Thanks, Shankar, for the explanation. I was trying to send a signed request and receive a clear (un-signed) response. Our web services client need to connect to different web services some of which may require signed messages. So, can we do either of the following:
1.
Does the policy.xml has to be named as policy.xml on the client side?
If I can specify policy_cust1.xml for customer 1 and policy_cust2.xml for
customer 2, then, same client will be able to handle multiple customers.
Basically, my question is there a restriction like axis2c config file name
being axis2.xml
2.
Can we specify receiver certificate, for each customer programmatically
through an API
Regards,
Raghu
________________________________
From: Uthaiyashankar [mailto:[EMAIL PROTECTED]
Sent: Fri 10/3/2008 10:07 PM
To: Apache AXIS C User List
Subject: Re: rampart_handler_util.c -- parameter not set
Hi Raghu,
I think your configurations are wrong. First of all, I have to be clear
that whether message sent from server to client is also signed? It has
to be signed, otherwise rampart will not work. From client side, still
we don't have support to have different security policy for outgoing
message and incoming message. Hence my further explanations will assume
even the message from server to client is signed.
To sign from server to client, you have to give <rampc:Certificate> and
<rampc:PrivateKey> in server side configuration. Also, you have to give
<rampc:ReceiverCertificate> in client's configuration.
Sample4 shipped with Rampart[1] is actually the usecase you are trying
to achieve. You can have a look at that.
Regards,
Shankar
[1]
https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4
Raghu Udupa wrote:
> Thanks Shankar.
>
> I am a bit confused about specifying security phase in axis2.xml for
> client as well as for server.
>
> We need to sign the documents that are sent to the client which need to
> be verified at the server.
>
> Could you tell me whether my settings of axis2.xml and policy.xml on the
> client side and axis2.xml and service.xml on the server side are correct
> for a correct implementation of signature verification
>
> CLIENT SIDE
>
> axis2.xml
> =========
>
> <phaseOrder type="outflow">
> <!-- User defined phases could be added here -->
> <!--phase name="userphase1"/-->
> <!--system predefined phase-->
> <phase name="MessageOut"/>
> <phase name="Security"/>
> <!--phase name="Security"/-->
> </phaseOrder>
>
> policy.xml
> ==========
>
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
> <rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate>
> <rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey>
> </rampc:RampartConfig>
>
>
> SERVER SIDE
>
> axis2.xml
> =========
>
> <phaseOrder type="inflow">
> <!-- System pre defined phases -->
> <phase name="Transport"/>
> <phase name="PreDispatch"/>
> <phase name="Dispatch"/>
> <phase name="PostDispatch"/>
> <phase name="Security"/>
> </phaseOrder>
>
> service.xml
> ===========
>
> <service name="ReceiveEasyLinkFaxService">
> <parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter>
> <description>ReceiveEasyLinkFaxService Service</description>
> <module ref="rampart"/>
> <operation name="ReceiveFax">
> ....
> ....
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
> <rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC
> ertificate>
> </rampc:RampartConfig>
>
> Thanks,
> Raghu
>
> -----Original Message-----
> From: Uthaiyashankar [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 02, 2008 1:13 PM
> To: Apache AXIS C User List
> Subject: Re: rampart_handler_util.c -- parameter not set
>
> Raghu Udupa wrote:
>
>> Thanks Samisa.
>>
>> The first reported error is parameter 0 not being set in
>> rampart_handler_util.c. I wanted to know which configuration parameter
>> method rampart_get_rampart_configuration in rampart_handler_util.c is
>> looking for.
>>
>>
>
> That error message is misleading. It is actually not an error. :). We
> have to remove it. So, you can safely ignore it.
>
> Regards,
> Shankar.
>
>
>> Regards,
>> Raghu
>>
>> -----Original Message-----
>> From: Samisa Abeysinghe [mailto:[EMAIL PROTECTED]
>> Sent: Wednesday, October 01, 2008 9:32 PM
>> To: Apache AXIS C User List
>> Subject: Re: rampart_handler_util.c -- parameter not set
>>
>>
>>
>>> 2. Also, the webservices client is getting following error while
>>> attempting to engage rampart module.
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
>>> [rampart][rampart_handler_utils] 0 parameter is not set.
>>>
>>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
>>> RampartClientConfiguration not set in message context
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
>>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
>>> extenension index of NID_subject_key_identifier is not valid
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
>>>
>
>
>>> in transport
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
>>> [rampart][rampart_engine] Cannot get saved rampart_context
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
>>> [rampart][rampart_in_handler] rampart_context creation failed.
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
>>> RampartInHandler invoke failed within phase PreDispatch
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
>>> PreDispatch failed
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
>>> Unidentified character in SOAP 1.1 builder helper processing
>>>
>>>
>>>
>> As the error says, there is something wrong in your key.
>>
>> Samisa...
>>
>>
>>> 3. I am also including the server log. I am using a self signed
>>> certificate generated using openssl to sign the message. Digest
>>> verification is succeeding. But signature verification is
>>>
>>>
>> failing.
>>
>>
>>>
>>>
>>> Thanks,
>>> Raghu
>>>
>>>
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<<winmail.dat>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
