1. What is your server side?
2. Did you author this policy, or did you get it from the service?
3. What is the fault that you get?
Thanks,
Samisa...
RonnieMJ wrote:
I don't actually get an exception (well I do get a soap fault for not having
all of the right headers from their server).
The message usually gets sent out simply without the username token. If I
DO get the username token to go, it's as a signedsupportingtoken (which is
not what they want).
Samisa Abeysinghe-2 wrote:
What is the exception that you get?
Samisa...
RonnieMJ wrote:
I'm pretty new to WS, and especially the security piece, but I'm using
rampart 1.4 using policy files to try to function as a client to an
existing
(external to my company) web service.
I know that I need to send both a usernameToken and sign the header with
a
certificate. I've been able to do EITHER, but so far haven't been able
to
do both.
I've tried it about 20 different ways, but my most recent attempt is:
<wsp:Policy wsu:Id="SigAndUName"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:OnlySignEntireHeadersAndBody/>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>user</ramp:user>
<ramp:encryptionUser>user</ramp:encryptionUser>
<ramp:passwordCallbackClass>com.xo.vzn_asr.business.util.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.alias">user</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">keypassword</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:Policy>
I expect the final header output to be something like:
<SOAP-ENV:Header >
<wsse:Security >
<wsse:UsernameToken >
<wsse:Username >XXX</wsse:Username>
</wsse:UsernameToken>
<wsse:BinarySecurityToken
>binaryTokenHere</wsse:BinarySecurityToken>
<ds:Signature >
<ds:SignedInfo >
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference >
<ds:Transforms >
<ds:Transform />
</ds:Transforms>
<ds:DigestMethod />
<ds:DigestValue </ds:DigestValue>
</ds:Reference>
<ds:Reference >
<ds:Transforms >
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue </ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue </ds:SignatureValue>
<ds:KeyInfo >
<wsse:SecurityTokenReference >
<wsse:Reference />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
I'm fairly sure I've just got the policy file slightly off. Any
suggestions? Thanks for any reply.
--
Samisa Abeysinghe
http://people.apache.org/~samisa/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Samisa Abeysinghe
http://people.apache.org/~samisa/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
