Standards for Technology in Automotive Retail | ![]() | |
The WS-Security specifications define a set of SOAP Fault codes to describe different error situations that may occur during the parsing of the security headers and authenticating or authorizing the requests. Sending a SOAP Fault back is not required because this could be used as part of a denial of service or cryptographic attack. However, if an error is sent back, it MUST use the SOAP Faults defined in the WS-Security specifications.
Here is a list of the fault codes as defined in WS-Security 1.0:
Fault Code | Description (Fault String) |
wsse:UnsupportedSecurityToken | An unsupported token was provided |
wsse:UnsupportedAlgorithm | An unsupported signature or encryption algorithm was used |
wsse:InvalidSecurity | An error was discovered processing the <wsse:Security> header. |
wsse:InvalidSecurityToken | An invalid security token was provided |
wsse:FailedAuthentication | The security token could not be authenticated or authorized |
wsse:FailedCheck | The signature or decryption was invalid |
wsse:SecurityTokenUnavailable | Referenced security token could not be retrieved |
wsu:MessageExpired | Security semantics are expired. |