SOAP error when consuming WSDL- unsupported security policy assertion was detected

Good evening all.   I'm working through some SOAP integration with Outsystems.   The web service in question has a .PRX certificate with password.   We imported that into the personal cert store on the server and then exported a .DER and loaded that in ServiceCenter.  

When I create an extension and try to import a WSDL I'm getting the error below.  truncated for space:


Cannot import wsdl:portType Detail: An exception was thrown in a call to a policy import extension. Extension: System.ServiceModel.Channels.SecurityBindingElementImporter Error: An unsupported security policy assertion was detected during the security policy import: <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">


Any suggestions on what I should be looking for here?

Hi Josh,

See if this post can be of any help. It explains in detail how to secure web services with client certificates and also how to call web services that require client certificates.

Regards,

Nordin

Nordin Ahdi wrote:

Hi Josh,

See if this post can be of any help. It explains in detail how to secure web services with client certificates and also how to call web services that require client certificates.

Regards,

Nordin

I reviewed that post, and those are the steps we followed with loading the certs to the front end server and service center.    But when I actually create a service module and then attempt to import the WSDL I get the security error.

Correction, the cert was a .PFX not .PRX.

Hi Josh,

I'm not sure I completely understand your issue. Did you try to consume the webservice via an extension like you mentioned in the first post or via a module like you say in your last post? In other words, does this error occur in Integration Studio or Service Studio?

Could you maybe provide some screenshots?

Regards,

Nordin

Sorry, I'm attempting to consume in a service module.   I didn't even realize we could consume a web service in Integration Studio, I'm not sure how that works but I'd like to know.


Once I click consume I get the error message in my original post.  

Hi Josh,

Check out this post to learn how to consume a web service in Integration Studio.

As for your issue, I'm not sure what is causing this. The platform has trouble with importing wsdl:portType.

There are some Unsupported Soap Use Cases mentioned in this documentation. Maybe you can check your WSDL for one of these cases.

If all fails, I'd contact OutSystems Support and send them the WSDL to analyze.

Best of luck, 

Nordin

One step forward, but now I'm stuck again.   I followed the instructions for creating an extension and importing the wsdl via Visual Studio.   However now I'm a bit stuck, the example provided has a single input and output.   My user case has 2 required inputs and 5 output fields.   

I'm not the best C# guy but it looks like the OS guide simply creates a new instance of the webservice and then assign the ssoutput to the value from calling the webservice.   When I try that I get the error below.  (I assume there is probably a way to assign them all sequentially but I can't find any information on how that is accomplished)

Any suggestions?

Josh Herron wrote:

One step forward, but now I'm stuck again.   I followed the instructions for creating an extension and importing the wsdl via Visual Studio.   However now I'm a bit stuck, the example provided has a single input and output.   My user case has 2 required inputs and 5 output fields.   

I'm not the best C# guy but it looks like the OS guide simply creates a new instance of the webservice and then assign the ssoutput to the value from calling the webservice.   When I try that I get the error below.  (I assume there is probably a way to assign them all sequentially but I can't find any information on how that is accomplished)

Any suggestions?


Did you use the WCF service in C# ? You can generate the classes and webservice automatically.

I did this a few months ago. Also, if you are not experienced with C#, perhaps try to find a project similar to yours on github. That can save you alot of work ;)


Hi Josh,


We are running into the same problem on our project trying to call a webservice where the body and timestamp need to be signed with an X509 token.

Both in Service Studio as in a separate .NET application we get the following error when trying to import our wsdl:

Cannot import wsdl:port
Detail: There was an error importing a wsdl:binding that the wsdl:port is dependent on.
XPath to wsdl:binding: //wsdl:definitions[@targetNamespace='http://???.??/???/???']/wsdl:binding[@name='?SoapBinding']
XPath to Error Source: //wsdl:definitions[@targetNamespace='http://???.??/???/???']/wsdl:service[@name='?Service']/wsdl:port[@name='LocalEchoPort']
Cannot import wsdl:binding
Detail: An exception was thrown in a call to a policy import extension.
Extension: System.ServiceModel.Channels.SecurityBindingElementImporter
Error: An unsupported security policy assertion was detected during the security policy import: <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256 /></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Lax /></wsp:Policy></sp:Layout><sp:IncludeTimestamp /><sp:OnlyS...
XPath to Error Source: //wsdl:definitions[@targetNamespace='http://???.??/???/???']/wsdl:binding[@name='EchoSoapBinding']


Did you manage to get this working?  Maybe you have some pointers for us?


Best regards,

Steven

Does  Outsystems generate the methods despite of the error?

If not, you can try 2 things:

- Edit your wsdl so that it will get accepted and generates the service in Outsystems. This is only step1, because ofcourse you will not be able to get it to work like this.After this you can add a custombinding ( you have to build in .NET) and add it to the OnBeforeRequestAdvanced event of the generated webservice.


- You can build the entire webservice in .NET. Try to import the wsdl with the AddService wizard.


There are many examples of how to do either option 1 or 2. Send me PM if you don't have a clue what i just wrote :)


Steven, we never did get it to work.   Time was running out on the project so we handed it off the the Mulesoft team so they could build the connection on their end.   I had gotten to a point where I had edited the WSDL, removing the references to the X509 token and Outsystems would consume it and create the methods.   Then we got stuck trying to get the keystore imported and working on our application server.   (I'm not a big fan of SOAP)

https://success.outsystems.com/Documentation/11/Extensibility_and_Integration/SOAP/Consuming_SOAP_Web_Services/Use_Advanced_Extensibility

This is how you might have been able to fix your problem Josh.


Last year i built the entire connection of a X509 client server in .Net. This was in OS10. OS11 however, has more options that enabled me to rebuild the connection. I now use SOAP in OS and added the binding-function (extension) in the onadvanced event. This worked just fine.

There still are some unsupported Use cases though:

https://success.outsystems.com/Documentation/11/Extensibility_and_Integration/SOAP/Consuming_SOAP_Web_Services/Unsupported_SOAP_Use_Cases