IRS ACA 1095B BulkRequestTransmitter: Invalid WS Security Header - SOAP UI

Question

I am trying to Invoke IRS ACA 1095 B Ws through SOAP UI. I have configured Keystore in SOAP UI which when imported says OK. I have signed the 3 elements referring the IRS Doc, ACABusinessHeader, ACATransmitterManifestReqDtl and Timestamp. I have tried with and without, Gzip/ Wsa Header/ Attachment/ MTOM still for a simple SOAP Request without any file attachment I am having :

The WS Security Header in the message is invalid. Please review the transmission instructions outlined in Section 5 of the AIR Submission Composition and Reference Guide located at https://www.irs.gov/for-Tax-Pros/Software-Developers/Information-Returns/Affordable-Care-Act-Information-Return-AIR-Program, correct any issues, and try again.

Error Code: TPE 1122.

I have attached the complete SOAP Ui Request Message.

Any sort of Help is appreciated.

--->

enter code here



 POST https://la.www4.irs.gov/airp/aca/a2a/1095BC_Transmission_AATS2016 HTTP/1.1
    Content-Encoding: gzip
    Accept-Encoding: gzip,deflate
    Content-Type: multipart/related; type="application/xop+xml"; start="<[email protected]>"; start-info="text/xml"; boundary="----=_Part_0_1488514502.1456157000203"
    SOAPAction: "BulkRequestTransmitter"
    MIME-Version: 1.0
    Transfer-Encoding: chunked
    Host: la.www4.irs.gov
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.1.1 (java 1.5)



    <soapenv:Envelope xmlns:oas1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:us:gov:treasury:irs:msg:acabusinessheader" xmlns:urn1="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:urn2="urn:us:gov:treasury:irs:common" xmlns:urn3="urn:us:gov:treasury:irs:msg:acasecurityheader" xmlns:urn4="urn:us:gov:treasury:irs:msg:irsacabulkrequesttransmitter" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xd="http://www.w3.org/2000/09/xmldsig#">
       <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
          <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

             <ds:Signature Id="SIG-F8EA5798DFE03264EF145615675816614" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                      <ec:InclusiveNamespaces PrefixList="oas1 soapenv urn urn1 urn2 urn3 urn4 wsu xd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                   </ds:CanonicalizationMethod>
                   <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                   <ds:Reference URI="#id-E9877CA7A36541AA6A1455820267635274">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="oas1 soapenv urn1 urn2 urn3 urn4 xd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>REDACTED</ds:DigestValue>
                   </ds:Reference>
                   <ds:Reference URI="#id-E9877CA7A36541AA6A1455820267635275">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="oas1 soapenv urn urn2 urn3 urn4 xd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>REDACTED</ds:DigestValue>
                   </ds:Reference>
                   <ds:Reference URI="#id-E9877CA7A36541AA6A1455820267635276">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="oas1 soapenv urn urn1 urn2 urn3 urn4 xd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>REDACTED</ds:DigestValue>
                   </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>REDACTED</ds:SignatureValue>
                <ds:KeyInfo Id="RE-Dacted">
                   <wsse:SecurityTokenReference wsu:Id="STR-abcdefghijklmnopqredacted">
                      <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">REDACTED</wsse:KeyIdentifier>
                   </wsse:SecurityTokenReference>
                </ds:KeyInfo>
             </ds:Signature>
          </wsse:Security>
          <urn3:ACASecurityHeader/>
          <urn:ACABusinessHeader wsu:Id="id-E9877CA7A36541AA6A1455820267635274">
             <urn1:UniqueTransmissionId>abcd-efgh:1234</urn1:UniqueTransmissionId>
             <urn2:Timestamp>2016-02-17T15:17:47Z</urn2:Timestamp>
          </urn:ACABusinessHeader>
          <urn1:ACATransmitterManifestReqDtl wsu:Id="id-E9877CA7A36541AA6A1455820267635275">
             <urn1:PriorYearDataInd>0</urn1:PriorYearDataInd>
             <urn2:EIN>12-34567</urn2:EIN>
             <urn1:TestFileCd>T</urn1:TestFileCd>
             <urn1:TransmitterNameGrp>
                <urn1:BusinessNameLine1Txt>SOME VALUE</urn1:BusinessNameLine1Txt>
             </urn1:TransmitterNameGrp>
             <urn1:CompanyInformationGrp>
                <urn1:MailingAddressGrp>
                   <urn1:USAddressGrp>
                      <urn1:AddressLine1Txt>SOME ADRESS</urn1:AddressLine1Txt>
                      <urn2:CityNm>SOME CITY</urn2:CityNm>
                      <urn1:USStateCd>AB</urn1:USStateCd>
                      <urn2:USZIPCd>12345</urn2:USZIPCd>
                      <urn2:USZIPExtensionCd>6789</urn2:USZIPExtensionCd>
                   </urn1:USAddressGrp>
                </urn1:MailingAddressGrp>
                <urn1:ContactNameGrp>
                   <urn2:PersonFirstNm>First</urn2:PersonFirstNm>
                   <urn2:PersonLastNm>Last</urn2:PersonLastNm>
                </urn1:ContactNameGrp>
                <urn1:ContactPhoneNum>123-456-7890</urn1:ContactPhoneNum>
             </urn1:CompanyInformationGrp>
             <urn1:VendorInformationGrp>
                <urn1:VendorCd>Some Vendor</urn1:VendorCd>
                <urn1:ContactNameGrp>
                   <urn2:PersonFirstNm>First</urn2:PersonFirstNm>
                   <urn2:PersonLastNm>Last</urn2:PersonLastNm>
                </urn1:ContactNameGrp>
                <urn1:ContactPhoneNum>Phone</urn1:ContactPhoneNum>
             </urn1:VendorInformationGrp>
             <urn1:TotalPayeeRecordCnt>1</urn1:TotalPayeeRecordCnt>
             <urn1:TotalPayerRecordCnt>1</urn1:TotalPayerRecordCnt>
             <urn1:SoftwareId>A12345678</urn1:SoftwareId>
             <urn1:FormTypeCd>1094-1095B</urn1:FormTypeCd>
             <urn2:BinaryFormatCd>application/xml</urn2:BinaryFormatCd>
             <urn2:ChecksumAugmentationNum>garbage-value</urn2:ChecksumAugmentationNum>
             <urn2:AttachmentByteSizeNum>1234</urn2:AttachmentByteSizeNum>
             <urn1:DocumentSystemFileNm>some</urn1:DocumentSystemFileNm>
          </urn1:ACATransmitterManifestReqDtl>
          <wsu:Timestamp wsu:Id="id-E9877CA7A36541AA6A1455820267635276">
             <wsu:Created>2016-02-17T15:41:09.678Z</wsu:Created>
             <wsu:Expires>2016-02-20T10:21:09.678Z</wsu:Expires>
          </wsu:Timestamp>
          <wsa:Action>BulkRequestTransmitter</wsa:Action>
       </soapenv:Header>
       <soapenv:Body>
          <urn4:ACABulkRequestTransmitter>
             <urn2:BulkExchangeFile>
             </urn2:BulkExchangeFile>
          </urn4:ACABulkRequestTransmitter>
       </soapenv:Body>
    </soapenv:Envelope>

Answer 1

I see the wsu:Timestamp is outside the wsse:Security, I have attached outgoing WS-Security configuration of my working SOAP UI, cross check with yours.

After applying the outgoing headers, submit the request as is and do not format the request!

My outgoing WS-Security configuration of SOAP UI

My outgoing WS-Security configuration of SOAP UI-TimeStamp

Answer 2

SOAP UI KeyStore using pfx file. SOAP UI KeyStore

Request payload:

POST https://la.www4.irs.gov/airp/aca/a2a/1095BC_Transmission_AATS2016 HTTP/1.1
SOAPAction: BulkRequestTransmitter
Content-Type: multipart/related; type="application/xop+xml"; start="<[email protected]>
  "; start-info="text/xml"; boundary="----=_Part_26_1277305220.1456248891536"
  Host: la.www4.irs.gov
  Content-Length: 17728
  Expect: 100-continue
  Connection: Keep-Alive

  ------=_Part_26_1277305220.1456248891536
  Content-Type: application/xop+xml; charset=UTF-8; type="text/xml"
  Content-Transfer-Encoding: 8bit
  Content-ID: <[email protected]>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <s:Header>
    <wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <ds:Signature Id="SIG-3ED4996B507C9FE4891456248845324120" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#TS-3ED4996B507C9FE4891456248845320116">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <InclusiveNamespaces PrefixList="wsse s" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>....</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-D4CA0E52B9727D4C0A14551257302705">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <InclusiveNamespaces PrefixList="s" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>....</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-1781945826">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <InclusiveNamespaces PrefixList="s" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>.....</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>.....</ds:SignatureValue>
        <ds:KeyInfo Id="KI-3ED4996B507C9FE4891456248845324118">
          <wsse:SecurityTokenReference wsu:Id="STR-3ED4996B507C9FE4891456248845324119">
            <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">....</wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
      <wsu:Timestamp wsu:Id="TS-3ED4996B507C9FE4891456248845320116">
        <wsu:Created>2016-02-23T17:34:05.320Z</wsu:Created>
        <wsu:Expires>2016-05-26T04:27:12.320Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
    <ns0:ACABusinessHeader ns1:Id="id-1781945826" ns2:anyAttr="anyAttrContents" xmlns:ns0="urn:us:gov:treasury:irs:msg:acabusinessheader" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns2="urn:us:gov:treasury:irs:msg:acabusinessheaderanyAttr">
      <ns3:UniqueTransmissionId xmlns:ns3="urn:us:gov:treasury:irs:ext:aca:air:7.0">5a79b747-f622-4fe0-b5a7-4ab52226bc70:SYS12:xxxxx::T</ns3:UniqueTransmissionId>
      <ns4:Timestamp xmlns:ns4="urn:us:gov:treasury:irs:common">2016-02-09T12:34:33Z</ns4:Timestamp>
    </ns0:ACABusinessHeader>
    <ACATransmitterManifestReqDtl d1p1:Id="id-D4CA0E52B9727D4C0A14551257302705" xsi:schemaLocation="urn:us:gov:treasury:irs:msg:form1094-1095BCtransmitterreqmessage IRS-Form1094-1095BCTransmitterReqMessage.xsd" xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:d1p1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:irs="urn:us:gov:treasury:irs:common" xmlns:n1="urn:us:gov:treasury:irs:msg:form1094-1095BCtransmitterreqmessage" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">         
    </ACATransmitterManifestReqDtl>
  </s:Header>
  <s:Body>
    <ns0:ACABulkRequestTransmitter version="1.0" xmlns:ns0="urn:us:gov:treasury:irs:msg:irsacabulkrequesttransmitter">
      <ns1:BulkExchangeFile xmlns:ns1="urn:us:gov:treasury:irs:common">
        <inc:Include href="cid:1094B_Request_xxxxx_20160211T170145000Z.xml" xmlns:inc="http://www.w3.org/2004/08/xop/include"/>
      </ns1:BulkExchangeFile>
    </ns0:ACABulkRequestTransmitter>
  </s:Body>
</s:Envelope>
------=_Part_26_1277305220.1456248891536
Content-Type: text/xml; charset=Cp1252;
name=1094B_Request_xxxxx_20160211T170145000Z.xml
Content-Transfer-Encoding: quoted-printable
Content-ID: <1094B_Request_xxxxx_20160211T170145000Z.xml>
Content-Disposition: attachment;name="1094B_Request_xxxxx_20160211T170145000Z.xml"; 

filename="1094B_Request_xxxxx_20160211T170145000Z.xml"
< 1094 Bulk file removed>
          ------=_Part_26_1277305220.1456248891536--