Hi Sriram,
We cannot specify service specific parameters in the axis2.xml file.
Therefore we have an alternative way to configure the clients when
talking to multiple services. You can use two helper classes to
generate the parameters dynamically and set them in the options object
of the client before invoking the service.
Please have a look at "sample11" of this [1] presentation.
Thanks,
Ruchith
[1] http://www.wso2.net/presentations/rampart/java/2006/08/04/secure-ws
On 10/25/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
Hi Ruchith,
Thanks a lot for the response. That solved the issue.
I have another question regarding using a single client to send secure
messages to different services and each service expects the incoming message
to be encrypted.
But in my client's axis2.xml for the OutflowSecurity parameter the
<encryptionUser> can specify the alias for any one of the service's public
certificate. Is there any way this alias can be supplied dynamically based on a
condition instead of having it hardcoded in the axis2.xml. Any insight on this would
be appreciated.
Thanks
Sriram
________________________________
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Wed 10/18/2006 9:51 PM
To: [email protected]
Subject: Re: Rampart module
Hi Sriram,
Seems like the body is encrypted twice! That's why you cannot find the
the second DataReference
(EncryptedContent-35c3b4c0-4192-48b3-ab5d-629c7abcc6e2) in the message
- since its encrypted.
Therefore please try changing the "items" in the inflow configuration to :
<items>Signature Encrypt Encrypt Timestamp</items>
Thanks,
Ruchith
On 10/19/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> Hi Ruchith,
> Pasted below is the generated message from the .NET client with the extra encryptedKey
element and on the server side, the axis2 xml is configured for InflowSecurity as
"<items>Signature Encrypt Timestamp</items>"
>
> Thanks
> Sriram
>
> <?xml version="1.0" encoding="utf-8"?>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
> <soap:Header>
> <wsa:Action
wsu:Id="Id-392264f7-703f-4ac0-b84d-810f91fe8f86">http://abc.testservice.com/echo</wsa:Action>
> <wsa:MessageID
wsu:Id="Id-5d8a4918-a4f4-46d6-b275-66a3bba829c5">uuid:a9d09b03-8924-4bdb-b29b-2a88d4c9d457</wsa:MessageID>
> <wsa:ReplyTo wsu:Id="Id-9579ae46-5658-4e12-9119-64e2d440e89e">
>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
> </wsa:ReplyTo>
> <wsa:To
wsu:Id="Id-e0ea75ce-232b-45c7-a069-475e602b6f49">https://abc.testservice.com/services/SampleService</wsa:To>
> <wsse:Security soap:mustUnderstand="1">
> <wsu:Timestamp
wsu:Id="Timestamp-3655fce3-efaa-4ee4-8143-2d9bb5b0ccb6">
> <wsu:Created>2006-10-18T13:36:56Z</wsu:Created>
> <wsu:Expires>2006-10-18T13:41:56Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-d51b1d39-71ff-46d8-9e13-64bd8b3ff398">MIIBujCCAWigAwIBAgIQ8RrjeUJb0JNNW53UzT9SWzAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MTAwMjE1NDcxNVoXDTM5MTIzMTIzNTk1OVowHTEbMBkGA1UEAxMSQ0RUVGVzdENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAUVXoOkoffCVPxzmGLGaPtLT8vF3h+Im8gbByZu/CBZWjPmqHRk62NsBr5923NtsMJR52fuMgaYbivSk9xxJfd4Q0OD35Y1sqx/veUOPW0N1kTdB5r51KadOU05C4/B3hBOJYq/FEpPwMYLEgZbUH2tDKbo8Qj+ntJmkD9yYQJQIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBADuVU60NZd3oX90ZJNasST6EsvNKpKLE7WtjXIS/QpxgLA3xwuTUQViGSZ5rKw7Z3TNy3LDxA4K8TY/Kh7fo9Xg=</wsse:BinarySecurityToken>
> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
> <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>6+TG/qjIwXgY6PC0uB9PEV+DEfE=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </KeyInfo>
> <xenc:CipherData>
>
<xenc:CipherValue>NQ5JNFqRvllJ00dhS9pQ1Ux+n+on1dwSayYMFZ7JK9whQYC8ZXiiw3IwXXdrGYRtyuKqvdoPn1rZyBh+KWMguISsTz2SclRhsBmg2UpBuzUKabedVxdY2nU6wsI55i2JX0qLZhGURdVYZ0B/hKsQMWunYGjncEcJGuO1GAyFFFI=</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
URI="#EncryptedContent-8b343733-6984-4b42-9b35-83bb20fa5f0f" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
> <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>6+TG/qjIwXgY6PC0uB9PEV+DEfE=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </KeyInfo>
> <xenc:CipherData>
>
<xenc:CipherValue>a1PVPSkrjtjVf4R+4U5UODOSCqBaENKvXCIl+/jJyTilsTAUyasv5Iy/tay5oMzgVQvrgYhsOnETLrjx7MJXwFIL0stKhOIOeQLmP94MMnrNim6+KujylObPdMh/hTtSesJFGg0A9lZ79gWmNLH/vCagP5HZPSQ/9+BiOfkPWfE=</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
URI="#EncryptedContent-35c3b4c0-4192-48b3-ab5d-629c7abcc6e2" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
> <SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
> <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
> <Reference URI="#Id-392264f7-703f-4ac0-b84d-810f91fe8f86">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
> <DigestValue>XPsgAkRid9zqbvBCCcRAtfuDdvc=</DigestValue>
> </Reference>
> <Reference URI="#Id-5d8a4918-a4f4-46d6-b275-66a3bba829c5">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
> <DigestValue>4oqh/ZBIeqGO8aZBizjab2nA1Do=</DigestValue>
> </Reference>
> <Reference URI="#Id-9579ae46-5658-4e12-9119-64e2d440e89e">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
> <DigestValue>HAK41b2OHRKQ32hMS/jf0Mz0Gp4=</DigestValue>
> </Reference>
> <Reference URI="#Id-e0ea75ce-232b-45c7-a069-475e602b6f49">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
> <DigestValue>cwCmR+Yko4zoBey8wOVizE6zPTw=</DigestValue>
> </Reference>
> <Reference URI="#Timestamp-3655fce3-efaa-4ee4-8143-2d9bb5b0ccb6">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
> <DigestValue>veIjhp8Ubw/V2Sa6kdArohMD6nw=</DigestValue>
> </Reference>
> <Reference URI="#Id-89cc079d-6dea-406e-ad20-5b7c7a925767">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
> <DigestValue>jeT3j5JGalurE0pODG0gS1qmeCw=</DigestValue>
> </Reference>
> </SignedInfo>
>
<SignatureValue>vGgQHG8/MvSsM8xXaahSyGZ408ji8LfbX7yfxcnJ40c7CDCDYwoj75ZmZD7T7u1Igzmn7CmM7rzFCcb+MM34bj7HVChMTAuw8bluKEHksTzJItqwSYxWmPb2QHyuGaea8ahy3CFmr+FNCujZ/kfEZQ98CmtXmj9idtMvTzJkBbQ=</SignatureValue>
> <KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#SecurityToken-d51b1d39-71ff-46d8-9e13-64bd8b3ff398"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
/>
> </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:Body wsu:Id="Id-89cc079d-6dea-406e-ad20-5b7c7a925767">
> <xenc:EncryptedData Id="EncryptedContent-8b343733-6984-4b42-9b35-83bb20fa5f0f"
Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
> <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
> <xenc:CipherData>
>
<xenc:CipherValue>/tc/143BkwW4h6qmKy4bi+iLMEYI8xe5XdIy83kwDlSZZpFgA9RePh9c0Z+whSlZ3nQ7j3FPnODKA9eknQh02BHZwcmp2GcdghfnB8HNGm7rnKSJmXUkG6C5FzPWqI84lhYToQTJh/rpmbwMzav1uBqVvPWzeUaYRFnGTvNlEkddDuOfOXaX+VY7BahU/ExCXANlk1LY9nGrm+j5dda7uQjbKNTzsULFXvqgyKLU4S4Zq9zcy2bFHqTXavJotQnafIRQheSRzHdk2FkhJOYYAzAdStLfYS4Tzx4x2L2w8ZrqnkdHgLn8I0Hq05XGHI2c5GxOt5CqXkuCQ93ZlR1DLY+5nnnVaWIk75vjePIrw8kmXgpcy2/bI7AYnZxWJpSpzXXGvOiznvcF7iQubgi674j0PPrA7cbGlY+fS4pAIUaRAM00wMyjPQcs6jPJrjvV5Ndj+6siCl9Ptj6BPpCmPHxS+wW0zXeVGpPn1u9nquvQXsTEhldknsc7p/gIOSf8wQmlPJAjOvAe+4lUHnGBkq6mF7A+9uqbt2xCuzbMMEKg9pRCVCtM2GVdhGNSSsKLmuPpdnTzAdKlcHPHaIx659kcAKKcq0XTXDZInOJK7ggkwwPQKSeLajwkVIbCs8UTOuUErI39t2m79T3Wvy5JTC+6ptCSbSM1J7dsV2IKrN5NmoyWSsIzbKC4RSOGEL/P</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soap:Body>
> </soap:Envelope>
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 18, 2006 6:57 PM
> To: [email protected]
> Subject: Re: Rampart module
>
> Hi Sriram,
>
> Yes, the extra EncryptedKey with a RefList (meaning there's content
> that is encrypted with that key) can be causing the action mismatch.
> Can you please post the message generated by the .NET client?
>
> Thanks,
> Ruchith
>
> On 10/18/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> > Thanks for the response, Ruchith.
> >
> > I had a question with the WSDoAllReceiver. There is a check for matching
the Actions in the right order, which throws a WSDoAllReceiver: security processing failed
(actions mismatch)") in case the actions don't match with the actual results and the
configured actions.
> > We are having a .NET client trying to send the message but it always fails for
the actions mismatch check. On looking at it they have an extra <xenc:encryptedKey>
element, which is having a referenceData URI, but the URI doesn't match to any particular
element in the document. We have the Server axis2.xml configured as
> > "<items>Signature Encrypt Timestamp</items>"
> >
> > Could the extra encrypted element in the request be causing this "Actions
Mismatch" error. Any help on this would be appreciated.
> >
> > Thanks
> > Sriram
> >
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, October 18, 2006 12:47 AM
> > To: [email protected]
> > Subject: Re: Rampart module
> >
> > Hi Sriram,
> >
> > On 10/18/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > > Where can I get the source files for the Rampart Module?
> >
> > Trunk:
> >
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/security
> >
> > 1.1 Branch:
> >
https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_1/modules/security
> >
> > > Also, any idea when will the Rampart 1.1 version coming out?
> > I think we can release rampart a week or two after the Axis2 1.1 release.
> >
> > Thanks,
> > Ruchith
> >
> > >
> > > Thanks
> > > Sriram
> > >
> > >
> > > -----Original Message-----
> > > From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> > > Sent: Monday, October 16, 2006 10:45 PM
> > > To: [email protected]
> > > Subject: Re: Rampart module
> > >
> > > Please try this :
> > >
> > >
http://people.apache.org/repository/org.apache.axis2/mars/rampart-1.1-SNAPSHOT.mar
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > On 10/17/06, Marcel Casado <[EMAIL PROTECTED]> wrote:
> > > > Hi,
> > > >
> > > > Where I can find a snapshot of the Rampart module that works fine with
> > > > an snapshot of Axis2 1.1 ?
> > > >
> > > > Thanks,
> > > >
> > > > -Marcel
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
