Topic
  • 3 replies
  • Latest Post - ‏2012-11-26T22:14:43Z by Sri_XI50
SystemAdmin
SystemAdmin
6772 Posts

Pinned topic What happens if you apply WS-Security to a WSProxy?

‏2009-04-06T23:32:21Z |
Hi,

I know that the later versions of the XI50 firmware have the capability to "attach" of "apply" policy templates to a WSProxy (e.g., requiring signing).

I was wondering, when this capability is enabled/used (e.g., if one of the canned policies on the XI50 are "applied"), and if an incoming message doesn't "meet" the requirements configured for a WSProxy, does the "Policy" (e.g., a AAA Policy) associated with the WSProxy still get processed?

Thanks,
Jim
Updated on 2012-11-26T22:14:43Z at 2012-11-26T22:14:43Z by Sri_XI50
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: What happens if you apply WS-Security to a WSProxy?

    ‏2009-04-07T11:41:38Z  
    Hi,

    For the record, I was able to configure a test setup that has a WS-Policy attachment on a WSProxy, and when the WS-Policy is set for "filter" (vs. "enforce"), it appears that the WSProxy rejects the message at that point, and processing does not proceed further (e.g., to a AAA Policy that I also had configured in the WSProxy.

    Jim
  • zachahuy83
    zachahuy83
    45 Posts

    Re: What happens if you apply WS-Security to a WSProxy?

    ‏2012-11-22T02:36:29Z  
    Hi,

    For the record, I was able to configure a test setup that has a WS-Policy attachment on a WSProxy, and when the WS-Policy is set for "filter" (vs. "enforce"), it appears that the WSProxy rejects the message at that point, and processing does not proceed further (e.g., to a AAA Policy that I also had configured in the WSProxy.

    Jim
    Hi,

    What firmware version are you using? I am currently using 4.0.2.6 and it setup to enforce, but it reject right away. Here is the log:

    0x00d30003 wsgw (WSP_COImmunization_WSPOLICYTest): Rejected by filter; SOAP fault sent
    0x80c00008 wsgw (WSP_COImmunization_WSPOLICYTest): rule (WSP_COImmunization_WSPOLICYTest_default_request-rule): implied action Calling rule var://service/wspolicy/service/configname with input INPUT and output INPUT failed: Rejected by policy.
    0x80c00009 wsgw (WSP_COImmunization_WSPOLICYTest): request service_38_2-req #2 filter: 'INPUT store:///dp/required-encrypted-element.xsl' failed: Rejected by policy.
    0x80c00078 wsgw (WSP_COImmunization_WSPOLICYTest): Rejected by filter 'service_38_2-1-check-original-msg-request-rule' of rule 'service_38_2-req'.
    0x80c00010 wsgw (WSP_COImmunization_WSPOLICYTest): Execution of 'store:///dp/required-encrypted-element.xsl' aborted: Rejected by policy.
    0x8060020d wsgw (WSP_COImmunization_WSPOLICYTest): Message is not encrypted
    0x80c0004e wsgw (WSP_COImmunization_WSPOLICYTest): Stylesheet URL to compile is 'store:///dp/required-encrypted-element.xsl'
    0x80c00002 wsgw (WSP_COImmunization_WSPOLICYTest): rule (service_38_2-req): #1 setvar: 'setting var://service/strict-error-mode in context INPUT to be 1' completed OK.
  • Sri_XI50
    Sri_XI50
    23 Posts

    Re: What happens if you apply WS-Security to a WSProxy?

    ‏2012-11-26T22:14:43Z  
    Hi,

    What firmware version are you using? I am currently using 4.0.2.6 and it setup to enforce, but it reject right away. Here is the log:

    0x00d30003 wsgw (WSP_COImmunization_WSPOLICYTest): Rejected by filter; SOAP fault sent
    0x80c00008 wsgw (WSP_COImmunization_WSPOLICYTest): rule (WSP_COImmunization_WSPOLICYTest_default_request-rule): implied action Calling rule var://service/wspolicy/service/configname with input INPUT and output INPUT failed: Rejected by policy.
    0x80c00009 wsgw (WSP_COImmunization_WSPOLICYTest): request service_38_2-req #2 filter: 'INPUT store:///dp/required-encrypted-element.xsl' failed: Rejected by policy.
    0x80c00078 wsgw (WSP_COImmunization_WSPOLICYTest): Rejected by filter 'service_38_2-1-check-original-msg-request-rule' of rule 'service_38_2-req'.
    0x80c00010 wsgw (WSP_COImmunization_WSPOLICYTest): Execution of 'store:///dp/required-encrypted-element.xsl' aborted: Rejected by policy.
    0x8060020d wsgw (WSP_COImmunization_WSPOLICYTest): Message is not encrypted
    0x80c0004e wsgw (WSP_COImmunization_WSPOLICYTest): Stylesheet URL to compile is 'store:///dp/required-encrypted-element.xsl'
    0x80c00002 wsgw (WSP_COImmunization_WSPOLICYTest): rule (service_38_2-req): #1 setvar: 'setting var://service/strict-error-mode in context INPUT to be 1' completed OK.
    Hi,

    I have one question on the message that gets rejected.

    Assume that the message didn't meet the criteria set in the policy and was set to reject. We can give some custom string to showup in the soap fault. But is there a way to control the soap fault ? I mean, if I want to return a soap fault with some name and code in it, can I do that ?

    Thanks.