Calling Microsoft CRM 2011 On-premise web service with CXF

StackOverflow https://stackoverflow.com/questions/23545851

Question

I am attempting to integrate a Java application with our on-premise Microsoft CRM 2011 using its native web-services.

My offset is the description in this blog post and my code does not differ much, but I am now stuck with a org.apache.ws.security.WSSecurityException: The signature or decryption was invalid

I am able to retrieve both TGT and service ticket from Active Directory and gets a Krb5Context created before the web-service is called and CXF fails on the response - which appears to be an error, but as it cannot be decrypted, it is not helpful in diagnosing the problem. (The full stack-trace and SOAP-response is included below.)

I am using CXF version 2.7.11, although I have also tried a number of other versions to see if that made any difference.

My biggest concern is probably, whether the Kerberos configuration is correct, as it is hard to find good documentation of the requirements for this.

My code:

System.setProperty("java.security.auth.login.config", "crm-integration/src/main/resources/login.conf");
System.setProperty("java.security.krb5.conf", "crm-integration/src/main/resources/krb5.conf");

OrganizationService service = new OrganizationService(new URL("http://192.168.20.88/XRMServices/2011/Organization.svc?singleWsdl"));
IOrganizationService port = service.getPort(IOrganizationService.class);

Client client = ClientProxy.getClient(port);
Bus bus = ((EndpointImpl) client.getEndpoint()).getBus();
bus.getProperties().put("soap.no.validate.parts", true);
PolicyInterceptorProviderRegistry policyInterceptorProviderRegistry = bus.getExtension(PolicyInterceptorProviderRegistry.class);
policyInterceptorProviderRegistry.register(new XRMAuthPolicyProvider());

HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = http.getClient();
httpClientPolicy.setAllowChunking(false);

//Enable logging - remove when solution is working
System.setProperty("sun.security.krb5.debug", "true");
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());

// Kerberos service provider name, e.g. RestrictedKrbHost/<computer-name>
String spn = "RestrictedKrbHost/CRM.CRMTEST.LOCAL"; //ServicePrincipalName for CRM-server
// Kerberos JAAS client as configured in login.conf
String jaasClient = "spnego-client";
// Active Directory username and password
CallbackHandler callbackHandler = new NamePasswordCallbackHandler(username, password);

client.getRequestContext().put("ws-security.kerberos.jaas.context", jaasClient);
client.getRequestContext().put("ws-security.kerberos.spn", spn);
client.getRequestContext().put("ws-security.callback-handler", callbackHandler);
client.getRequestContext().put("ws-security.spnego.client.action", new XRMSpnegoClientAction());

OrganizationRequest request = new OrganizationRequest();
request.setRequestName("WhoAmI");
port.execute(request);

My login.conf:

spnego-client {
 com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true;
};

And my krb5.conf:

[libdefaults]
 default_realm = CRMTEST.LOCAL
 default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1
 default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1
 permitted_enctypes   = aes128-cts rc4-hmac des3-cbc-sha1

[realms]
 CRMTEST.LOCAL = {
 kdc = 192.168.1.86
 default_domain = crmtest
}

[domain_realm]
 crmtest = CRMTEST.LOCAL

Stack-trace:

[main] WARN org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {http://schemas.microsoft.com/xrm/2011/Contracts/Services}OrganizationService#{http://schemas.microsoft.com/xrm/2011/Contracts/Services}RetrieveMultiple has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:852)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327)
    at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:121)
    at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:106)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:845)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1624)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1513)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318)
    at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
    at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:223)
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632)
    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
    at com.sun.proxy.$Proxy46.retrieveMultiple(Unknown Source)
    at integration.crm.Main.main(Main.java:68)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
    at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)
    at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
    ... 26 more
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The signature or decryption was invalid
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)
    at com.sun.proxy.$Proxy46.retrieveMultiple(Unknown Source)
    at integration.crm.Main.main(Main.java:68)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
    at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)
    at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
    at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:121)
    at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:106)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:845)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1624)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1513)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318)
    at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
    at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:223)
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632)
    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
    ... 7 more

SOAP-response:

[main] INFO     [main] INFO org.apache.cxf.services.OrganizationService.CustomBinding_IOrganizationService.IOrganizationService - Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: application/soap+xml; charset=utf-8
Headers: {Cache-Control=[private], Content-Length=[10199], content-type=[application/soap+xml; charset=utf-8], Date=[Thu, 08 May 2014 14:58:59 GMT], Server=[Microsoft-IIS/7.5], Set-Cookie=[ReqClientId=a888fa05-b125-41b1-a9f6-06e92e435c85; expires=Thu, 08-May-2064 14:58:59 GMT; path=/; HttpOnly], X-AspNet-Version=[4.0.30319], X-Powered-By=[ASP.NET]}
Payload: 
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"
            xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1" u:Id="_4">
            http://schemas.microsoft.com/xrm/2011/Contracts/Services/IOrganizationService/RetrieveMultipleOrganizationServiceFaultFault
        </a:Action>
        <a:RelatesTo u:Id="_5">urn:uuid:d83d2351-fd16-45c2-8190-62a54d9ee3f3</a:RelatesTo>
        <ActivityId CorrelationId="f6a77d88-163d-4d95-9b65-dc072d787bf4" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">
            00000000-0000-0000-0000-000000000000
        </ActivityId>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="uuid-ce5d195c-8146-4470-b58a-c0bc8d6cc591-74">
                <u:Created>2014-05-08T14:58:59.549Z</u:Created>
                <u:Expires>2014-05-08T15:03:59.549Z</u:Expires>
            </u:Timestamp>
            <c:DerivedKeyToken u:Id="_0" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
                <o:SecurityTokenReference>
                    <o:Reference URI="urn:uuid:dceef0c2-c68c-49a4-b42c-4e8a26a78e5d" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
                </o:SecurityTokenReference>
                <c:Offset>0</c:Offset>
                <c:Length>24</c:Length>
                <c:Nonce>Mjov1pR34KbNLmxQScRTDA==</c:Nonce>
            </c:DerivedKeyToken>
            <c:DerivedKeyToken u:Id="_1" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
                <o:SecurityTokenReference>
                    <o:Reference URI="urn:uuid:dceef0c2-c68c-49a4-b42c-4e8a26a78e5d" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
                </o:SecurityTokenReference>
                <c:Nonce>Rblzft4LnWG8FZRZQhxgRQ==</c:Nonce>
            </c:DerivedKeyToken>
            <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:DataReference URI="#_3"/>
                <e:DataReference URI="#_6"/>
            </e:ReferenceList>
            <e:EncryptedData Id="_6" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <o:SecurityTokenReference>
                        <o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" URI="#_1"/>
                    </o:SecurityTokenReference>
                </KeyInfo>
                <e:CipherData>
                    <e:CipherValue>
                        2zAyOFrkgBYFNVCpkxOLVQ5TY3BCrnjpeKG9tPLHQ/BgkRgV72hzI8Pt3J1BGpRSjkUB0EcgktZuRyhdaW45Z/Nw/T/s4KGOeeFmhcz1FaY/oxjYtowDG1QRYHWzYWQXzLx5wREgDQahCZigHvHVo3QzpWgu245ds0RIz64F1PPjZp8IMADUW8tUjeNNiaYfmvlfD/dYaE405bbXtjsGPglh54WCTwb1UGuxwosO7xAN9c1bg0irHtfr6FuGaWghc00a+cI/mvlx9YjALvMHOGFe3Xyr2S4sSLVxtCVvWvu24kFT/xTcsSUMfKZg6RRmHcuROB7QnwMlfoAhT3v2JOjCBuamCobOfnO5gNmV2WafQTbPBKCRoG07HWQkqx2GwCJj0Akm2iysJqLnFSRHdyK9PLxNkTxZBvXQOBg9hYgwubAkHmOtQL9lODbirIynDJsXPdT7NbrA4vEhrYYWHhEr72Gm0tHpqRllRgGelHS7jLmDLzvYai/tG7ZjH6u8AkNvY2G+OA5HBuiRwpUWsWy1Wo1yaDgqU4iAoAdkIA7PFpQvYVWTDr0x2Bq0knphPL34wI/3z6X7Lhijeje5c3MjXPxODs2s93w+e4WLCCKxROgOTSaTdnkfbCTUr39VZNg5pYRGEd0t7W571nrH0G8o2bcbrJdUp43d00lAGonhCWSjuvZ1zjKbAcpJYt8C1ts02cnlFM3et5ovXVPODAiPqqZQnFGgOB2QOSGU6JpjAWDUOaasuUQF0TPi8H4x84X2Ys42/rjQrV5MSBzTKetE/G2qsW3l9N+KYAM7RETlXDtMA0ObhseVD/iMHRe+hDV3vWPyinutjTNV75Zydixb9qnetXtLkUjR7A5Vf6iSJdaDrR/5lJY3+uN6C1TxDRUgzvh/gNyFpOSeffa7UV4Y6wiEGlkSI7zEoFY0JbUAJ618luDV+2vVDgkidWQOkyYEm+jayaPqLvn+lEgI+jtepDq6z+chduwKOpoVIj16L0f3ubfNAdqoszNDmLnJGLxt88N7Un0qnhPp9M5HJxdWDU6CNo32AwLiOuHcoI7YNQRNLyPGzbdNQtr7qee7ppTN1dXHaDJk20vsnjiCf+sfMvI8l8VfRg3YCRqb5uWZD7FCUX99b8/Ie6bG3A+ELIOucjOiOt35GDxXORqUCQV3p8rm7he4jePMlBDa004dg6hSUsQwxvM0aSS3H6rWYCbHfkQEKZVuTDeBBbVOao+JbIbZFr6v31Aj7/vuD71KBAuyY6U77eEIxsH+3xbR4vJuOsMGxM4IL4Djag2y6FXCHE0zzXMmrBQf9U1eu7jfGYza8Ajgu59yIEmX8TumnWMsynxJil/2Jggs39rnrS9J2fc69aI382x47wxo1wEAKUAS2ZjwcPa54Ju5QptLl8TRJSpzQ4C7wxtFtNpdqDQlkRY+2C/ZQhV6I4M5DiUxVko8N2GjQeUr/9j/ak6wRd2HneDNm0a7yD9OTBKfb2s4bXVzt9DsvbxVtSg1JNW61BkP/rXbIEkUU4Yt+J2Xszw/AQ3oEzCPV/PoJJ5OEdIPD+317QUYPOGFsWSb2zP9EgvxssW4GZCkgUV6LRp97peqxw+WDRG9YKPXKfxe5O6dlCJcXejOC8Itg2jvPeQPlfvXOQfE7iwt2Qk3fzpcuxGMjShCiOdw7k8EuD2P5igRe2b6gaEPy9n9x+602dN0r8pCq4NGy1tUuYn6XCCNLQEG6/ArTfk8+ApwHIF+0gqTm5HqdXEx77hOmMfvz2vOdvIHIQNpEpFxFBF0d4/6AUKEMmBnITLRJcEu4B0dlKXZnmg+xM+ehvJ/EQBcNn4YWDBbAuNTdQmXMwmGGecQdpcK5G510HYbLQlVMWk9JxkPDRyT397O4MVrHjfPtaD7hPvdeUOB7maap7uxrVE8uDeXBflVglErPTIYWT/qc8zaM/Tf5cWuk6+7OSC+EpR/79TlpK7C2YU3WffO/Ezv9RSAVjTp3D5csHj1a+8T5bbcdPmynEHHojVW2IVCjSIH1nLNExly/387vFSxl7feF/wJ2EbGMRrwuhVadRkL2uNR6tGoMTjllO8a+sWoGcOKb/w0z1KfiCcB2zCuxvXf
                    </e:CipherValue>
                </e:CipherData>
            </e:EncryptedData>
        </o:Security>
    </s:Header>
    <s:Body u:Id="_2">
        <e:EncryptedData Id="_3" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
            <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" URI="#_1"/>
                </o:SecurityTokenReference>
            </KeyInfo>
            <e:CipherData>
                <e:CipherValue>
                    A5R4n3yq3F5omLDgRMgHQyDNAUUBahHGzXX2vJyZWH1biRcn3Ejs0hoCCE2+wyoGnUsL9qyxuupUwLFVBiVhEc8dNZJcB9ZlT6ikw1k4gPLjX4wsbRNNpBYFHOhmIcenKuIu/2/FP35iq8hj7xnHZrUikEijY3JpAPo/DSs4vSpfIGU0hOji0gPH7ZZdM5KvTssKKezzxfpAN9Xrl9M+f2QCqZLxp8Vbi0Vqwtmq8PUJchkwG6bxPuC4h5CKUQ5bt/TBYOVIrcWrCAPaCgIi3AmUT5f+3KXRvxp2qK5oI6BeWQXvnq92mRCdYdORjhNFLTv+/SN+Tx4jF3rb7hQl6Oop+ETRBgpxWGPeHnwzjmVCaMFGP9jkcv+r8zoVJAoiYa2GBrwqTbewWdJQhrW7DhxT3pL43aBjqA4wdacfu4qsW9Tyjjb2vwb0ctGzDlGiMqKlQgg1sk1ikudlseEaiVbroBYn56RAj/yjXKaLEeYoREdK4STXXCcKn6DtFuhZfTkzQGnuk5LNFHTOSkGV0vzjZUW1gUTaVYlTFgR00AAqXKsOD3NCqTN4WYzfG6D8QyU7VYT8TyIQzLQPLSCYiGIysSVGsYyimp4vuqyg1M71a6aM5m7URIg0NmmXAke4YyER+z/GzJ2A8adxHjNP26+9UCxgFH+gevIp/f6DhyWHHOA/yurPK38GMmQtWflBhOylf1QPJDWVXa4gq3+gXS9d9imugTsWS5GXE9W9nYIChqA7jeyl+onOI8exP+kF0UZReLjo0QOmfbd3sRwg79XioIlHvnuD++yGbyF2NL1ZgNVxcPSaRkn7mXPPbyJBjOZ3kwFvoFsIxRexdyTW2BZj6vCOped7E1ByIb5I7RUDrGVWHY1oF5X8ZHpxXc72po6X3th3QKzEKfFQ1CI/w5RRIVnVtmDa78/Fx/ifsEqniAgSwqBwWF4l9Xd5b5byz3s9qSw+/tl3HS8LTXbG7CGJaLJyAIik4X5Uc6zmdZbi0nmTAK2w3kkzL7D3z+LvG1Vch4GBgX8y70fHAnkfsaNiS8ulBYdxLarBcrVR0wTUH70XF6Pr4m5RmeoEOZoMdnvxe8zME9Gnm8/xOKBF0NgeaYosFhvxDe32pzWAmQIMpCyUG4snih9xzijGDnPA0Go/qzr6/Cl8bK0EBILnHnn586Vi5n5IcQaT3TxNGEHnut5//E/f7/PJw8t/xu/G1DlQbt/+DNr45XvO6YxHgm2LNRXE2/V9RdcxoEXhHCuffvjkJHSUWSAtfBityegzyEHM2p6DKBth/6iwqXfx6oQJdK5m26ScJYWJA3pJjpx3MlXcXN/Eqjt7YkInleEWxPnK8zRI3bpmv3gCT6WykLTBILc2WzDKNaCQ3mqT+JvCmbD8bQWIs5+DXcrom+IvEqtGDEAwwM+HIgWxZjCyCwhoKIrOpgTanKsppsypAWtTJpsiL8WZHkJQBqYqaomkIcDb+DQdYehjL8k+YVTeYh89EjX8gsKj2t4rgdbo6h2pJw96bN3WVP9Gag56sDV0IETaDLGDBOnrxfMw3NgHfEV0K7MOnonvqQB4NdbdU1KNeaARfvzyH+yWL6YSX+CNIZY1Ey+FJ8YfLRvFk8lmeZwPasypgPBYg5JkfH03MDuuei/26a0I9BPk+Z5pe5h6QYGNu0aXi0y7QoIUg6a0kMujrbOjYahUrhn84wvXrNFQXpRsSiaY3w4/JYUES+0cmrqPsu0/mry+w5SGx3SQ796Lu7fwiObOltVYB8km28EGYfC5hdb8052aDIY50B+elIaZwWT2BxDmzllcqgyHQezZHITFO5KpLttovjV8Sa1vyqMMiBOkMsxlBjy+DV2IfB3PEb0wiYsz9c3/sXO+cuC9+K0gpZ2o+Uim89HxQkGejhu1rz82+nNhGNyGhEACsqfY78HtpcZG2Ha8bgNClbmi8F7cbzakGP1Rmlyan2Q0qAJMwpTCWZfdxWAvvpTy6ZL9lJJk4XPGY++/RzGfKO+OdV1H8XEukG2lC3cZP4MzM8evmAkXhxXlwbiAZ/Vvvs8cWAfotoc9RqZpGV4yzyPPB0Ydp+eOap0oVuDFU/jq6oAevPojkMOFJFYY13Zxxllq7CyKdkVyb/toj83fHnBL7XFzxmFDVEJTh1hfvJ8CiC9RX1+LCu0URvDf5dKvz49Ru1jg1LfxG6JL2+BYCJhHoviVwX3CO3MUXPS5yIUVfjamqar88Nk3UQ3W8Qxfsn0LomsXhr7BHECg6S/av5VZ9BQgCeD+7lYd0n7y6ObxV1KjbEvMr/IgXp6FNcmrFkzsW3og30mpz1jvtx4xSUFGxXYlthR2TPxvBWVLLGeDFxUw1WMva/E/y9uK85OPfq6hUAV3c1nyYGbIMH8BGocLrGTWwzHQHjDv264Vr6RyQs17lrLO12nZTVKneFMa5Xb29IIa/XrxG7OuLazWX62X6zjBP/+j2ILwA5Wk5r0L2ZQJ1480WbE2NkvzDZreow5lHN7/Z/sWVR0DH90vtt1H/PKJAbPuqHuzvbqhMecrXTMu2C6YC2sm05uHTRTZHeDGjBmkxu62okQAvoNpwJtWnhM1WaOya9122Icq5FJ9ld6koJ0laKR3hCtxqdxJ8ygU7KMH9wMblFzKrNHGl36O0c9pXufcB8NWNevu70SlPlXxADfa5L+5fv8pm+dJMJOd5FQYtmRkr8LVB+opJyzB36gUN8+6aHFaf9qzqIaHLAsdXsfXCsSZqVlt8Wb5+i/aNOOmUwgmTta3JvtZs4OUfNASQy4cEYZmsn0CXewEtZDHotxfUu4byH4qQcGiGSgKX/THrGUhmlNz5ckCuXJBTihfTMD6/CD/doB6MA/BSGL8LBcGwrgsUgRN7ymTvka+eRWNud7/qZe1cB75f6l7rNXXIx2bCCZUuQpo5uAa0O1cP9YgaPTgPYJBVCOsCsbcd/DENOrAfs3X+cyMLEpTMm1xKpSaq7v7qdfypqsbyE7THtU3dIwthy2NtVczwHsYVS1OEJsA/dzqHrOvhQ1zugivwFWZg29d2wDEo70NzHn2DMguNYZmswSzXVH0PCubguShh2gZeiIhxwlufJ5QYp9++uNXOo3+FtrNL2W4QM/kQPEIP3YAA/SYM2ViJhr2kkN2k3+AcruBJvMsZg/oVJf/wF+PqdBK48/M7m0mfQV6jmBJ6tZ22hQJSDkmPl0nAX4YNj6jjj6zZPx2vJR+AiW8YGY7Xn8tMU2Ozf0iAC98InOMa0hMhSwotyH+mljajj4IcXDSY0iUarlule5Dk+gbuF7jYI9aci39jDnU+FqPmXZwNtR/9ZJKdOIU1vM6AGXKxNKHT131heVpfiQzpC9mqZZ79n1JitJIoSkZZQUdkzIE9WMTIfBTWoI6CfwLFhMr5gJa4I/biI+h375mee84EsvsKlL9g6VQE8iAU1m+eOllUsGgurMSldgb2SyfvE4F9Uo8IDwRBZiOWz28W46Y4bNfIFUQIe4u05RnlP74KvB9X7wN855/coD/dh8+nY0MKXSKN0yhPQexO2K+DE6+TmDfKLUoIwe0alWEeBE/xEAdLisKLDHV0iNFBqWJwwHEimKvxOZTmfVmkIM+N6pKUFEl5uxG176YFfPl2RnKY0OvGsAFo9fLOGfhZWsOBS2kguD36WVSs5xNRy6Vz8twJCEA9o9b69jP4n9/oSBKleSQIRJIad9zP59lV5qHLWuF3kCAIqPPSF1QpzJuPejdQhMiTVweAfvCytC3LlEvvlp38Th7Jb40epjXcMpOWsDht94+0z6lxT16ihkcX6PS/jwHUNrVPNzfoUL/XX87Tf3kIm95RK3JDq5Z2Z4gUUa7PRjFkukJCsiZ+8UMdU3fotDQapP/xicYopQBS9d0SwuNAu7bs2h8pk93n+UCtlclB89gkLsXDBIj0iAyPov1U9KYmSKXb8j2VoeEiwuvLau5lZrzyYTZ+5Kj043a2TlqbRJkiLltKO3lEPOSWYgn+KujGleIc7PhptrydrqOHqnlqiyoM/V9SN2Oum/W3OheLeZmB7DmtgN+vZcmFIxou72YsljqJy2Bn02IsUlSOr+22yY/9swGgdqKn4jEqWikgVeYq4DlV5QXIR6vB3neFE0EebiqiXLjufvozPxeeu6KgexHzaDio2GmIJ0CeVbbSyh4brKlTVhUa//8gPwlx+7brNCnGWiwAbNr1bwBusC0qe/ay3UHpaHInDdFCwObwmEq5EDoyfrf6LDONLVvMP9jFoDspfQoUwcokMsN6F5gqPlFk3tcnQ5DVt71lSb6gx+IhjY5N1mxSh/4oloQTHS+eOF9lw4A3CmqQ6RA5VQA9usj15Q96+mb/E/85mAm5qGqKnt/CexsVqdv+HGiPahqZ6bobeebubAlxOHYdU+735/oFFGvLDeXe+3v4ykvG4raV8rLoyniOcXNz6nfk+TWu90usBaCXl1kKOmu6THQ1CCzofJcd5fmnnkpOM+0eWy0cqAVl70L166B5aUEDX5CA2ypQs8+bstCPHRtvverzlxSPOhPGZ6oFllP/JBtFcJOBGY5KLmSY4ZeyBoKMfoqD2fq/3LIRWKEcUcrHDuhv4m5foETACPaR4YVyyhRlwc6ZI3r28baAh60bocvAwhKNLieKYAMYjYU56nQrnOInl8csv2mRm2SkTrEbtgDhA0Za+KIoGrQPUjmE+eUHbOmCpn/WdEceYejEV4ymwujPdU0tIuA4bXu5cRZR9rwTtxKx60WnGyzR3yKSMOpLBG7zDCVJSv4xFJAT4XfvX7H/ZJNdSjdXiniezVoMLAP+QKJJlE6oC9wIC+Hjqc/6Anapq2aznXTBEi5Me59O64sFb1CAo1fli385Z0uc/zpS0xDg7XtrcpzcMk6XRUMS0N1mYERINayl+LmMmg/g3PFIDtQ5dhSTPZPpz/p9PvWfOULSF/6+7E10OcLbegc6D2AaGPC5k2+yzNqSBfBdp+UgZyQDUZOuBj3QUNHKmg4pUzprAtEd4Tr0k6ZI6rkZPmWU4cK/8h5UNwPa3RljjfztPgTOtWNdTOcHzwKoTDFb5otxc9RvGQBUQXG4gztJOyyyBZglut+gJUf+Rjx48lFv4bYkqWV3pEymqkqMOShKhmaOmLxDKjREhdosUaqHY+Dt6BCHrbRiWUY6DBKgTKVvlhdtdpmNoLVmjLbhrVd+JUT640jIqbBylRC9mQd4V7OS9typ3xZ2kw=
                </e:CipherValue>
            </e:CipherData>
        </e:EncryptedData>
    </s:Body>
</s:Envelope>
--------------------------------------
Was it helpful?

Solution

According to all the documentations over On-premise web service with CXF, you have this error: 

The signature or decryption was invalid

Because you are receiving an xml with the body containing a fault message.

If you look more closely you can see that it indeed contains a fault: 

<a:Action s:mustUnderstand="1" u:Id="_4">               
 http://schemas.microsoft.com/xrm/2011/Contracts/Services/IOrganizationService/RetrieveMultipleOrganizationServiceFaultFault      
</a:Action>

I think this is a bug that is needed to be addressed.

Workaround: when an exception like this appears catch it and otput it as a fault message response from the web-service.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top