Hmm ... this is not possible with Rampart-1.0 style configuration! (Using configuration parameters). IMHO we must validate all elements in the wsse:Security header of the incoming message and I don't think it is correct to let random unknown elements in. We express exactly what we expect in the security header in the security policy of the service and the client MUST send exactly as expected by the service. Otherwise it is the client's problem.
Thanks, Ruchith On 7/10/07, stlecho <[EMAIL PROTECTED]> wrote:
I completely agree with you Tony. If the client sends on top of the required UsernameToken some additional and unwanted information (timestamp, addressing, ...), Rampart should still be happy that it finds the UsernameToken information. Regards, Stefan. Tony Dean wrote: > > As an example suppose you want Rampart to expect and always process a > UsernameToken. You would set > <action><items>UsernameToken</items></action>. However, by default .net > clients always send a Timestamp. So even though the .net client sends a > UsernameToken, a mismatch occurs because it sends a Timestamp as well. Is > there a way to configure Rampart to just ignore a Timestamp since it is > not expected? I think this is what Stefan is saying also. Maybe this is > against ws-security guidelines. I don't know. Thanks. > >> -----Original Message----- >> From: Ruchith Fernando [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, July 10, 2007 5:37 AM >> To: [email protected] >> Subject: Re: [Rampart] Ignore Timestamp and Addressing from client >> >> The actions mismatch error occurs when you configure rampart >> to expect security actions different to what the incoming >> message contains. When you configure Rampart to process all >> security operations performed on the message you will able to >> get rid of this error. >> >> Thanks, >> Ruchith >> >> On 7/2/07, stlecho <[EMAIL PROTECTED]> wrote: >> > >> > All, >> > >> > Is there a solution or workaround for this issue ? >> > >> > Regards, Stefan Lecho. >> > >> > >> > stlecho wrote: >> > > >> > > Hi, >> > > >> > > I have configured the InflowSecurity parameter (extracted included >> > > underneath) on the server side with the "Signature" item. >> > > >> > > One of our clients is using a C# client. The SOAP request that is >> > > received from this client contains Timestamp and >> Addressing related >> > > elements. This results in an "WSDoAllReceiver: security >> processing >> > > failed (actions mismatch)" AxisFault. >> > > >> > > Is there a way to "ignore" the Timestamp and Addressing related >> > > elements on the server ? >> > > >> > > Extract axis2.xml: >> > > <parameter name="InflowSecurity"> >> > > <action> >> > > <items>Signature</items> >> > > <signaturePropFile>interopin.properties</signaturePropFile> >> > > >> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> >> > > >> > > >> <signatureParts>{Element}{http://schemas.xmlsoap.org/soap/enve >> lope/}Body</signatureParts> >> > > </action> >> > > </parameter> >> > > >> > > >> > > Regards, Stefan Lecho. >> > > >> > >> > -- >> > View this message in context: >> > >> http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-c >> > lient-tf3882252.html#a11392800 Sent from the Axis - User >> mailing list >> > archive at Nabble.com. >> > >> > >> > >> --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> >> >> -- >> www.ruchith.org >> www.wso2.org >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-client-tf3882252.html#a11521124 Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
