Hi Sriram,
Seems like the body is encrypted twice! That's why you cannot find the
the second DataReference
(EncryptedContent-35c3b4c0-4192-48b3-ab5d-629c7abcc6e2) in the message
- since its encrypted.
Therefore please try changing the "items" in the inflow configuration to :
<items>Signature Encrypt Encrypt Timestamp</items>
Thanks,
Ruchith
On 10/19/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
Hi Ruchith,
Pasted below is the generated message from the .NET client with the extra encryptedKey
element and on the server side, the axis2 xml is configured for InflowSecurity as
"<items>Signature Encrypt Timestamp</items>"
Thanks
Sriram
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<soap:Header>
<wsa:Action
wsu:Id="Id-392264f7-703f-4ac0-b84d-810f91fe8f86">http://abc.testservice.com/echo</wsa:Action>
<wsa:MessageID
wsu:Id="Id-5d8a4918-a4f4-46d6-b275-66a3bba829c5">uuid:a9d09b03-8924-4bdb-b29b-2a88d4c9d457</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-9579ae46-5658-4e12-9119-64e2d440e89e">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To
wsu:Id="Id-e0ea75ce-232b-45c7-a069-475e602b6f49">https://abc.testservice.com/services/SampleService</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-3655fce3-efaa-4ee4-8143-2d9bb5b0ccb6">
<wsu:Created>2006-10-18T13:36:56Z</wsu:Created>
<wsu:Expires>2006-10-18T13:41:56Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-d51b1d39-71ff-46d8-9e13-64bd8b3ff398">MIIBujCCAWigAwIBAgIQ8RrjeUJb0JNNW53UzT9SWzAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MTAwMjE1NDcxNVoXDTM5MTIzMTIzNTk1OVowHTEbMBkGA1UEAxMSQ0RUVGVzdENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAUVXoOkoffCVPxzmGLGaPtLT8vF3h+Im8gbByZu/CBZWjPmqHRk62NsBr5923NtsMJR52fuMgaYbivSk9xxJfd4Q0OD35Y1sqx/veUOPW0N1kTdB5r51KadOU05C4/B3hBOJYq/FEpPwMYLEgZbUH2tDKbo8Qj+ntJmkD9yYQJQIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBADuVU60NZd3oX90ZJNasST6EsvNKpKLE7WtjXIS/QpxgLA3xwuTUQViGSZ5rKw7Z3TNy3LDxA4K8TY/Kh7fo9Xg=</wsse:BinarySecurityToken>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>6+TG/qjIwXgY6PC0uB9PEV+DEfE=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>NQ5JNFqRvllJ00dhS9pQ1Ux+n+on1dwSayYMFZ7JK9whQYC8ZXiiw3IwXXdrGYRtyuKqvdoPn1rZyBh+KWMguISsTz2SclRhsBmg2UpBuzUKabedVxdY2nU6wsI55i2JX0qLZhGURdVYZ0B/hKsQMWunYGjncEcJGuO1GAyFFFI=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#EncryptedContent-8b343733-6984-4b42-9b35-83bb20fa5f0f" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>6+TG/qjIwXgY6PC0uB9PEV+DEfE=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>a1PVPSkrjtjVf4R+4U5UODOSCqBaENKvXCIl+/jJyTilsTAUyasv5Iy/tay5oMzgVQvrgYhsOnETLrjx7MJXwFIL0stKhOIOeQLmP94MMnrNim6+KujylObPdMh/hTtSesJFGg0A9lZ79gWmNLH/vCagP5HZPSQ/9+BiOfkPWfE=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#EncryptedContent-35c3b4c0-4192-48b3-ab5d-629c7abcc6e2" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<Reference URI="#Id-392264f7-703f-4ac0-b84d-810f91fe8f86">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<DigestValue>XPsgAkRid9zqbvBCCcRAtfuDdvc=</DigestValue>
</Reference>
<Reference URI="#Id-5d8a4918-a4f4-46d6-b275-66a3bba829c5">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<DigestValue>4oqh/ZBIeqGO8aZBizjab2nA1Do=</DigestValue>
</Reference>
<Reference URI="#Id-9579ae46-5658-4e12-9119-64e2d440e89e">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<DigestValue>HAK41b2OHRKQ32hMS/jf0Mz0Gp4=</DigestValue>
</Reference>
<Reference URI="#Id-e0ea75ce-232b-45c7-a069-475e602b6f49">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<DigestValue>cwCmR+Yko4zoBey8wOVizE6zPTw=</DigestValue>
</Reference>
<Reference URI="#Timestamp-3655fce3-efaa-4ee4-8143-2d9bb5b0ccb6">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<DigestValue>veIjhp8Ubw/V2Sa6kdArohMD6nw=</DigestValue>
</Reference>
<Reference URI="#Id-89cc079d-6dea-406e-ad20-5b7c7a925767">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<DigestValue>jeT3j5JGalurE0pODG0gS1qmeCw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>vGgQHG8/MvSsM8xXaahSyGZ408ji8LfbX7yfxcnJ40c7CDCDYwoj75ZmZD7T7u1Igzmn7CmM7rzFCcb+MM34bj7HVChMTAuw8bluKEHksTzJItqwSYxWmPb2QHyuGaea8ahy3CFmr+FNCujZ/kfEZQ98CmtXmj9idtMvTzJkBbQ=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-d51b1d39-71ff-46d8-9e13-64bd8b3ff398"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-89cc079d-6dea-406e-ad20-5b7c7a925767">
<xenc:EncryptedData Id="EncryptedContent-8b343733-6984-4b42-9b35-83bb20fa5f0f"
Type="http://www.w3.org/2001/04/xmlenc#Content";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
<xenc:CipherData>
<xenc:CipherValue>/tc/143BkwW4h6qmKy4bi+iLMEYI8xe5XdIy83kwDlSZZpFgA9RePh9c0Z+whSlZ3nQ7j3FPnODKA9eknQh02BHZwcmp2GcdghfnB8HNGm7rnKSJmXUkG6C5FzPWqI84lhYToQTJh/rpmbwMzav1uBqVvPWzeUaYRFnGTvNlEkddDuOfOXaX+VY7BahU/ExCXANlk1LY9nGrm+j5dda7uQjbKNTzsULFXvqgyKLU4S4Zq9zcy2bFHqTXavJotQnafIRQheSRzHdk2FkhJOYYAzAdStLfYS4Tzx4x2L2w8ZrqnkdHgLn8I0Hq05XGHI2c5GxOt5CqXkuCQ93ZlR1DLY+5nnnVaWIk75vjePIrw8kmXgpcy2/bI7AYnZxWJpSpzXXGvOiznvcF7iQubgi674j0PPrA7cbGlY+fS4pAIUaRAM00wMyjPQcs6jPJrjvV5Ndj+6siCl9Ptj6BPpCmPHxS+wW0zXeVGpPn1u9nquvQXsTEhldknsc7p/gIOSf8wQmlPJAjOvAe+4lUHnGBkq6mF7A+9uqbt2xCuzbMMEKg9pRCVCtM2GVdhGNSSsKLmuPpdnTzAdKlcHPHaIx659kcAKKcq0XTXDZInOJK7ggkwwPQKSeLajwkVIbCs8UTOuUErI39t2m79T3Wvy5JTC+6ptCSbSM1J7dsV2IKrN5NmoyWSsIzbKC4RSOGEL/P</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
-----Original Message-----
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 18, 2006 6:57 PM
To: [email protected]
Subject: Re: Rampart module
Hi Sriram,
Yes, the extra EncryptedKey with a RefList (meaning there's content
that is encrypted with that key) can be causing the action mismatch.
Can you please post the message generated by the .NET client?
Thanks,
Ruchith
On 10/18/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> Thanks for the response, Ruchith.
>
> I had a question with the WSDoAllReceiver. There is a check for matching
the Actions in the right order, which throws a WSDoAllReceiver: security processing
failed (actions mismatch)") in case the actions don't match with the actual
results and the configured actions.
> We are having a .NET client trying to send the message but it always fails for the
actions mismatch check. On looking at it they have an extra <xenc:encryptedKey>
element, which is having a referenceData URI, but the URI doesn't match to any
particular element in the document. We have the Server axis2.xml configured as
> "<items>Signature Encrypt Timestamp</items>"
>
> Could the extra encrypted element in the request be causing this "Actions
Mismatch" error. Any help on this would be appreciated.
>
> Thanks
> Sriram
>
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 18, 2006 12:47 AM
> To: [email protected]
> Subject: Re: Rampart module
>
> Hi Sriram,
>
> On 10/18/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> > Hi,
> > Where can I get the source files for the Rampart Module?
>
> Trunk:
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/security
>
> 1.1 Branch:
>
https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_1/modules/security
>
> > Also, any idea when will the Rampart 1.1 version coming out?
> I think we can release rampart a week or two after the Axis2 1.1 release.
>
> Thanks,
> Ruchith
>
> >
> > Thanks
> > Sriram
> >
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> > Sent: Monday, October 16, 2006 10:45 PM
> > To: [email protected]
> > Subject: Re: Rampart module
> >
> > Please try this :
> >
> >
http://people.apache.org/repository/org.apache.axis2/mars/rampart-1.1-SNAPSHOT.mar
> >
> > Thanks,
> > Ruchith
> >
> > On 10/17/06, Marcel Casado <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > >
> > > Where I can find a snapshot of the Rampart module that works fine with
> > > an snapshot of Axis2 1.1 ?
> > >
> > > Thanks,
> > >
> > > -Marcel
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
