Unfortunately the service I am interacting with requires that the timestamp is included when sending a message to it, but does not send a timestamp in the response. So yes, an optional timestamp is a requirement for interaction, without it I cannot do any communication at all.
A workaround for the IncludeTimestamp case would be perfectly acceptable, I don't (at least currently) require anything else to be optional. If there's a simple way of doing this temporarily, that will be fine. Thanks, Jamie > -----Original Message----- > From: Manjula Peiris [mailto:[EMAIL PROTECTED] > Sent: 08 August 2007 16:37 > To: Apache AXIS C Developers List > Subject: RE: Error: "Key Reference Info is mismatch with policy"? > > Hi Jamie, > > Please see my comments inline. > > > On Wed, 2007-08-08 at 09:48 +0100, Jamie Lyon wrote: > > Excellent, that's fixed that problem. > > > > You will have to excuse my simple questions; I've not used ws-policy > > before. > > > > Is it possible to specify that the client has to include a timestamp in > > the sent message, but may or may not receive one back? > In the current implementation it is not possible. Because > <sp:Includetimestamp> assertion is common for both sending and recieving > messages. > > > > > Having <sp:IncludeTimestamp/> returns "[info] [rampart][shp] Timestamp > > is not in the message", and modifying it to <sp:IncludeTimestamp > > wsp:Optional="true"/> still comes up with the same error. > > In our current Security policy implementation we are not supporting > wsp:Optional scenarios yet. Considerable amount of work need to be done > to support this. > > Is this a frequent scenario? We haven't encountered this when we are > interoping with other implementations. If it is a common scenario then > we can give a fix just for <sp:IncludeTimestamp> case. > > > Thanks. > Manjula. > > > > > > Thanks, > > Jamie > > > > > -----Original Message----- > > > From: Manjula Peiris [mailto:[EMAIL PROTECTED] > > > Sent: 08 August 2007 11:22 > > > To: Apache AXIS C Developers List > > > Subject: Re: Error: "Key Reference Info is mismatch with policy"? > > > > > > Hi Jamie, > > > > > > Please check the value of <sp:IncludeToken> attribute in the > > > <sp:InitiatorToken> element. If it is , > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always > > To > > > Recipient then the certificate used to signed the message is sent only > > by > > > the client to server. The Client should not see it attached as a > > > <BinarySecurityToken> in the recieved message. If you want this > > > <BinarySecurityToken> element to be in the recieved message of the > > client > > > please change the <sp:IncludeToken> attribute to > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always > > . > > > > > > If this does not work please send the policy file you are using. > > > > > > Thanks > > > -Manjula. > > > > > > > > > On Tue, 2007-08-07 at 16:26 +0100, Jamie Lyon wrote: > > > > Hi, > > > > > > > > > > > > > > > > I'm writing a client to an existing service in Axis2/C. Can anyone > > > > shed any light as to what could cause the above error message "Key > > > > Reference Info is mismatch with policy"? It appears to me as though > > > > it's saying that the namespace or something in the received message > > is > > > > not matching what is in the policy.xml. You can see the context of > > the > > > > message in the snippet of the debug log below. > > > > > > > > > > > > > > > > The situation seems odd however, since as you can see from the sent > > log, > > > the message sent by the client is perfectly fine. The namespaces, > > tokens > > > etc... all seem to match that which is received back from the server. > > > > > > > > I have attached the sent and received messages, and below is a > > snippet > > > of the debug log: > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][shp] Process security > > > header > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > Security for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > BinarySecurityToken for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > Signature for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > SignedInfo for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > CanonicalizationMethod for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > SignatureMethod for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > Reference for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > Transforms for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > Transform for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > DigestMethod for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > DigestValue for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > SignatureValue for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > KeyInfo for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > SecurityTokenReference for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > Reference for EncryptedKey > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > Security for Signature > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > BinarySecurityToken for Signature > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][axiom] Checking node > > > Signature for Signature > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][shp] Processing > > Signature > > > element. > > > > [Tue Aug 7 16:13:02 2007] [info] [Rampart][shp]Key Reference Info > > is > > > mismatch with policy > > > > [Tue Aug 7 16:13:02 2007] [info] [rampart][rampart_in_handler] > > > Security Header processing failed. > > > > [Tue Aug 7 16:13:02 2007] [debug] engine.c(292) Axis2 engine > > receive > > > completed! > > > > [Tue Aug 7 16:13:02 2007] [error] > > autogen/axis2_DataService.cpp(1236) > > > returnNode is NULL: Error code: 2 :: NULL paramater was passed when a > > non > > > NULL parameter was expected > > > > > > > > > > > > > > > > Thanks, > > > > > > > > Jamie > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
