     

    Ken

    Debug probes are on, and log level is debug.  No this should be all HTTPS.

  • kenhygh
    kenhygh
    2087 Posts

    Re: DataPower SSL connection to WCF/IIS/.net

    ‏2013-04-29T18:21:58Z  
    • Chris.Z
    • ‏2013-04-29T17:44:56Z

    Debug probes are on, and log level is debug.  No this should be all HTTPS.

    the log you posted wasn't from debug. There should be more details in the log.

  • Chris.Z
    Chris.Z
    70 Posts

    Re: DataPower SSL connection to WCF/IIS/.net

    ‏2013-04-29T18:32:33Z  
    • kenhygh
    • ‏2013-04-29T18:21:58Z

    the log you posted wasn't from debug. There should be more details in the log.

    When you say "wasn't from debug"....do you mean it wasn't from the DEBUG PROBE?  Or it isn't DEBUG LOG LEVEL?  The logs I posted were running at debug log level format, and those were the only errors.  No other errors or warning showedin this transaction.  Is there something specific you are looking for?  The full log of the transaction is pretty long.

  • kenhygh
    kenhygh
    2087 Posts

    Re: DataPower SSL connection to WCF/IIS/.net

    ‏2013-04-29T19:40:53Z  
    • Chris.Z
    • ‏2013-04-29T18:32:33Z

    When you say "wasn't from debug"....do you mean it wasn't from the DEBUG PROBE?  Or it isn't DEBUG LOG LEVEL?  The logs I posted were running at debug log level format, and those were the only errors.  No other errors or warning showedin this transaction.  Is there something specific you are looking for?  The full log of the transaction is pretty long.

    LOG. All you showed were errors, no debug messages at all. You'll need to look at the other messages to get other details. Like if DP doesn't like the certificate.

  • Chris.Z
    Chris.Z
    70 Posts

    Re: DataPower SSL connection to WCF/IIS/.net

    ‏2013-04-29T20:03:49Z  
    • kenhygh
    • ‏2013-04-29T19:40:53Z

    LOG. All you showed were errors, no debug messages at all. You'll need to look at the other messages to get other details. Like if DP doesn't like the certificate.

    Alright.  Here is the full log.  I have removed some private info as I figure you can never be too paranoid, right? =)

     

     

    mpgw (FYI_MPG): Response Finished: memory used 775088
    mpgw (FYI_MPG): Latency: 0 13 0 12 13 10 0 39 39 39 39 39 0 39 12 13 [https://IP:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc]
    mpgw (FYI_MPG): Latency: 0 13 0 12 13 10 0 39 39 39 39 39 0 39 12 13 [https://IP:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc]
    mpgw (FYI_MPG): Multistep Probe enabled
    mpgw (FYI_MPG): Response Started: memory used 801368
    mpgw (FYI_MPG): No match from processing policy 'FYI_Routing_Policy' - default rule selected.
    stylepolicy (FYI_Routing_Policy): No response rule is matched, the default rule is selected.
    wsgw (newtest): Response Finished: memory used 1570400
    mpgw (FYI_MPG): Selecting Backside Processing Rule Based on URL: /COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP response code 500 for 'http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc'
    wsgw (newtest): rule (newtest_error_rule): #2 results: 'generated from PIPE' completed OK.
    wsgw (newtest): Processing [Rule (newtest_error_rule), Action ('newtest_rule_0_results_1', results()), Input(PIPE), Output(NULL)] finished: memory used 2146576
    wsgw (newtest): rule (newtest_error_rule): #1 xform: 'Transforming INPUT with local:///soapFault.xsl results stored in PIPE' completed OK.
    wsgw (newtest): Processing [Rule (newtest_error_rule), Action ('newtest_rule_0_xform_1', xform(local:///soapFault.xsl)), Input(INPUT), Output(PIPE)] finished: memory used 1693032
    xmlmgr (default): xslt Compilation Request: Found in cache (local:///soapFault.xsl)
    xmlmgr (default): xslt Compilation Request: Checking cache for URL local:///soapFault.xsl
    wsgw (newtest): Stylesheet URL to compile is 'local:///soapFault.xsl'
    wsgw (newtest): Multistep Probe enabled
    wsgw (newtest): Request Finished: memory used 1113648
    wsgw (newtest): rule (newtest_error_rule): selected via match 'newtest_match_all' from processing policy 'newtest' for code '0x00d30003'
    Matching (newtest_match_all): Match: Received URL [/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc] matches rule '*'
    wsgw (newtest): Match: Received value [http://www.datapower.com/fragment-id#dp.all()] matches WSDL component type 'fragmentid' 'GetAssets'.
    wsgw (newtest): Match: Received value [http://www.datapower.com/fragment-id#dp.all()] matches WSDL component type 'fragmentid' 'GetAssets'.
    wsgw (newtest): Match: Received value [domain.com#dp.wsdlName(COMPANYLimitsWCF.wsdl)] matches WSDL component type 'fragmentid' 'GetAssets'.
    wsgw (newtest): Rejected by filter; SOAP fault sent
    wsgw (newtest): rule (newtest_request_rule): implied action Calling rule var://service/wspolicy/endpoint/configname with input INPUT and output INPUT failed: Rejected by policy.
    wsgw (newtest): request endpoint_28_3-req #3 filter: 'INPUT store:///dp/transport-check.xsl' failed: Rejected by policy.
    wsgw (newtest): Rejected by filter 'endpoint_28_3-1-1-transport-request' of rule 'endpoint_28_3-req'.
    wsgw (newtest): Execution of 'store:///dp/transport-check.xsl' aborted: Rejected by policy.
    wsgw (newtest): Invalid transport protocol
    xmlmgr (default): xslt Compilation Request: Found in cache (store:///dp/transport-check.xsl)
    xmlmgr (default): xslt Compilation Request: Checking cache for URL store:///dp/transport-check.xsl
    wsgw (newtest): Stylesheet URL to compile is 'store:///dp/transport-check.xsl'
    wsgw (newtest): rule (endpoint_28_3-req): #2 xform: 'Transforming INPUT with store:///identity.xsl results stored in DPPOLICY_SHARED_CONTEXT' completed OK.
    xmlmgr (default): xslt Compilation Request: Found in cache (store:///identity.xsl)
    xmlmgr (default): xslt Compilation Request: Checking cache for URL store:///identity.xsl
    wsgw (newtest): Stylesheet URL to compile is 'store:///identity.xsl'
    wsgw (newtest): rule (endpoint_28_3-req): #1 setvar: 'setting var://service/strict-error-mode in context INPUT to be 1' completed OK.
    wsgw (newtest): Multistep Probe enabled
    xmlmgr (default): xslt Compilation Request: Found in cache (store:///identity.xsl)
    xmlmgr (default): xslt Compilation Request: Checking cache for URL store:///identity.xsl
    wsgw (newtest): Stylesheet URL to compile is 'store:///identity.xsl'
    wsgw (newtest): Parsing document: 'http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc'
    wsgw (newtest): Multistep Probe enabled
    wsgw (newtest): Request Started: memory used 149776
    wsm-stylepolicy (newtest): rule (newtest_request_rule): selected via match 'newtest_wps_match' from processing policy 'newtest'
    Matching (newtest_wps_match): Match: Received URL [/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc] matches rule '/COMPANYLimitsServiceSecure*'
    wsgw (newtest): Match: Received value [domain.com#dp.wsdlName(COMPANYLimitsWCF.wsdl)] matches WSDL component type 'fragmentid' 'GetAssets'.
    source-http (test): WS-Proxy selected: 'newtest'. Operation 'GetAssets' matches all criteria.
    xmlmgr (default): Parsing http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc stopped on XPath match
    xmlmgr (default): Parsing document: 'http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc'
    xmlmgr (default): patterns Compilation Request: Found in cache (expr:////*[local-name()='Envelope']/*[local-name()='Body']/*)
    xmlmgr (default): patterns Compilation Request: Checking cache for URL expr:////*[local-name()='Envelope']/*[local-name()='Body']/*
    source-http (test): WS-Proxy newtest operation GetAssets matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetCustomer matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetData matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetDealer matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetEvent matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetExceptionCalculations matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetHILO matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetROC matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetSQC matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetSite matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation SetLimitEVENT matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation SetLimitHILO matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation SetLimitROC matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation SetLimitSQC matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation CreateAsset matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): Generating chunked response stream to front
    source-http (test): Found content length 249 HTTP input
    source-http (test): HTTP Transaction # 1 on this TCP connection
    source-http (test): Received HTTP/1.1 POST for /COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc from 127.0.0.1
    mpgw (FYI_MPG): Request Finished: memory used 795064
    mpgw (FYI_MPG): Outbound HTTP on new TCP session using HTTP/1.1 to http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Compression Policy: Off, URL: /COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Header-Retention Policy:MQMD = OFF. MQMD Header = (NULL), URL: http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Header-Retention Policy: Range = OFF. Range Header = (NULL), URL: http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Header-Retention Policy: Accept-Encoding = OFF. Accept-Encoding Header = gzip,deflate, URL: http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Header-Retention Policy: TE = OFF. TE Header = (NULL), URL: http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    xmlmgr (FYI_xml_mgr): Attempting TCP connect to 127.0.0.1
    mpgw (FYI_MPG): rule (FYI_Routing_Policy_LimitsService): #3 results: 'generated from INPUT' completed OK.
    mpgw (FYI_MPG): Processing [Rule (FYI_Routing_Policy_LimitsService), Action ('FYI_Routing_Policy_LimitsService_results_0', results()), Input(INPUT), Output(NULL)] finished: memory used 1348088
    mpgw (FYI_MPG): rule (FYI_Routing_Policy_LimitsService): #2 route-set: 'setting route to http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc' completed OK.
    mpgw (FYI_MPG): Processing [Rule (FYI_Routing_Policy_LimitsService), Action ('FYI_Routing_Policy_LimitsService_route-set_0', route-set()), Input(NULL), Output(NULL)] finished: memory used 964720
    mpgw (FYI_MPG): rule (FYI_Routing_Policy_LimitsService): #1 filter: 'INPUT store:///SQL-Injection-Filter.xsl' completed OK.
    mpgw (FYI_MPG): Processing [Rule (FYI_Routing_Policy_LimitsService), Action ('FYI_Routing_Policy_LimitsService_filter_0', filter(store:///SQL-Injection-Filter.xsl)), Input(INPUT), Output(NULL)] finished: memory used 613504
    mpgw (FYI_MPG): Finished parsing: store:///SQL-Injection-Patterns.xml
    mpgw (FYI_MPG): Parsing document: 'store:///SQL-Injection-Patterns.xml'
    xmlmgr (FYI_xml_mgr): xslt Compilation Request: Found in cache (store:///SQL-Injection-Filter.xsl)
    xmlmgr (FYI_xml_mgr): xslt Compilation Request: Checking cache for URL store:///SQL-Injection-Filter.xsl
    mpgw (FYI_MPG): Stylesheet URL to compile is 'store:///SQL-Injection-Filter.xsl'
    mpgw (FYI_MPG): Parsing document: 'https://IP:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc'
    xmlmgr (FYI_xml_mgr): xsd Compilation Request: Found in cache (store:///schemas/soap-envelope.xsd)
    xmlmgr (FYI_xml_mgr): xsd Compilation Request: Checking cache for URL store:///schemas/soap-envelope.xsd
    mpgw (FYI_MPG): Multistep Probe enabled
    mpgw (FYI_MPG): Request Started: memory used 155064
    stylepolicy (FYI_Routing_Policy): rule (FYI_Routing_Policy_LimitsService): selected via match 'newtest_wps_match' from processing policy 'FYI_Routing_Policy'
    Matching (newtest_wps_match): Match: Received URL [/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc] matches rule '/COMPANYLimitsServiceSecure*'
    source-https (FYI_HTTPS_FSH_IP1): Generating chunked response stream to front
    source-https (FYI_HTTPS_FSH_IP1): Found content length 210 HTTP input
    source-https (FYI_HTTPS_FSH_IP1): HTTP Transaction # 1 on this TCP connection
    source-https (FYI_HTTPS_FSH_IP1): Received HTTP/1.1 POST for /COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc from 172.20.209.47
     
  • kenhygh
    kenhygh
    2087 Posts

    Re: DataPower SSL connection to WCF/IIS/.net

    ‏2013-04-29T22:24:47Z  
    • Chris.Z
    • ‏2013-04-29T20:03:49Z

    Alright.  Here is the full log.  I have removed some private info as I figure you can never be too paranoid, right? =)

     

     

    mpgw (FYI_MPG): Response Finished: memory used 775088
    mpgw (FYI_MPG): Latency: 0 13 0 12 13 10 0 39 39 39 39 39 0 39 12 13 [https://IP:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc]
    mpgw (FYI_MPG): Latency: 0 13 0 12 13 10 0 39 39 39 39 39 0 39 12 13 [https://IP:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc]
    mpgw (FYI_MPG): Multistep Probe enabled
    mpgw (FYI_MPG): Response Started: memory used 801368
    mpgw (FYI_MPG): No match from processing policy 'FYI_Routing_Policy' - default rule selected.
    stylepolicy (FYI_Routing_Policy): No response rule is matched, the default rule is selected.
    wsgw (newtest): Response Finished: memory used 1570400
    mpgw (FYI_MPG): Selecting Backside Processing Rule Based on URL: /COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP response code 500 for 'http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc'
    wsgw (newtest): rule (newtest_error_rule): #2 results: 'generated from PIPE' completed OK.
    wsgw (newtest): Processing [Rule (newtest_error_rule), Action ('newtest_rule_0_results_1', results()), Input(PIPE), Output(NULL)] finished: memory used 2146576
    wsgw (newtest): rule (newtest_error_rule): #1 xform: 'Transforming INPUT with local:///soapFault.xsl results stored in PIPE' completed OK.
    wsgw (newtest): Processing [Rule (newtest_error_rule), Action ('newtest_rule_0_xform_1', xform(local:///soapFault.xsl)), Input(INPUT), Output(PIPE)] finished: memory used 1693032
    xmlmgr (default): xslt Compilation Request: Found in cache (local:///soapFault.xsl)
    xmlmgr (default): xslt Compilation Request: Checking cache for URL local:///soapFault.xsl
    wsgw (newtest): Stylesheet URL to compile is 'local:///soapFault.xsl'
    wsgw (newtest): Multistep Probe enabled
    wsgw (newtest): Request Finished: memory used 1113648
    wsgw (newtest): rule (newtest_error_rule): selected via match 'newtest_match_all' from processing policy 'newtest' for code '0x00d30003'
    Matching (newtest_match_all): Match: Received URL [/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc] matches rule '*'
    wsgw (newtest): Match: Received value [http://www.datapower.com/fragment-id#dp.all()] matches WSDL component type 'fragmentid' 'GetAssets'.
    wsgw (newtest): Match: Received value [http://www.datapower.com/fragment-id#dp.all()] matches WSDL component type 'fragmentid' 'GetAssets'.
    wsgw (newtest): Match: Received value [domain.com#dp.wsdlName(COMPANYLimitsWCF.wsdl)] matches WSDL component type 'fragmentid' 'GetAssets'.
    wsgw (newtest): Rejected by filter; SOAP fault sent
    wsgw (newtest): rule (newtest_request_rule): implied action Calling rule var://service/wspolicy/endpoint/configname with input INPUT and output INPUT failed: Rejected by policy.
    wsgw (newtest): request endpoint_28_3-req #3 filter: 'INPUT store:///dp/transport-check.xsl' failed: Rejected by policy.
    wsgw (newtest): Rejected by filter 'endpoint_28_3-1-1-transport-request' of rule 'endpoint_28_3-req'.
    wsgw (newtest): Execution of 'store:///dp/transport-check.xsl' aborted: Rejected by policy.
    wsgw (newtest): Invalid transport protocol
    xmlmgr (default): xslt Compilation Request: Found in cache (store:///dp/transport-check.xsl)
    xmlmgr (default): xslt Compilation Request: Checking cache for URL store:///dp/transport-check.xsl
    wsgw (newtest): Stylesheet URL to compile is 'store:///dp/transport-check.xsl'
    wsgw (newtest): rule (endpoint_28_3-req): #2 xform: 'Transforming INPUT with store:///identity.xsl results stored in DPPOLICY_SHARED_CONTEXT' completed OK.
    xmlmgr (default): xslt Compilation Request: Found in cache (store:///identity.xsl)
    xmlmgr (default): xslt Compilation Request: Checking cache for URL store:///identity.xsl
    wsgw (newtest): Stylesheet URL to compile is 'store:///identity.xsl'
    wsgw (newtest): rule (endpoint_28_3-req): #1 setvar: 'setting var://service/strict-error-mode in context INPUT to be 1' completed OK.
    wsgw (newtest): Multistep Probe enabled
    xmlmgr (default): xslt Compilation Request: Found in cache (store:///identity.xsl)
    xmlmgr (default): xslt Compilation Request: Checking cache for URL store:///identity.xsl
    wsgw (newtest): Stylesheet URL to compile is 'store:///identity.xsl'
    wsgw (newtest): Parsing document: 'http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc'
    wsgw (newtest): Multistep Probe enabled
    wsgw (newtest): Request Started: memory used 149776
    wsm-stylepolicy (newtest): rule (newtest_request_rule): selected via match 'newtest_wps_match' from processing policy 'newtest'
    Matching (newtest_wps_match): Match: Received URL [/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc] matches rule '/COMPANYLimitsServiceSecure*'
    wsgw (newtest): Match: Received value [domain.com#dp.wsdlName(COMPANYLimitsWCF.wsdl)] matches WSDL component type 'fragmentid' 'GetAssets'.
    source-http (test): WS-Proxy selected: 'newtest'. Operation 'GetAssets' matches all criteria.
    xmlmgr (default): Parsing http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc stopped on XPath match
    xmlmgr (default): Parsing document: 'http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc'
    xmlmgr (default): patterns Compilation Request: Found in cache (expr:////*[local-name()='Envelope']/*[local-name()='Body']/*)
    xmlmgr (default): patterns Compilation Request: Checking cache for URL expr:////*[local-name()='Envelope']/*[local-name()='Body']/*
    source-http (test): WS-Proxy newtest operation GetAssets matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetCustomer matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetData matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetDealer matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetEvent matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetExceptionCalculations matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetHILO matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetROC matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetSQC matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation GetSite matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation SetLimitEVENT matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation SetLimitHILO matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation SetLimitROC matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation SetLimitSQC matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): WS-Proxy newtest operation CreateAsset matches address (127.0.0.1:PORT) url (/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc). SOAP operation and Action will be evaluated.
    source-http (test): Generating chunked response stream to front
    source-http (test): Found content length 249 HTTP input
    source-http (test): HTTP Transaction # 1 on this TCP connection
    source-http (test): Received HTTP/1.1 POST for /COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc from 127.0.0.1
    mpgw (FYI_MPG): Request Finished: memory used 795064
    mpgw (FYI_MPG): Outbound HTTP on new TCP session using HTTP/1.1 to http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Compression Policy: Off, URL: /COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Header-Retention Policy:MQMD = OFF. MQMD Header = (NULL), URL: http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Header-Retention Policy: Range = OFF. Range Header = (NULL), URL: http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Header-Retention Policy: Accept-Encoding = OFF. Accept-Encoding Header = gzip,deflate, URL: http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    mpgw (FYI_MPG): HTTP Header-Retention:Header-Retention Policy: TE = OFF. TE Header = (NULL), URL: http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc
    xmlmgr (FYI_xml_mgr): Attempting TCP connect to 127.0.0.1
    mpgw (FYI_MPG): rule (FYI_Routing_Policy_LimitsService): #3 results: 'generated from INPUT' completed OK.
    mpgw (FYI_MPG): Processing [Rule (FYI_Routing_Policy_LimitsService), Action ('FYI_Routing_Policy_LimitsService_results_0', results()), Input(INPUT), Output(NULL)] finished: memory used 1348088
    mpgw (FYI_MPG): rule (FYI_Routing_Policy_LimitsService): #2 route-set: 'setting route to http://127.0.0.1:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc' completed OK.
    mpgw (FYI_MPG): Processing [Rule (FYI_Routing_Policy_LimitsService), Action ('FYI_Routing_Policy_LimitsService_route-set_0', route-set()), Input(NULL), Output(NULL)] finished: memory used 964720
    mpgw (FYI_MPG): rule (FYI_Routing_Policy_LimitsService): #1 filter: 'INPUT store:///SQL-Injection-Filter.xsl' completed OK.
    mpgw (FYI_MPG): Processing [Rule (FYI_Routing_Policy_LimitsService), Action ('FYI_Routing_Policy_LimitsService_filter_0', filter(store:///SQL-Injection-Filter.xsl)), Input(INPUT), Output(NULL)] finished: memory used 613504
    mpgw (FYI_MPG): Finished parsing: store:///SQL-Injection-Patterns.xml
    mpgw (FYI_MPG): Parsing document: 'store:///SQL-Injection-Patterns.xml'
    xmlmgr (FYI_xml_mgr): xslt Compilation Request: Found in cache (store:///SQL-Injection-Filter.xsl)
    xmlmgr (FYI_xml_mgr): xslt Compilation Request: Checking cache for URL store:///SQL-Injection-Filter.xsl
    mpgw (FYI_MPG): Stylesheet URL to compile is 'store:///SQL-Injection-Filter.xsl'
    mpgw (FYI_MPG): Parsing document: 'https://IP:PORT/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc'
    xmlmgr (FYI_xml_mgr): xsd Compilation Request: Found in cache (store:///schemas/soap-envelope.xsd)
    xmlmgr (FYI_xml_mgr): xsd Compilation Request: Checking cache for URL store:///schemas/soap-envelope.xsd
    mpgw (FYI_MPG): Multistep Probe enabled
    mpgw (FYI_MPG): Request Started: memory used 155064
    stylepolicy (FYI_Routing_Policy): rule (FYI_Routing_Policy_LimitsService): selected via match 'newtest_wps_match' from processing policy 'FYI_Routing_Policy'
    Matching (newtest_wps_match): Match: Received URL [/COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc] matches rule '/COMPANYLimitsServiceSecure*'
    source-https (FYI_HTTPS_FSH_IP1): Generating chunked response stream to front
    source-https (FYI_HTTPS_FSH_IP1): Found content length 210 HTTP input
    source-https (FYI_HTTPS_FSH_IP1): HTTP Transaction # 1 on this TCP connection
    source-https (FYI_HTTPS_FSH_IP1): Received HTTP/1.1 POST for /COMPANYLimitsServiceSecure/COMPANYLimitsWCF.svc from 172.20.209.47
     

    Chris,

    Sorry, but this has me stumped. You might need to open a PMR with IBM to get a definitive answer.

    Ken

  • Chris.Z
    Chris.Z
    70 Posts

    Re: DataPower SSL connection to WCF/IIS/.net

    ‏2013-05-21T17:11:56Z  
    • kenhygh
    • ‏2013-04-29T22:24:47Z

    Chris,

    Sorry, but this has me stumped. You might need to open a PMR with IBM to get a definitive answer.

    Ken

    So, I have opened a PMR with IBM awhile ago.  Here is what I have found out, for anyone who ever sees this thread.

    IIS adds a transport binding to the WSDL code.  Which basically checks to make sure the connection is initiated by SSL.  So in DataPower's case it makes sure you are using a valid HTTPS Front Side Handler.  We have our incoming connection with an SSL FSH to an MPG, and that MPG sends the request via a normal HTTP FSH to a WSP, which then connects to a backend via SSL.  So it was making sure our WSP had an SSL FSH, which it did not.  Makes no sense why it would care, but it does.  So if we take this transport section out of their WSDL it works, or if we make sure the service(MPG, WSP, XMLFW) connecting to this service is using an HTTPS FSH for it's incoming connections...it works.  In our case we changed our WSP FSH to SSL.  There was also an issue with the crypto profile cipher algorithm.  It wanted only the default settings.

  • shiufun
    shiufun
    75 Posts

    Re: DataPower SSL connection to WCF/IIS/.net

    ‏2013-05-21T17:23:21Z  

    Could you turn on the probe ?  It seems like you are using Security Policy -> Transport Binding, I suspect the SSL communication negotiated by the client and DP does not meet the Policy requirement.