Hi Jamie, Please see my comments inline.
On Wed, 2007-08-08 at 09:48 +0100, Jamie Lyon wrote: > Excellent, that's fixed that problem. > > You will have to excuse my simple questions; I've not used ws-policy > before. > > Is it possible to specify that the client has to include a timestamp in > the sent message, but may or may not receive one back? In the current implementation it is not possible. Because <sp:Includetimestamp> assertion is common for both sending and recieving messages. > > Having <sp:IncludeTimestamp/> returns "[info] [rampart][shp] Timestamp > is not in the message", and modifying it to <sp:IncludeTimestamp > wsp:Optional="true"/> still comes up with the same error. In our current Security policy implementation we are not supporting wsp:Optional scenarios yet. Considerable amount of work need to be done to support this. Is this a frequent scenario? We haven't encountered this when we are interoping with other implementations. If it is a common scenario then we can give a fix just for <sp:IncludeTimestamp> case. Thanks. Manjula. > > Thanks, > Jamie > > > -----Original Message----- > > From: Manjula Peiris [mailto:[EMAIL PROTECTED] > > Sent: 08 August 2007 11:22 > > To: Apache AXIS C Developers List > > Subject: Re: Error: "Key Reference Info is mismatch with policy"? > > > > Hi Jamie, > > > > Please check the value of <sp:IncludeToken> attribute in the > > <sp:InitiatorToken> element. If it is , > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always > To > > Recipient then the certificate used to signed the message is sent only > by > > the client to server. The Client should not see it attached as a > > <BinarySecurityToken> in the recieved message. If you want this > > <BinarySecurityToken> element to be in the recieved message of the > client > > please change the <sp:IncludeToken> attribute to > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always > . > > > > If this does not work please send the policy file you are using. > > > > Thanks > > -Manjula. > > > > > > On Tue, 2007-08-07 at 16:26 +0100, Jamie Lyon wrote: > > > Hi, > > > > > > > > > > > > I'm writing a client to an existing service in Axis2/C. Can anyone > > > shed any light as to what could cause the above error message "Key > > > Reference Info is mismatch with policy"? It appears to me as though > > > it's saying that the namespace or something in the received message > is > > > not matching what is in the policy.xml. You can see the context of > the > > > message in the snippet of the debug log below. > > > > > > > > > > > > The situation seems odd however, since as you can see from the sent > log, > > the message sent by the client is perfectly fine. The namespaces, > tokens > > etc... all seem to match that which is received back from the server. > > > > > > I have attached the sent and received messages, and below is a > snippet > > of the debug log: > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][shp] Process security > > header > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > Security for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > BinarySecurityToken for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > Signature for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > SignedInfo for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > CanonicalizationMethod for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > SignatureMethod for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > Reference for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > Transforms for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > Transform for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > DigestMethod for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > DigestValue for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > SignatureValue for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > KeyInfo for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > SecurityTokenReference for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > Reference for EncryptedKey > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > Security for Signature > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > BinarySecurityToken for Signature > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > Signature for Signature > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][shp] Processing > Signature > > element. > > > [Tue Aug 7 16:13:02 2007] [info] [Rampart][shp]Key Reference Info > is > > mismatch with policy > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][rampart_in_handler] > > Security Header processing failed. > > > [Tue Aug 7 16:13:02 2007] [debug] engine.c(292) Axis2 engine > receive > > completed! > > > [Tue Aug 7 16:13:02 2007] [error] > autogen/axis2_DataService.cpp(1236) > > returnNode is NULL: Error code: 2 :: NULL paramater was passed when a > non > > NULL parameter was expected > > > > > > > > > > > > Thanks, > > > > > > Jamie > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
