Hi Bernanrd,
can you try to change the InitiatorToken:
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
<sp:RequireIssuerSerialReference/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
In my case it work.
Regards,
Jorge
El lun., 14 may. 2018 a las 5:03, Bernard Paris (<[email protected]>)
escribió:
> Hi devs,
>
> We need to useWS-SecurityPolicy with x509Token to query a ws, so we
> defined an address endpoint with policy, something like
> <address format="soap11" statistics="enable" trace="enable" uri="
> https://remote.server";>
> <enableAddressing version="submission"/>
> <enableSec policy="gov:policies/the-policy-POL.xml"/>
> </address>
>
> Here is the initiatorToken part of the policy file I defined in the policy
> file:
>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
>
> <wsp:Policy>
> <sp:RequireIssuerSerialReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
>
> …. expecting I will got some "ds:X509Data" datas in the SOAP header to
> send, something like
>
> <ds:KeyInfo Id="KI-EAF95CB2EABEB3293D13643957589981127">
> <wsse:SecurityTokenReference
> wsu:Id="STR-EAF95CB2EABEB3293D13643957589981128">
> <ds:X509Data>
> <ds:X509IssuerSerial>
>
> <ds:X509IssuerName>CN=WSJanusTEST_BULL001</ds:X509IssuerName>
> <ds:X509SerialNumber>1243600900</ds:X509SerialNumber>
>
>
> Unfortunately the only thing I get is
>
> <ds:KeyInfo Id="KeyId-171B34AA705833EBA0152628551959217">
> <wsse:SecurityTokenReference xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="STRId-171B34AA705833EBA0152628551959218">
> <wsse:Reference
> URI="#CertId-171B34AA705833EBA0152628551959116" ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
>
>
> Could you tell me where I'm wrong ?
> Here are the related carbon logs:
> [2018-05-14 10:44:27,520] [EI-Core] DEBUG - WSDoAllSender WSDoAllSender:
> enter invoke()
> [2018-05-14 10:44:27,520] [EI-Core] DEBUG - AsymmetricBindingBuilder
> AsymmetricBindingBuilder build invoked
> [2018-05-14 10:44:27,520] [EI-Core] DEBUG - BindingBuilder Processing
> symmetric binding: Setting up encryption token and signature token
> [2018-05-14 10:44:27,520] [EI-Core] DEBUG - BindingBuilder Obtaining the
> Encryption Token
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - BindingBuilder Token
> inclusion: 3
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - BindingBuilder User : CertEcole
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - RampartUtil loading class :
> be.ucl.sgsi.sisg.bp.PWCBHandler
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - BindingBuilder Password :
> aSecret
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - RampartUtil Loading Signature
> crypto
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - RampartUtil Using provider:
> org.apache.ws.security.components.crypto.Merlin
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - RampartUtil Cache Hit : Crypto
> Object was found in cache.
> [2018-05-14 10:44:27,527] [EI-Core] DEBUG - AsymmetricBindingBuilder
> AsymmetricBindingBuilder build invoked : DONE
>
>
>
>
> Thanks for any help,
> Bernard
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
