My case is the following : I have WSO2 data services Unsecured, and I would like to enable WSS basic authentication (Username + password) (running on WSO EI 6.4.0)
In order to do it, I simply added the following in my data_service, and it is now correctly displayed as Secured.
<policy key="conf:repository/components/org.wso2.carbon.security.mgt/policy/scenario1"/>
<enableSec/>
But my issue is the following : I can't make the call to this service work. No matter what I do, I always have the same response from the web service :
<soapenv:Fault xmlns:axis2ns68="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>axis2ns68:FailedAuthentication</faultcode>
<faultstring>The security token could not be authenticated or authorized</faultstring>
<detail/>
</soapenv:Fault>
I am trying from SOAP UI, and I tried the following :
I also tried with the "try it" included in WSO2 : exact same issue.
I've read all the WSO2 logs (wso2carbon, wso2error, ...), and there is the same information as in the SOAP Fault, with a few additional lines from the Java stack, but completely useless
PS : I already did the same with an older version (WSO Data Service Server) and I had no issues at all, I followed all the new documentation, but I also found many Jira ticket open in the WSO2 EI open source project raising issues about this error returned "no matter what is the root cause"
I finally found the solution. The default policies provided by WSO2EI cannot work as is (it worked as is in WSO2 DSS) :
The following section about the user / group authorization need to be added to the security policy :
<sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
<sec:Authorization>
<sec:property name="org.wso2.carbon.security.allowedroles">Internal/everyone,test</sec:property>
</sec:Authorization>
</sec:CarbonSecConfig>