I did finally get the code in sample02 to work, although not with Tomcat 5.5.23. Switching to Tomcat 5.0.28 works for me though (and eliminates the error below). I'm sure it's some kind of library issue, but once I got it working I decided not to pursue finding a definitive cause.
-----Original Message----- From: Jon Hanshew [mailto:[EMAIL PROTECTED] Sent: Friday, September 07, 2007 4:58 PM To: [email protected] Subject: RE: Rampart error with MustUnderstand Check out policy sample02 in Rampart 1.3. The policy/service.xml files work there. I have also gotten it to work for my own wsdl app. However I am having trouble adding a UsernameToken to the mix. Ford, Jennifer M. wrote: > > Well, it has stopped giving me errors for Must Understand, but still > no luck on actually authenticating. It appears to get past the Timestamp > processing, and then fails. Has anyone gotten a Rampart policy with > AsymmetricBinding/Signature only to work properly? I would be > interested in seeing your policy file. > > I am seeing the following error in the logs: > 2007-08-08 15:51:56,983 DEBUG org.apache.ws.security.WSSecurityEngine > - Unknown Element: BinarySecurityToken > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-sec > ex > t-1.0.xsd > > That seems like probable cause for this to fail. I looked up that > error on Google, and I see a lot of references to XML Pretty Printing > (which I now have disabled in my client axis2.xml, although it does > not appear to have made a difference in the output) and most of those > messages were using Axis 1.3, not Axis2 as I am using. > > The other thing I am struggling with are the X509 token types and the > decryption algorithm. Is it possible to find that information on the > certificate itself? I was unable to find it, but I am thinking if I > were wrong that would be another reason why my signature validation > would fail. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 08, 2007 8:07 AM > To: [email protected] > Subject: RE: Rampart error with MustUnderstand > > Hi, > > It looks like your client is set up to add a timestamp and signature, > but the server has not been configured to expect them. I got the same > error when I configured rampart on my client but not on my server. > > The Must Understand flag means: If the server doesn't understand this > header element, then it must report an error rather than continue > processing. > > cheers, > Michael > from sunny Ottawa > > >> -----Original Message----- >> From: Ford, Jennifer M. [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, August 07, 2007 6:17 PM >> To: [email protected] >> Subject: Rampart error with MustUnderstand >> >> >> I have spent the last couple days trying to add Rampart to an >> existing > >> web service with Policy/Sample02 as a model. I feel like I'm close, >> but I can't seem to get past the most recent error: >> >> 2007-08-07 16:43:12,066 DEBUG >> org.apache.axis2.transport.http.AxisServlet - >> org.apache.axis2.AxisFault: Must Understand check failed for header >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu > rity-secex > t-1.0.xsd : Security > > Perhaps a stupid question, but what does the Must Understand check do > exactly? And, more importantly, what might cause this problem? > > Thanks, > Jennifer > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Rampart%3A-how-to-use-UsernameToken%2C-Signature-a nd-Encrypt-together%2C-use-different-username.-tf3275410.html#a12564010 Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
