[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rampart-dev
Subject:    Rampart 1.4 and WSE 3.0
From:       Vicente David Guardiola Buitra <vicentedavid81 () yahoo ! es>
Date:       2009-05-26 10:42:59
Message-ID: 295022.96102.qm () web26503 ! mail ! ukl ! yahoo ! com
[Download RAW message or body]


Dear all,

I've developed a WebService using Axis2 and Rampart 1.4 and I'm trying to use a WSE \
3.0 client to consume this WS.

After some tests, I've found the order I should use for items in the InFlow to use: \
signature, encrypt and timestamp, the inflow conffiguration is:

        <parameter name="InflowSecurity">
          <action>          
            <items>Signature Encrypt Timestamp</items>
            <passwordCallbackClass>****</passwordCallbackClass>            
            <signaturePropFile>service.properties</signaturePropFile>
            <decryptionPropFile>service.properties</decryptionPropFile>
            <enableSignatureConfirmation>false</enableSignatureConfirmation>
          </action>
          </parameter>

This works fine, the problem iis in the response, my WSE client throws the following \
error:

WSE2005: Protection requirements in MutualCertificate10assertion are not satisfied

I think the problem is that my OutFlow Configuration misses some kind of security \
element WSE 3.0 requires or adds something that it does'nt expect, but I have no idea \
what is. I'm using a wizard to create this WSE client and check the option: Signature \
and Encrypt, and my outflow configuration is as follows:


    <parameter name="OutflowSecurity">
          <action>          
            <items>Encrypt Timestamp NoSerialization</items>
            <user>servercert</user>
            <passwordCallbackClass>*******</passwordCallbackClass>
            <encryptionPropFile>service.properties</encryptionPropFile>
            <encryptionKeyIdentifier>Thumbprint</encryptionKeyIdentifier>
            <encryptionUser>useReqSigCert</encryptionUser>       
          </action>
          
          <action>          
            <items>Signature</items>
            <user>servercert</user>
            <passwordCallbackClass>******</passwordCallbackClass>
            
            <signaturePropFile>service.properties</signaturePropFile>
            <signatureKeyIdentifier>Thumbprint</signatureKeyIdentifier>
            <signatureParts>
              {Element}{http://www.w3.org/2005/08/addressing}To; 
              {Element}{http://www.w3.org/2005/08/addressing}MessageID; 
              {Element}{http://www.w3.org/2005/08/addressing}Action; 
              {Element}{http://www.w3.org/2005/08/addressing}RelatesTo;
              {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp; \
  {}{}Body;
            </signatureParts>
            
            <enableSignatureConfirmation>false</enableSignatureConfirmation>
          </action>
    </parameter>    


Y use two actions because I think WSE requires the signature of Addressing elements, \
timestamp and body, but I can't sign the Timestamp element before it is created, \
doesn't I?

Could anybody point out some idea or solution to this problem.

Thanks a lot!

V Guardiola


      



[prev in list] [next in list] [prev in thread] [next in thread]