[prev in list] [next in list] [prev in thread] [next in thread]
List: rampart-dev
Subject: Rampart 1.4 and WSE 3.0
From: Vicente David Guardiola Buitra <vicentedavid81 () yahoo ! es>
Date: 2009-05-26 10:42:59
Message-ID: 295022.96102.qm () web26503 ! mail ! ukl ! yahoo ! com
[Download RAW message or body]
Dear all,
I've developed a WebService using Axis2 and Rampart 1.4 and I'm trying to use a WSE \
3.0 client to consume this WS.
After some tests, I've found the order I should use for items in the InFlow to use: \
signature, encrypt and timestamp, the inflow conffiguration is:
<parameter name="InflowSecurity">
<action>
<items>Signature Encrypt Timestamp</items>
<passwordCallbackClass>****</passwordCallbackClass>
<signaturePropFile>service.properties</signaturePropFile>
<decryptionPropFile>service.properties</decryptionPropFile>
<enableSignatureConfirmation>false</enableSignatureConfirmation>
</action>
</parameter>
This works fine, the problem iis in the response, my WSE client throws the following \
error:
WSE2005: Protection requirements in MutualCertificate10assertion are not satisfied
I think the problem is that my OutFlow Configuration misses some kind of security \
element WSE 3.0 requires or adds something that it does'nt expect, but I have no idea \
what is. I'm using a wizard to create this WSE client and check the option: Signature \
and Encrypt, and my outflow configuration is as follows:
<parameter name="OutflowSecurity">
<action>
<items>Encrypt Timestamp NoSerialization</items>
<user>servercert</user>
<passwordCallbackClass>*******</passwordCallbackClass>
<encryptionPropFile>service.properties</encryptionPropFile>
<encryptionKeyIdentifier>Thumbprint</encryptionKeyIdentifier>
<encryptionUser>useReqSigCert</encryptionUser>
</action>
<action>
<items>Signature</items>
<user>servercert</user>
<passwordCallbackClass>******</passwordCallbackClass>
<signaturePropFile>service.properties</signaturePropFile>
<signatureKeyIdentifier>Thumbprint</signatureKeyIdentifier>
<signatureParts>
{Element}{http://www.w3.org/2005/08/addressing}To;
{Element}{http://www.w3.org/2005/08/addressing}MessageID;
{Element}{http://www.w3.org/2005/08/addressing}Action;
{Element}{http://www.w3.org/2005/08/addressing}RelatesTo;
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp; \
{}{}Body;
</signatureParts>
<enableSignatureConfirmation>false</enableSignatureConfirmation>
</action>
</parameter>
Y use two actions because I think WSE requires the signature of Addressing elements, \
timestamp and body, but I can't sign the Timestamp element before it is created, \
doesn't I?
Could anybody point out some idea or solution to this problem.
Thanks a lot!
V Guardiola
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic