AXIS2 - signature verification failed in Axis2 with Rampart
-----------------------------------------------------------
Key: AXIS2-2930
URL: https://issues.apache.org/jira/browse/AXIS2-2930
Project: Axis 2.0 (Axis2)
Issue Type: Bug
Affects Versions: 1.0
Environment: Window Xp, Tomcat 5.5.20
Reporter: Boon
AXIS2 - signature verification failed in Axis2 with Rampart
I encountered the signature verification problem when I tried to build a Axis2
client to access an .NET WS and a Axis WS.
I believe this is the same issue/problem raised by Allen in April 2007. I've
follow the issue raised by Allen but have not come across the solution for the
issue.
Issue details: The signature verification failed in Axis2 in axis-dev mailing
list on 17 Apr 2007 & 18 Apr 2007.
The message exchange in the above mailing list mentioned that the issue could
be cause by some pretty printing that cause some additional chars being
inserted into the message and which subsequently lead to Signature verification
problem.
Could someone from AXIS2/Rampart confirm whether this is the cause of the
problem and if it is, how can I resolve this or any solution to get around
this problem.
Your assistance on this will be very much appreciated. Thank you very much.
Best regards,
Boon
The exception that get thrown back to me is as follow:
org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed; nested
exception is:
==========================================================================================
org.apache.ws.security.WSSecurityException: The signature verification
failed
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:287)
at
itree.iacd.webservice.axis2.iap_sp.ServiceProviderStub.notifyRejection(ServiceProviderStub.java:120)
at
itree.iacd.webservice.axis2.iap_sp.ServiceProviderClient.notifyRejection(ServiceProviderClient.java:183)
at
itree.iacd.webservice.axis2.iap_sp.ServiceProviderClient.main(ServiceProviderClient.java:108)
==========================================================================================
I have appended the discussion from the above mailing list for your convenience:
===========================================================================================
Hi Allen,
Since its the response from the .NET server that causes the signature
failure I need that particular message in it original form (without
any xml formatting).
Thanks,
Ruchith
On 4/19/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <[EMAIL PROTECTED]> wrote:
>
>
> Hi Ruchith,
>
> Do you have any update on this issue? I have searched all the document I
> could find, but all didn't work. Hope you can help me.
>
> Thanks,
> Allen
>
>
> ________________________________
> From: Liu, Xiao-Tao (Allen, HPIT-GADSC)
> Sent: 2007��4��18�� 19:19
> To: '[EMAIL PROTECTED]'
> Subject: RE: The signature verification failed in Axis2 with Rampart
>
>
>
>
> Hi Ruchith,
>
> I send out my client source code with all necessary configurations/keystore.
> I created the request message inside the client, using AXIOM. The web
> service is written in .net and running on IIS.
>
> Thanks,
> Allen
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: 2007��4��18�� 19:08
> To: [EMAIL PROTECTED]
> Subject: Re: The signature verification failed in Axis2 with Rampart
>
> Hi Allen,
>
> Can you please send the message that caused the exception (with out xml
> formatting) and also send the public key cert of the key that was used to
> sign the message. I'll try to recreate your issue.
>
> Thanks,
> Ruchith
>
> On 4/18/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > I am taking use of Axis2 to build a client to access a .net ws with
> > X509 certificate signature. All the steps are fine except when I
> > receive the response from .net, the signature verification always failed.
> >
> > Warning: Verification failed for URI
> > "#Id-c59b2f2c-9d10-4107-bea9-e8eb690dd67d"
> > Exception in thread "main" org.apache.axis2.AxisFault: WSDoAllReceiver:
> > security processing failed; nested exception is:
> > org.apache.ws.security.WSSecurityException: The
> signature
> > verification failed
> > at
> >
> org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.
> > java:259)
> > at
> >
> org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllRecei
> > ve
> > r.java:91)
> > at
> >
> org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
> > at
> org.apache.axis2.engine.Phase.invoke(Phase.java:382)
> > at
> >
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
> > at
> >
> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:487)
> > at
> >
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOp
> > er
> > ation.java:276)
> > at
> >
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxi
> > sO
> > peration.java:202)
> > at
> >
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:5
> > 79
> > )
> > at
> >
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:5
> > 08
> > )
> > at ws.axis2.DotNetWSRClient.main(DotNetWSRClient.java:45)
> > Caused by: org.apache.ws.security.WSSecurityException:
> The signature
> > verification failed
> > at
> >
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature
> > (S
> > ignatureProcessor.java:332)
> > at
> >
> org.apache.ws.security.processor.SignatureProcessor.handleToken(Signat
> > ur
> > eProcessor.java:79)
> > at
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecuri
> > ty
> > Engine.java:279)
> > at
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecuri
> > ty
> > Engine.java:201)
> > at
> >
> org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.
> > java:256)
> > ... 10 more
> >
> > I am suspecting that's probably caused by some PrettyXML or
> > NamespacePrefixOptimization mechanism when Axis modified the response
> > body with new lines/breaks/spaces to let it looks better. And I found
> > there was some specific parameter in Axis configuration for Axis1:
> >
> > <globalConfiguration>
> > <!-- MUST turn off pretty printing otherwise signature verification
> > fails -->
> > <parameter name="enableNamespacePrefixOptimization"
> value="false"/>
> > <parameter name="disablePrettyXML" value="true"/>
> >
> > </globalConfiguration>
> >
> >
> > But I didn't find there is corresponding parameters in Axis2. Has
> > somebody faced the same problem? I have been struggling with it for
> > over
> > 2 days...
> >
> > Thanks,
> > Allen
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
==============================================================================================
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
