无效的WS安全标头-IRS ACA SOAP请求 [英] Invalid WS Security Header - IRS ACA SOAP Request
问题描述
我正在从IRS提交 RequestSubmissionStatusDetail
请求.
这是我的问题.将以下文档提交给IRS时,我总是会收到无效的WS安全性标头".我不知道我的请求的哪一部分导致提交失败.
我指的是
这是因为使用了绑定(wsHttpBinding):
<端点地址=" binding ="wsHttpBinding" bindingConfiguration ="httpsBindingService" contract ="Namespace.Contract"/>
我强烈建议您不要使用wsHttpBinding路由,而应该使用更标准的basicHttpsBinding路由(如果您控制服务).这有很多问题,尤其是当您有Java客户端(使用Eclipse)连接到服务时.
<端点地址=" binding ="basicHttpsBinding" bindingConfiguration ="DefaultHttpsBinding" contract ="Namespace.Contract"/>
I'm in the process of submitting a RequestSubmissionStatusDetail
request from the IRS.
Here's my problem. When submitting the following document to the IRS, I always get "Invalid WS Security Header". I do not know which part of my request is responsible for this submission not to be successful.
I'm referencing the following PDF (example code starts on page 35):
I've written the code in both VB and C#. I've intercepted the request with Fiddler, and also used Altova XMLSpy to send raw XML requests to the IRS endpoint.
Here's the code, pretty much line by line from the PDF, minus the key and the TCC.
POST https://la.www4.irs.gov/airp/aca/a2a/1095BC_Status_Request_AATS2016 HTTP/1.1
Content-Type: text/xml; charset=utf-8
VsDebuggerCausalityData: uIDPo1urdU71mo5BnU/TZ/Ji3p0AAAAAddUwh6B4CU6+F/jOewcN7JE6Ql8n+R1PofxFBfDEEg4ACQAA
SOAPAction: "RequestSubmissionStatusDetail"
Host: la.www4.irs.gov
Content-Length: 4044
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
<soapenv:Envelope xmlns:oas1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:us:gov:treasury:irs:msg:irstransmitterstatusrequest" xmlns:urn1="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:urn2="urn:us:gov:treasury:irs:common" xmlns:urn3="urn:us:gov:treasury:irs:msg:acasecurityheader">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature Id="SIG-82E7E6716E615C14D6144736030986660" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#TS-82E7E6716E615C14D6144736030986559">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="wsse wsa oas1 soapenv urn urn1 urn2 urn3" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>sgPiL73lIwOppVKHHUFkuWDEcLM=</ds:DigestValue>
<!-- DigestValue from Timestamp -->
</ds:Reference>
<ds:Reference URI="#id-82E7E6716E615C14D6144736030986558">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="wsa oas1 soapenv urn1 urn2 urn3" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>S3OdSc3rZ8V1egoyPGzi31n8gq8=</ds:DigestValue>
<!-- DigestValue from ACABusinessHeader -->
</ds:Reference>
<ds:Reference URI="#id-82E7E6716E615C14D6144736030986559">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="oas1 soapenv urn1 urn2 urn3" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>wOSkrI5NmQ5i5/wgjNEIoNODy+A=</ds:DigestValue>
<!-- DigestValue from ACABulkRequestTransmitterStatusDetailRequest -->
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ddLCWffcBk5/PxqnJLMUM9lWWYWX7ucKQ4vPvM/qEj9IkJ0SVDytcjn0Az9Cge0nxOHI0NWCtAzbWzcUjHtUgt8A4rnxTTShQbIP3hPIX5UghS/Y6OEvOq8RvXL1S3R8nhX/nPrQSoPq6SpEz2HKq/ST5OrsstMvSpM0hCCinEKeLmLqkjfZw5wZVEeNwQIjghcsqQe7Q9crYhgdDwuvtixcoLw0JCgCiMr9yCmFsV4X+CklPuu4/bMUcuipE5fnSpqoZ6Sxp+UFlF3yzMXH6hKFRO7LRsXtwStN1kBwPJW5iPZ6b+X0Zlrc7gYTg1dHi3kcm3gLCRQ9ou+fZa7jnQ==</ds:SignatureValue>
<ds:KeyInfo Id="KI-82E7E6716E615C14D6144736030986456">
<wsse:SecurityTokenReference wsu:Id="STR-82E7E6716E615C14D6144736030986457">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile1.0#X509v3">
removed
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-82E7E6716E615C14D6144736030985954">
<wsu:Created>2016-01-07T20:31:49.859Z</wsu:Created>
<wsu:Expires>2016-01-07T23:01:49.859Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<urn:ACABusinessHeader wsu:Id="id-82E7E6716E615C14D6144736030986558" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<urn1:UniqueTransmissionId>d4121eb6-29e8-4ebe-a485-0b2bf55fcb67:SYS12:XXXXX::T</urn1:UniqueTransmissionId>
<urn2:Timestamp>2016-01-07T15:31:49Z</urn2:Timestamp>
</urn:ACABusinessHeader>
<urn3:ACASecurityHeader />
<wsa:Action>RequestSubmissionStatusDetail</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<urn:ACABulkRequestTransmitterStatusDetailRequest version="1.0" wsu:Id="id-82E7E6716E615C14D6144736030986559" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<urn1:ACABulkReqTrnsmtStsReqGrpDtl>
<urn2:ReceiptId>1094B-15-99700283</urn2:ReceiptId>
</urn1:ACABulkReqTrnsmtStsReqGrpDtl>
</urn:ACABulkRequestTransmitterStatusDetailRequest>
</soapenv:Body>
</soapenv:Envelope>
If you want to connect to WS heading in SOAPUI you need to set:
This is because of the bindings used (wsHttpBinding):
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="httpsBindingService" contract="Namespace.Contract"/>
I would strongly suggest not going the wsHttpBinding route but rather the more standard basicHttpsBinding route (If you control the service). The are many issues especially if you have java clients (Using Eclipse) connecting to your services.
<endpoint address="" binding="basicHttpsBinding" bindingConfiguration="DefaultHttpsBinding" contract="Namespace.Contract" />
这篇关于无效的WS安全标头-IRS ACA SOAP请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!