Environment
- Access Manager 4.3
- Access Manager Version 4.3 NIDP Server
Situation
- The "https://nam.kgast.local/nidp/wstrust/sts?wsdl" defines the following SOAP binding:- Access Manager
<wsdl:binding name="STS_Binding" type="tns:SecurityTokenService">
<wsp:PolicyReference URI="#STS_Policy"/>
<soap:binding
style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="Issue">
http://schemas.xmlsoap.org/soap/http/
==============================================================
http://schemas.xmlsoap.org/soap/http is the WSDL 1.1 binding for the SOAP 1.1 HTTP binding.
============================================================== - According to the definition requests should use the SOAP 1.1 binding which will fail at the NIDP server causing a JAVA exception:
--------------------------------------------------------------
Jan 12, 2017 5:17:28 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube processRequest
SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
com.sun.xml.ws.protocol.soap.VersionMismatchException: Couldn't create SOAP message. Expecting Envelope in namespace http://www.w3.org/2003/05/soap-envelope, but got http://schemas.xmlsoap.org/soap/envelope/
-------------------------------------------------------------- - Running the same request by using a SOAP 1.2 Bindings works without any problems
Resolution
IMPORTANT:Starting from Access Manager 4.0 SP1 release, the default binding supported is SOAP 1.2. If you want to use SOAP 1.1 instead, perform the following steps on all instances of the Identity Server:
Traverse to the /opt/novell/nam/idp/webapps/nidp/WEB-INF folder and edit the sun-jaxws.xml file. Remove all instances of bindings from the endpoints in the sun-jaxws.xml file and save the changes. A binding is represented by the following line in this file:
binding="http://java.sun.com/xml/ns/jaxws/2003/05/soap/bindings/HTTP/"
Restart the Identity Server using the /etc/init.d/novell-idp restart command.
Traverse to the /opt/novell/nam/idp/webapps/nidp/WEB-INF folder and edit the sun-jaxws.xml file. Remove all instances of bindings from the endpoints in the sun-jaxws.xml file and save the changes. A binding is represented by the following line in this file:
binding="http://java.sun.com/xml/ns/jaxws/2003/05/soap/bindings/HTTP/"
Restart the Identity Server using the /etc/init.d/novell-idp restart command.