Hi Ruchith,
Thanks a lot for the response. That solved the issue.
I have another question regarding using a single client to send secure
messages to different services and each service expects the incoming message
to be encrypted.
But in my client's axis2.xml for the OutflowSecurity parameter the
<encryptionUser> can specify the alias for any one of the service's public
certificate. Is there any way this alias can be supplied dynamically based on a
condition instead of having it hardcoded in the axis2.xml. Any insight on this
would be appreciated.
Thanks
Sriram________________________________ From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Wed 10/18/2006 9:51 PM To: [email protected] Subject: Re: Rampart module Hi Sriram, Seems like the body is encrypted twice! That's why you cannot find the the second DataReference (EncryptedContent-35c3b4c0-4192-48b3-ab5d-629c7abcc6e2) in the message - since its encrypted. Therefore please try changing the "items" in the inflow configuration to : <items>Signature Encrypt Encrypt Timestamp</items> Thanks, Ruchith On 10/19/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote: > Hi Ruchith, > Pasted below is the generated message from the .NET client with the > extra encryptedKey element and on the server side, the axis2 xml is > configured for InflowSecurity as "<items>Signature Encrypt Timestamp</items>" > > Thanks > Sriram > > <?xml version="1.0" encoding="utf-8"?> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"; > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > <soap:Header> > <wsa:Action > wsu:Id="Id-392264f7-703f-4ac0-b84d-810f91fe8f86">http://abc.testservice.com/echo</wsa:Action> > <wsa:MessageID > wsu:Id="Id-5d8a4918-a4f4-46d6-b275-66a3bba829c5">uuid:a9d09b03-8924-4bdb-b29b-2a88d4c9d457</wsa:MessageID> > <wsa:ReplyTo wsu:Id="Id-9579ae46-5658-4e12-9119-64e2d440e89e"> > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address> > </wsa:ReplyTo> > <wsa:To > wsu:Id="Id-e0ea75ce-232b-45c7-a069-475e602b6f49">https://abc.testservice.com/services/SampleService</wsa:To> > <wsse:Security soap:mustUnderstand="1"> > <wsu:Timestamp > wsu:Id="Timestamp-3655fce3-efaa-4ee4-8143-2d9bb5b0ccb6"> > <wsu:Created>2006-10-18T13:36:56Z</wsu:Created> > <wsu:Expires>2006-10-18T13:41:56Z</wsu:Expires> > </wsu:Timestamp> > <wsse:BinarySecurityToken > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="SecurityToken-d51b1d39-71ff-46d8-9e13-64bd8b3ff398">MIIBujCCAWigAwIBAgIQ8RrjeUJb0JNNW53UzT9SWzAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MTAwMjE1NDcxNVoXDTM5MTIzMTIzNTk1OVowHTEbMBkGA1UEAxMSQ0RUVGVzdENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAUVXoOkoffCVPxzmGLGaPtLT8vF3h+Im8gbByZu/CBZWjPmqHRk62NsBr5923NtsMJR52fuMgaYbivSk9xxJfd4Q0OD35Y1sqx/veUOPW0N1kTdB5r51KadOU05C4/B3hBOJYq/FEpPwMYLEgZbUH2tDKbo8Qj+ntJmkD9yYQJQIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBADuVU60NZd3oX90ZJNasST6EsvNKpKLE7WtjXIS/QpxgLA3xwuTUQViGSZ5rKw7Z3TNy3LDxA4K8TY/Kh7fo9Xg=</wsse:BinarySecurityToken> > <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > <wsse:SecurityTokenReference> > <wsse:KeyIdentifier > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"; > > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>6+TG/qjIwXgY6PC0uB9PEV+DEfE=</wsse:KeyIdentifier> > </wsse:SecurityTokenReference> > </KeyInfo> > <xenc:CipherData> > > <xenc:CipherValue>NQ5JNFqRvllJ00dhS9pQ1Ux+n+on1dwSayYMFZ7JK9whQYC8ZXiiw3IwXXdrGYRtyuKqvdoPn1rZyBh+KWMguISsTz2SclRhsBmg2UpBuzUKabedVxdY2nU6wsI55i2JX0qLZhGURdVYZ0B/hKsQMWunYGjncEcJGuO1GAyFFFI=</xenc:CipherValue> > </xenc:CipherData> > <xenc:ReferenceList> > <xenc:DataReference > URI="#EncryptedContent-8b343733-6984-4b42-9b35-83bb20fa5f0f" /> > </xenc:ReferenceList> > </xenc:EncryptedKey> > <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > <wsse:SecurityTokenReference> > <wsse:KeyIdentifier > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"; > > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>6+TG/qjIwXgY6PC0uB9PEV+DEfE=</wsse:KeyIdentifier> > </wsse:SecurityTokenReference> > </KeyInfo> > <xenc:CipherData> > > <xenc:CipherValue>a1PVPSkrjtjVf4R+4U5UODOSCqBaENKvXCIl+/jJyTilsTAUyasv5Iy/tay5oMzgVQvrgYhsOnETLrjx7MJXwFIL0stKhOIOeQLmP94MMnrNim6+KujylObPdMh/hTtSesJFGg0A9lZ79gWmNLH/vCagP5HZPSQ/9+BiOfkPWfE=</xenc:CipherValue> > </xenc:CipherData> > <xenc:ReferenceList> > <xenc:DataReference > URI="#EncryptedContent-35c3b4c0-4192-48b3-ab5d-629c7abcc6e2" /> > </xenc:ReferenceList> > </xenc:EncryptedKey> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> > <SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <Reference URI="#Id-392264f7-703f-4ac0-b84d-810f91fe8f86"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </Transforms> > <DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <DigestValue>XPsgAkRid9zqbvBCCcRAtfuDdvc=</DigestValue> > </Reference> > <Reference URI="#Id-5d8a4918-a4f4-46d6-b275-66a3bba829c5"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </Transforms> > <DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <DigestValue>4oqh/ZBIeqGO8aZBizjab2nA1Do=</DigestValue> > </Reference> > <Reference URI="#Id-9579ae46-5658-4e12-9119-64e2d440e89e"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </Transforms> > <DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <DigestValue>HAK41b2OHRKQ32hMS/jf0Mz0Gp4=</DigestValue> > </Reference> > <Reference URI="#Id-e0ea75ce-232b-45c7-a069-475e602b6f49"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </Transforms> > <DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <DigestValue>cwCmR+Yko4zoBey8wOVizE6zPTw=</DigestValue> > </Reference> > <Reference URI="#Timestamp-3655fce3-efaa-4ee4-8143-2d9bb5b0ccb6"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </Transforms> > <DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <DigestValue>veIjhp8Ubw/V2Sa6kdArohMD6nw=</DigestValue> > </Reference> > <Reference URI="#Id-89cc079d-6dea-406e-ad20-5b7c7a925767"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </Transforms> > <DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <DigestValue>jeT3j5JGalurE0pODG0gS1qmeCw=</DigestValue> > </Reference> > </SignedInfo> > > <SignatureValue>vGgQHG8/MvSsM8xXaahSyGZ408ji8LfbX7yfxcnJ40c7CDCDYwoj75ZmZD7T7u1Igzmn7CmM7rzFCcb+MM34bj7HVChMTAuw8bluKEHksTzJItqwSYxWmPb2QHyuGaea8ahy3CFmr+FNCujZ/kfEZQ98CmtXmj9idtMvTzJkBbQ=</SignatureValue> > <KeyInfo> > <wsse:SecurityTokenReference> > <wsse:Reference > URI="#SecurityToken-d51b1d39-71ff-46d8-9e13-64bd8b3ff398" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > /> > </wsse:SecurityTokenReference> > </KeyInfo> > </Signature> > </wsse:Security> > </soap:Header> > <soap:Body wsu:Id="Id-89cc079d-6dea-406e-ad20-5b7c7a925767"> > <xenc:EncryptedData > Id="EncryptedContent-8b343733-6984-4b42-9b35-83bb20fa5f0f" > Type="http://www.w3.org/2001/04/xmlenc#Content"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /> > <xenc:CipherData> > > <xenc:CipherValue>/tc/143BkwW4h6qmKy4bi+iLMEYI8xe5XdIy83kwDlSZZpFgA9RePh9c0Z+whSlZ3nQ7j3FPnODKA9eknQh02BHZwcmp2GcdghfnB8HNGm7rnKSJmXUkG6C5FzPWqI84lhYToQTJh/rpmbwMzav1uBqVvPWzeUaYRFnGTvNlEkddDuOfOXaX+VY7BahU/ExCXANlk1LY9nGrm+j5dda7uQjbKNTzsULFXvqgyKLU4S4Zq9zcy2bFHqTXavJotQnafIRQheSRzHdk2FkhJOYYAzAdStLfYS4Tzx4x2L2w8ZrqnkdHgLn8I0Hq05XGHI2c5GxOt5CqXkuCQ93ZlR1DLY+5nnnVaWIk75vjePIrw8kmXgpcy2/bI7AYnZxWJpSpzXXGvOiznvcF7iQubgi674j0PPrA7cbGlY+fS4pAIUaRAM00wMyjPQcs6jPJrjvV5Ndj+6siCl9Ptj6BPpCmPHxS+wW0zXeVGpPn1u9nquvQXsTEhldknsc7p/gIOSf8wQmlPJAjOvAe+4lUHnGBkq6mF7A+9uqbt2xCuzbMMEKg9pRCVCtM2GVdhGNSSsKLmuPpdnTzAdKlcHPHaIx659kcAKKcq0XTXDZInOJK7ggkwwPQKSeLajwkVIbCs8UTOuUErI39t2m79T3Wvy5JTC+6ptCSbSM1J7dsV2IKrN5NmoyWSsIzbKC4RSOGEL/P</xenc:CipherValue> > </xenc:CipherData> > </xenc:EncryptedData> > </soap:Body> > </soap:Envelope> > > -----Original Message----- > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 18, 2006 6:57 PM > To: [email protected] > Subject: Re: Rampart module > > Hi Sriram, > > Yes, the extra EncryptedKey with a RefList (meaning there's content > that is encrypted with that key) can be causing the action mismatch. > Can you please post the message generated by the .NET client? > > Thanks, > Ruchith > > On 10/18/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote: > > Thanks for the response, Ruchith. > > > > I had a question with the WSDoAllReceiver. There is a check for > > matching the Actions in the right order, which throws a WSDoAllReceiver: > > security processing failed (actions mismatch)") in case the actions don't > > match with the actual results and the configured actions. > > We are having a .NET client trying to send the message but it always fails > > for the actions mismatch check. On looking at it they have an extra > > <xenc:encryptedKey> element, which is having a referenceData URI, but the > > URI doesn't match to any particular element in the document. We have the > > Server axis2.xml configured as > > "<items>Signature Encrypt Timestamp</items>" > > > > Could the extra encrypted element in the request be causing this "Actions > > Mismatch" error. Any help on this would be appreciated. > > > > Thanks > > Sriram > > > > > > -----Original Message----- > > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, October 18, 2006 12:47 AM > > To: [email protected] > > Subject: Re: Rampart module > > > > Hi Sriram, > > > > On 10/18/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote: > > > Hi, > > > Where can I get the source files for the Rampart Module? > > > > Trunk: > > https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/security > > > > 1.1 Branch: > > https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_1/modules/security > > > > > Also, any idea when will the Rampart 1.1 version coming out? > > I think we can release rampart a week or two after the Axis2 1.1 release. > > > > Thanks, > > Ruchith > > > > > > > > Thanks > > > Sriram > > > > > > > > > -----Original Message----- > > > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > > > Sent: Monday, October 16, 2006 10:45 PM > > > To: [email protected] > > > Subject: Re: Rampart module > > > > > > Please try this : > > > > > > http://people.apache.org/repository/org.apache.axis2/mars/rampart-1.1-SNAPSHOT.mar > > > > > > Thanks, > > > Ruchith > > > > > > On 10/17/06, Marcel Casado <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > > > > > Where I can find a snapshot of the Rampart module that works fine with > > > > an snapshot of Axis2 1.1 ? > > > > > > > > Thanks, > > > > > > > > -Marcel > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > -- > > > www.ruchith.org > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > -- > > www.ruchith.org > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > -- > www.ruchith.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
<<winmail.dat>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
