We have a situation where we get the below error , but i am not sure why it is saying Failed Authentication as we are not using any username or password.
I have checked with the certificates and they are ok . One thing interesting was the line which says SIG_KEY_INFO should contain only one child. Other live partners are able to use the same singature and keyinfo format with no issues.
My Key info looks like below :
xxxx certificate value xxxxx
Actual Error :
The signature in the Security header intended for the "ebms" SOAP actor, could not be validated by the Security module.
BSP:R5402: Any SIG_KEY_INFO MUST contain exactly one child element
Any help on this is much appreciated.
Harish S S
ok, I figured out the meaning. For these kind of errors please always have a look at
The "BSP:R5402" part of the error message means: Basic Security Profile Issue R5402. This is in this case:
9.8.1 Exactly One KeyInfo Child Element
R5402 Any SIG_KEY_INFO MUST contain exactly one child element.
Means for example the error
"BSP:R5417: Any SIG_KEY_INFO MUST contain a SECURITY_TOKEN_REFERENCE child element"
would refer to the section "R5417" which is:
9.8.2 SecurityTokenReference Mandatory
The ds:KeyInfo element allows for many different child elements. The Profile mandates a single element, wsse:SecurityTokenReference, which is needed to reference security tokens.
R5417 Any SIG_KEY_INFO MUST contain a SECURITY_TOKEN_REFERENCE child element.
<ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
Means your partner has to implement the BasicSecurityProfile-1.1 in a proper way and then it should work.