[jira] Created: (RAMPART-46) org.apache.axis2.AxisFault: The security token could not be authenticated or authorized

[Shweta Desai (JIRA)]

org.apache.axis2.AxisFault: The security token could not be authenticated or 
authorized 
----------------------------------------------------------------------------------------

                 Key: RAMPART-46
                 URL: https://issues.apache.org/jira/browse/RAMPART-46
             Project: Rampart
          Issue Type: Test
    Affects Versions: 1.1
         Environment: AXIS2 1.1 Client Side
WSE 3.0 .net Server
            Reporter: Shweta Desai
            Priority: Blocker


I have set the security header as written below. 

<wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 wsu:Id="UsernameToken-9624795"> 
               <wsse:Username>user2007</wsse:Username> 
               <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>2007</wsse:Password>
 
               <wsse:Nonce>QOqyFHT9TydDSKieEDOdjw==</wsse:Nonce> 
               <wsu:Created>2007-05-24T21:38:11Z</wsu:Created> 
</wsse:UsernameToken> 

But .net server expecting the token something written below. 

<wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 wsu:Id="SecurityToken-e1d2ddef-25f1-455e-a535-42aec1f8a1fc"> 
              <wsse:Username>user_2007</wsse:Username> 
              <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>2007</wsse:Password>
 
              <wsse:Nonce>mI0DNp0NZZ9BRlGYQn7xdQ==</wsse:Nonce> 
              <wsu:Created>2006-12-05T23:42:15Z</wsu:Created> 
</wsse:UsernameToken> 

And because of that I am getting error like 

org.apache.axis2.AxisFault: The security token could not be authenticated or 
authorized ---> WSE565: The password provided by the SecurityTokenManager does 
not match the one on the incoming token. 
at 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:271)
 
at 
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
 



Few things of my coding: 

Sysout of callback password: 

pass type>> null 
password>> null 
Identifier>> adpinc2007r 
Usage>> 2 
key>> null 

And passwordCallback function is something below: 

String id = pwcb.getIdentifer(); 
            if("user_2007".equals(id)) { 
                pwcb.setPassword("2007"); 
        } 

I will be thankful if you guide me for this authentication issues. 
I am new to this security header setting and I am not sure I have done right or 
not.

Your help will be very appriciated.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.