If the inbound message failed validation or if InterSystems IRIS issues the no supported policy alternative error, it is useful to check the following items:
-
When you retrieve a stored InterSystems IRIS credential set, make sure that you type its name correctly.
-
After retrieving an InterSystems IRIS credential set, check the type of the object to ensure that it is %SYS.X509CredentialsOpens in a new tab.
-
Make sure that you are using the appropriate certificate.
If you are using it for encryption, you use the certificate of the entity to whom you are sending the message. Encryption uses the public key of this certificate.
If you are using it for signing, you use your own certificate, and you sign with the associated private key. In this case, make sure that you have loaded the private key and that you have correctly specified the password for the private key file.
-
Make sure that the certificates are signed by a certificate authority that is trusted by InterSystems IRIS.
-
If you are using WS-Policy, be sure to edit the generated configuration class to specify the InterSystems IRIS credential set to use. See Editing the Generated Policy.
-
If the web service requires a <UsernameToken>, make sure that InterSystems IRIS web client is sending this, and that it contains correct information. InterSystems IRIS cannot automatically specify the <UsernameToken> to send; this must be done at runtime. See Adding Timestamps and Username Tokens.
Make sure that at least one of the security policies required by web service or client is supported in InterSystems IRIS. See SOAP Security Standards.
-
In the case of an authentication failure, identify the user in the <UsernameToken>, and examine the roles to which that user belongs.