Hi Raghu,
I think your configurations are wrong. First of all, I have to be clear
that whether message sent from server to client is also signed? It has
to be signed, otherwise rampart will not work. From client side, still
we don't have support to have different security policy for outgoing
message and incoming message. Hence my further explanations will assume
even the message from server to client is signed.
To sign from server to client, you have to give <rampc:Certificate> and
<rampc:PrivateKey> in server side configuration. Also, you have to give
<rampc:ReceiverCertificate> in client's configuration.
Sample4 shipped with Rampart[1] is actually the usecase you are trying
to achieve. You can have a look at that.
Regards,
Shankar
[1]
https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4
Raghu Udupa wrote:
Thanks Shankar.
I am a bit confused about specifying security phase in axis2.xml for
client as well as for server.
We need to sign the documents that are sent to the client which need to
be verified at the server.
Could you tell me whether my settings of axis2.xml and policy.xml on the
client side and axis2.xml and service.xml on the server side are correct
for a correct implementation of signature verification
CLIENT SIDE
axis2.xml
=========
<phaseOrder type="outflow">
<!-- User defined phases could be added here -->
<!--phase name="userphase1"/-->
<!--system predefined phase-->
<phase name="MessageOut"/>
<phase name="Security"/>
<!--phase name="Security"/-->
</phaseOrder>
policy.xml
==========
<rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
<rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate>
<rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey>
</rampc:RampartConfig>
SERVER SIDE
axis2.xml
=========
<phaseOrder type="inflow">
<!-- System pre defined phases -->
<phase name="Transport"/>
<phase name="PreDispatch"/>
<phase name="Dispatch"/>
<phase name="PostDispatch"/>
<phase name="Security"/>
</phaseOrder>
service.xml
===========
<service name="ReceiveEasyLinkFaxService">
<parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter>
<description>ReceiveEasyLinkFaxService Service</description>
<module ref="rampart"/>
<operation name="ReceiveFax">
....
....
<rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
<rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC
ertificate>
</rampc:RampartConfig>
Thanks,
Raghu
-----Original Message-----
From: Uthaiyashankar [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 02, 2008 1:13 PM
To: Apache AXIS C User List
Subject: Re: rampart_handler_util.c -- parameter not set
Raghu Udupa wrote:
Thanks Samisa.
The first reported error is parameter 0 not being set in
rampart_handler_util.c. I wanted to know which configuration parameter
method rampart_get_rampart_configuration in rampart_handler_util.c is
looking for.
That error message is misleading. It is actually not an error. :). We
have to remove it. So, you can safely ignore it.
Regards,
Shankar.
Regards,
Raghu
-----Original Message-----
From: Samisa Abeysinghe [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2008 9:32 PM
To: Apache AXIS C User List
Subject: Re: rampart_handler_util.c -- parameter not set
2. Also, the webservices client is getting following error while
attempting to engage rampart module.
[Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
[rampart][rampart_handler_utils] 0 parameter is not set.
[Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
RampartClientConfiguration not set in message context
[Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
in openssl_x509_get_subject_key_identifier] oxs defualt error , The
extenension index of NID_subject_key_identifier is not valid
[Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
in transport
[Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
[rampart][rampart_engine] Cannot get saved rampart_context
[Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
[rampart][rampart_in_handler] rampart_context creation failed.
[Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
RampartInHandler invoke failed within phase PreDispatch
[Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
PreDispatch failed
[Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
Unidentified character in SOAP 1.1 builder helper processing
As the error says, there is something wrong in your key.
Samisa...
3. I am also including the server log. I am using a self signed
certificate generated using openssl to sign the message. Digest
verification is succeeding. But signature verification is
failing.
Thanks,
Raghu
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
