NetIQ NIDP STS service runs into a JAVA exception on running a SOAP1.1 request

  • 7022007
  • 05-Oct-2017
  • 05-Oct-2017

Environment

  • Access Manager 4.3
  • Access Manager Version 4.3 NIDP Server

Situation

  • The "https://nam.kgast.local/nidp/wstrust/sts?wsdl" defines the following SOAP binding:- Access Manager

    <wsdl:binding name="STS_Binding" type="tns:SecurityTokenService">
       <wsp:PolicyReference URI="#STS_Policy"/>
        <soap:binding
         style="document"
         transport="http://schemas.xmlsoap.org/soap/http"/>
         <wsdl:operation name="Issue">

    http://schemas.xmlsoap.org/soap/http/
    ==============================================================
    http://schemas.xmlsoap.org/soap/http is the WSDL 1.1 binding for the SOAP 1.1 HTTP binding.
    ==============================================================

  • According to the definition requests should use the SOAP 1.1 binding which will fail at the NIDP server causing a JAVA exception:
    --------------------------------------------------------------
    Jan 12, 2017 5:17:28 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube processRequest
    SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
    com.sun.xml.ws.protocol.soap.VersionMismatchException: Couldn't create SOAP message. Expecting Envelope in namespace http://www.w3.org/2003/05/soap-envelope, but got http://schemas.xmlsoap.org/soap/envelope/
    --------------------------------------------------------------

  • Running the same request by using a SOAP 1.2 Bindings works without any problems

Resolution

IMPORTANT:Starting from Access Manager 4.0 SP1 release, the default binding supported is SOAP 1.2. If you want to use SOAP 1.1 instead, perform the following steps on all instances of the Identity Server:

Traverse to the /opt/novell/nam/idp/webapps/nidp/WEB-INF folder and edit the sun-jaxws.xml file. Remove all instances of bindings from the endpoints in the sun-jaxws.xml file and save the changes. A binding is represented by the following line in this file:

binding="http://java.sun.com/xml/ns/jaxws/2003/05/soap/bindings/HTTP/"
Restart the Identity Server using the /etc/init.d/novell-idp restart command.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.