Forum Discussion
NimbostratusWCF Web Service - XML message encryption doesn't work
Hello everyone
There is Windows Communication Foundation web service that I want to put it behind ASM. The WS communicates via HTTP (no transport layer encryption) and uses XML message encryption. I want F5-ASM to handle the message decryption and send decrypted message to WS server.
I followed below link to setup XML message encryption. https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-6-0/18.htmlconceptid
I loaded server's certificate (with private key) and all clients' certificates to F5. When I test the setup, the client sends encrypted message to F5 virtual server. However, F5 virtual server does not decrypt the XML message and pass the same message to WS server.
I went to Security->Application Security->Blocking->Setting->Web Services Security failure and enabled all errors including "Decryption Error", "Verification Error", however, I don't see any alert triggered when I test.
I have below question. 1. I am not sure if F5-ASM attempted to decrypt the message. How can I verify? 2. If it attempted and failed to decrypt, then how can I check what caused the decryption to fail. Is there a log file that records it?
Thank you.
1 Reply
Thomas_Kim_-_RiI tested this feature on test environment not on the real BIG IP hardware yet. Will it make a difference? I brought up the issue to F5 tech support several times without a luck. Is there anyone who was able to make this feature work? Thanks.
