I've got service to load test which uses WS security to authenticate requests. I've followed the steps mentioned here - https://www.blazemeter.com/blog/running-soap-ws-security-load-tests-in-jmeter but my server under test failed with below error.
Jmeter Version: 3.2 r1790749
My configurations:
Request:
<soapenv:Header xmlns:wsa05="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="true"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-c0365a42-c4e4-49e1-94ce-6da57c4d8b60">MIIEkDCCAnigAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBtDEcMBoGA1UEChMTTWluaXN0cnkgT2YgSnVzdGljZTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEmNhQGp1c3RpY2UuZ292dC5uejETMBEGA1UEBxMKV2VsbGluZ3RvbjETMBEGA1UECBMKV2VsbGluZ3RvbjELMAkGA1UEBhMCTloxGDAWBgNVBAMTD2p1c3RpY2Uucm9vdC5jYTAeFw0xODA5MTgyMDA4NDVaFw0yMDA5MTcyMDA4NDVaMGkxCzAJBgNVBAYTAk5aMRMwEQYDVQQIEwpXZWxsaW5ndG9uMRwwGgYDVQQKExNNaW5pc3RyeSBPZiBKdXN0aWNlMQwwCgYDVQQLEwNlc2IxGTAXBgNVBAMTEHBvbGljZS5jZXJ0LnRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMz5pr26tmQRVbXOQxkfrDbZKMcmbHhqKVnktVCoL40trNiLYM6SdytVS0wQDJOsa9NdZe8Ce/Rw69aQoSnbrL03fvuKNlde/eb/PYaNrHBHqIKwxNuG4+19tBnDjqYuH/NOmdRlhUKxeSOfLJ/e7PhM3lJIPvINVIEGoNPFqSvdAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRvQzQCT/NTmAYVZk1zPzsxfohTPTAfBgNVHSMEGDAWgBQM79E9i5D6jlawyd11tMYGl9JMvTANBgkqhkiG9w0BAQUFAAOCAgEAUYvCGT8yzWS+Jx+zCS8r5XBa3n+u/+b5aoacQHgRkF19mc7TCaxJux1qfoY02QqEQfixXSZMdTLmXhumoqt0A8nvgUI9d2OElKzVv5l6m+lmzB+eZKzLTi4v9TjXKjAaCvofF7OInZ/yeoc12EU8tVLmSdgrGShOwnraOWHkaWkg5J7FaqDmRrVg1wNKcfzV5f1EUIEmnY/J71n9JpuYCBYaKyPGuxmmSDmeO/GAyE8UGlmhtf1L7URkCSrDU2NMQA3Kq7xqsUbs5gsPd/sQe03RDehu+Va/8stIGP9uu+ek1VM3P1x1x70n64RPdP3tQg0zAaFWc5aOi1a5xO6YsUOzQT2HOf6K7syg1YOyDfuCUK6BWL1aOoV2snHYqienuAJnDKDcYSrcyjt0Cp8qP0pmWMNV5ZjWGoU6CPOuY0VCnoKwffnER4I7Vx4DV+DUp2jQc5e4rMo6vucW4hzhdS3jKyiOi3on6vQU978Rw+enrYItFAvOL7KAJVQoTZ7ZWZqsswstdqvNtg75Hljb+guYkr1+jpZcjwWII5RyqWbyIvZgYHTw2CpAgtm9OS4vW+Cbtgus3154qYp9UNZSXXzO+K2gqS0mPSNeJ7W794tbGbzQ2yCDqQ9VUZE4mHEivs9cn6oE3KPTEwHH8J9mByxbgSbK82hFdxoVGvTujr4=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-91db268d-ad9c-4279-b2b7-5b2a2f274c81"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-128"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8c1zFU59JNzfJ3AbXTxn+jC46ZU=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-129"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>6WpWJAk7NdlgtPH6LzKvcHV2S1s=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-130"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>BVLT6+H8s/VW+D1olbM3yQrRI+Q=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-131"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>vc7yU0o3VGsjI8iIJIQTH5vA1A4=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-d6f07fd3-1b3a-4c55-a668-f8d2464c6dd8"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>lBydSuIFHgWDOLds34mVNmHC//4=</ds:DigestValue></ds:Reference><ds:Reference URI="#TS-ee20684a-6b4c-4207-a67a-9245f0c3e19f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05 wsse"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>nFiaKa8fMrSxHLhKL8B2BV2ujjU=</ds:DigestValue></ds:Reference><ds:Reference URI="#Timestamp-69"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05 wsse"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>cJD//Tj+XcnZfn0tG1NMRISS45M=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-dd30423a-5490-498f-b2de-2dbe34c1d1e8"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="jus soapenv wsa05"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>obSOseNPR/F9wWfpxucQ+oHyXKc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>NdtPrzlN/aExQhiklnPWR2ZmfgokKQ5e46Xor2LhYNB/o4vs5GfBb2zM87IsincbWYlbu8ggGSiZ1cMRz+Sj2ssovB5cKO+FzLkF0TaCIYqtbf434n+xlrDowhfh21vDICY0dl8uLGqU6MoznZDpLYQ10q6gM0grDbTmMbl++TE=</ds:SignatureValue><ds:KeyInfo Id="KI-7684c7f7-1cba-4f7a-b684-21459c4b937a"><wsse:SecurityTokenReference wsu:Id="STR-34ab6a5b-28dc-4cfc-9773-bc4e94a0bffe" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#X509-c0365a42-c4e4-49e1-94ce-6da57c4d8b60" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp wsu:Id="TS-ee20684a-6b4c-4207-a67a-9245f0c3e19f"><wsu:Created>2019-02-21T03:54:08.894Z</wsu:Created><wsu:Expires>2019-02-21T20:34:08.894Z</wsu:Expires></wsu:Timestamp>
<wsu:Timestamp wsu:Id="Timestamp-69" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2019-02-21T03:02:11.297Z</wsu:Created>
<wsu:Expires>2019-02-25T19:42:11.297Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa05:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-129">REMOVED</wsa05:To>
<wsa05:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-131">REMOVED</wsa05:Action>
<wsa05:From xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-128">
<wsa05:Address>PoliceNIA</wsa05:Address>
</wsa05:From>
<wsa:ReplyTo xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="id-dd30423a-5490-498f-b2de-2dbe34c1d1e8">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa05:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-130">001</wsa05:MessageID>
Jmeter Message Signer configurations Screenshot:
Update Jmeter Message Signer with Binary Security Token to sign
Server Error:
--- Error message: oracle.wsm.security.SecurityException: WSM-00081 : The X.509 certificate is not signed. at oracle.wsm.security.policy.scenario.processor.Wss10X509TokenProcessor.verify(Wss10X509TokenProcessor.java:415) at oracle.wsm.security.policy.scenario.executor.Wss10MutualAuthWithCertsScenarioExecutor.receiveRequest(Wss10MutualAuthWithCertsScenarioExecutor.java:147) at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:662) at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:44) at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:526) at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:438) at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:385)
There was a limitation in plugin version1.6. Snapshot 1.7 version has been released to fix this issue. Thanks to the author for fixing this in no time.
Updated Snapshot can be downloaded from there - https://github.com/tilln/jmeter-wssecurity/releases/tag/1.7-SNAPSHOT
Issue logged in Github - https://github.com/tilln/jmeter-wssecurity/issues/21
