Has anyone come across this WCF error... <Message>Signing without primary signature requires timestamp.</Message>
I have changed the config to include the timestamp: <parameter name="OutflowSecurity"> <action> <items>Timestamp Signature</items> <user>user</user> <passwordCallbackClass>PWCBHandler</passwordCallbackClass> <signaturePropFile>client.properties</signaturePropFile> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> </action> </parameter> The XML includes the timestamp, but the WCF service still complains about that the timestamp does not exist. Does anyone have any ideas? Is it something that needs to be changed on my end? Thanks On 25 January 2011 17:45, Abid K. <[email protected]> wrote: > Hi all, > > A little more information. My client has said they do the following in > .net to setup the client: > > ----------- > proxyClient.ClientCredentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser, > > System.Security.Cryptography.X509Certificates.StoreName.My, > > > System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, > > "John Doe"); > ----------- > > Does anyone know how I can mimic this in Rampart configuration? or how > I can change the request to contain the John Doe subject name? > > Thanks > > On 25 January 2011 14:37, Abid K. <[email protected]> wrote: >> Hi, >> >> It seems the client cannot find the key with the value >> 'a7e24d986ef9fdef06efd76fb33825d502279e95'. Is it possible to specify >> the key name to something else? I think the client has given it a >> proper name. >> >> Thanks >> >> On 24 January 2011 14:11, Thilina Mahesh Buddhika <[email protected]> >> wrote: >>> It looks like the certificate used by client for signing/encrypting the >>> message is not available in the key store of the service''s end. >>> Also check the key store configurations of the service's end whether they >>> are referring to the correct key store, etc. >>> Thanks, >>> Thilina >>> Thilina Mahesh Buddhika >>> http://blog.thilinamb.com >>> >>> >>> On Mon, Jan 24, 2011 at 4:46 PM, Abid K. <[email protected]> wrote: >>>> >>>> Sorry for not replying sooner. The client receives the following error... >>>> >>>> ----------- >>>> Cannot find the X.509 certificate using the following search criteria: >>>> StoreName 'My', StoreLocation 'LocalMachine', FindType >>>> 'FindByThumbprint', FindValue >>>> 'a7e24d986ef9fdef06efd76fb33825d502279e95'.. ---&gt; >>>> System.InvalidOperationException: Cannot find the X.509 certificate >>>> using the following search criteria: StoreName 'My', StoreLocation >>>> 'LocalMachine', FindType 'FindByThumbprint', FindValue >>>> 'a7e24d986ef9fdef06efd76fb33825d502279e95'. >>>> ----------- >>>> >>>> The value 'a7e24d986ef9fdef06efd76fb33825d502279e95' is the SHA1 value >>>> for the certificate that seems to be used for signing the message on >>>> the client side and I assume this is then being passed to the service >>>> for verification. >>>> >>>> It seems the key cannot be found on the service side, but do you think >>>> I need to change something on the client side? >>>> >>>> Thanks >>>> >>>> On 20 January 2011 04:14, Thilina Mahesh Buddhika <[email protected]> >>>> wrote: >>>> > Hi, >>>> > >>>> > It seems like the service has thrown an error when trying to process the >>>> > secured request. The message being logged at RampartReceiver has the >>>> > fault >>>> > message 'An error occurred when verifying security for the >>>> > message'. >>>> > >>>> > If you can check the logs at service end, it would provide the actual >>>> > reason >>>> > for the error. >>>> > >>>> > Thanks, >>>> > Thilina >>>> > >>>> > Thilina Mahesh Buddhika >>>> > http://blog.thilinamb.com >>>> > >>>> > >>>> > On Wed, Jan 19, 2011 at 10:12 PM, Abid K. <[email protected]> wrote: >>>> >> >>>> >> Hi, I have created a client app using Axis2/Rampart and I'm having >>>> >> difficulties getting it to work with .net/WCF(I think). >>>> >> >>>> >> My axis2.xml config contains (Also tried policy with same results): >>>> >> ... >>>> >> <parameter name="OutflowSecurity"> >>>> >> <action> >>>> >> <items>Signature</items> >>>> >> <user>user</user> >>>> >> <passwordCallbackClass>PWCBHandler</passwordCallbackClass> >>>> >> <signaturePropFile>client.properties</signaturePropFile> >>>> >> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> >>>> >> </action> >>>> >> </parameter> >>>> >> ... etc. >>>> >> >>>> >> client.properties: >>>> >> >>>> >> >>>> >> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin >>>> >> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 >>>> >> org.apache.ws.security.crypto.merlin.file=key.pfx >>>> >> org.apache.ws.security.crypto.merlin.keystore.password=password >>>> >> >>>> >> >>>> >> I get the follow error: >>>> >> org.apache.axis2.AxisFault: An error occurred when verifying security >>>> >> for the message. >>>> >> at >>>> >> >>>> >> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) >>>> >> at >>>> >> >>>> >> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) >>>> >> at >>>> >> >>>> >> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) >>>> >> >>>> >> Also get the following in the log: >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] Request body sent >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "HTTP/1.1 500 Internal Server >>>> >> Error[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "HTTP/1.1 500 Internal Server >>>> >> Error[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Date: Wed, 19 Jan 2011 16:02:39 >>>> >> GMT[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Server: >>>> >> Microsoft-IIS/6.0[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "X-Powered-By: ASP.NET[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "X-AspNet-Version: >>>> >> 2.0.50727[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Connection: close[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Cache-Control: private[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Content-Type: >>>> >> application/soap+xml; charset=utf-8[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Content-Length: 643[\r][\n]" >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "[\r][\n]" >>>> >> ... >>>> >> 2011-01-19 16:02:38 [main] [DEBUG] *********************** >>>> >> RampartReceiver received >>>> >> <?xml version='1.0' encoding='utf-8'?><s:Envelope >>>> >> xmlns:s="http://www.w3.org/2003/05/soap-envelope"; >>>> >> xmlns:a="http://www.w3.org/2005/08/addressing";><s:Header><a:Action >>>> >> >>>> >> >>>> >> s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action><a:RelatesTo>urn:uuid:C18F4C3E6ACADFD1F31295452955592</a:RelatesTo></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Sender</s:Value><s:Subcode><s:Value >>>> >> >>>> >> >>>> >> xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>a:InvalidSecurity</s:Value></s:Subcode></s:Code><s:Reason><s:Text >>>> >> xml:lang="en-GB">An error occurred when verifying security for the >>>> >> message.</s:Text></s:Reason></s:Fault></s:Body></s:Envelope> >>>> >> >>>> >> >>>> >> I've carried out an internet search but get no definitive answer and >>>> >> I'm hoping someone here can help. >>>> >> >>>> >> --------------------------------------------------------------------- >>>> >> To unsubscribe, e-mail: [email protected] >>>> >> For additional commands, e-mail: [email protected] >>>> >> >>>> > >>>> > >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>> >>> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
