Hi Guys, Not sure if I am sending this to the right place, any assistance would be greatly appreciated. We have developed a .NET based web service that requires API calls to be signed using an x509 cert (& transmitted over https). We have developed an Axis2 (1.2) client using Rampart (1.2) to add a signature to the Web Service Call. We can successfully call the web service using a .NET client, and also from the Java client if we disable Rampart signature (and turn off the message signing requirements in our .NET app server). However when we engage Rampart to sign the message the Java client web service call fails with the error:
Exception in thread "main" org.apache.axis2.AxisFault: An error occurred when verifying security for the message. at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:434 ) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio n.java:373) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOpera tion.java:294) at com.mydials.DataSubmissionApiStub.About(DataSubmissionApiStub.java:173) at com.mydials.test.TestMain.main(TestMain.java:41) So, the .NET based web service rejects the Java client call to the web service. When debugging (on the Windows server) the xml document sent by the .NET client (working) looks to be very similar to that sent by the Java client (fails). Below are the two documents - there must be a difference! Any ideas what I am doing wrong? Or how to faultfind further? A) .NET Client WS Call (Works) ============================== <MessageLogTraceRecord> <HttpRequest xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageT race"> <Method>POST</Method> <QueryString></QueryString> <WebHeaders> <Connection>Keep-Alive</Connection> <Content-Length>3103</Content-Length> <Content-Type>text/xml; charset=utf-8</Content-Type> <Expect>100-continue</Expect> <Host>secure.mywaynesworld.com</Host> <SOAPAction>"http://mydials.com/DataSubmissionApiContract/About";</SOAPAction > </WebHeaders> </HttpRequest> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2007-06-21T00:48:58.093Z</u:Created> <u:Expires>2007-06-21T00:53:58.093Z</u:Expires> </u:Timestamp> <o:BinarySecurityToken u:Id="uuid-f4024fe9-57ad-4924-9a8c-87b107e2de8d-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke n-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m essage-security-1.0#Base64Binary">MIID9jCCA1+gAwIBAgIKGn50yQAAAAAACjANBgkqhk iG9w0BAQUFADAjMSEwHwYDVQQDExhzZWN1cmUubXl3YXluZXN3b3JsZC5jb20wHhcNMDcwNTMxMD M0MzIyWhcNMDgwNTMxMDM1MzIyWjBDMRswGQYDVQQDExJteWRpYWxzLnRlbmFudC5tcngxJDAiBg kqhkiG9w0BCQEWFXRpbS5tdW5yb0BteWRhaWxzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgY kCgYEAw7RliiCROuOT6V31jypwP6OTjb40agX58G/EfC4UdbbJq8IJnJvjwwINL5pqO6MnbWb5Yu 8UqVZfq1Cp0RKD990pI+kU2uF3hZRRO3/vpOblC8Dc7JiiXMGtWEnWUNXJEeqM3eh1PWgOLNUL5B HnFoFeNWDkP51lDT85lO7U9k0CAwEAAaOCAg8wggILMA4GA1UdDwEB/wQEAwIE8DBEBgkqhkiG9w 0BCQ8ENzA1MA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhv cNAwcwHQYDVR0OBBYEFGG7t9ZjyT6NkjuPg71bZF92LoOWMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB 8GA1UdIwQYMBaAFA8eG25fvBNb0QHxAlI06P/AuA4QMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGPW h0dHA6Ly9zdGFnaW5nLXNlcnZlci9DZXJ0RW5yb2xsL3NlY3VyZS5teXdheW5lc3dvcmxkLmNvbS 5jcmyGP2ZpbGU6Ly9cXHN0YWdpbmctc2VydmVyXENlcnRFbnJvbGxcc2VjdXJlLm15d2F5bmVzd2 9ybGQuY29tLmNybDCBxgYIKwYBBQUHAQEEgbkwgbYwWAYIKwYBBQUHMAKGTGh0dHA6Ly9zdGFnaW 5nLXNlcnZlci9DZXJ0RW5yb2xsL3N0YWdpbmctc2VydmVyX3NlY3VyZS5teXdheW5lc3dvcmxkLm NvbS5jcnQwWgYIKwYBBQUHMAKGTmZpbGU6Ly9cXHN0YWdpbmctc2VydmVyXENlcnRFbnJvbGxcc3 RhZ2luZy1zZXJ2ZXJfc2VjdXJlLm15d2F5bmVzd29ybGQuY29tLmNydDANBgkqhkiG9w0BAQUFAA OBgQAlOlNwFXFA8oFMANGRo7RLNEZnO69LrRrxsR7Z9O3NXGs94HPqWZ5Vm/USnNqX0255q+3AN6 lgjLHz3WCN4aW/2akDK1GqRAEZufd0oq9IK+bGKB6BJVw3DrLycJMzOOf+E7e4CoRKL/LLdzEcPk WOVNIiq7/WMpUbvAht3Ymj1g==</o:BinarySecurityToken> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></CanonicalizationMethod > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></SignatureMethod> <Reference URI="#_0"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></DigestMethod> <DigestValue>RIVXyYAZZMquQfh0uHF/N3apDrA=</DigestValue> </Reference> </SignedInfo> <SignatureValue>Yq2P24hcneNvKAXmpqD1vScLgeqZqflt9ruJUU/Ff2KEmJqKIPZoTESyLa7t 3df2tkNHZ02kv0z5IWF9HI5Ci+ZtVXtYf8iUlLRFV4CFKV0rad/O0muCT9oi9YtEJo0i7/u3wHn5 zqRodRKFWaftFE/dKOuG15BhhPQBqLCWFXk=</SignatureValue> <KeyInfo> <o:SecurityTokenReference> <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke n-profile-1.0#X509v3" URI="#uuid-f4024fe9-57ad-4924-9a8c-87b107e2de8d-1"></o:Reference> </o:SecurityTokenReference> </KeyInfo> </Signature> </o:Security> <To s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none";>https://stag ing-server/Services/DataSubmissionService.svc</To> <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none";>http://mydia ls.com/DataSubmissionApiContract/About</Action> </s:Header> <s:Body> <About xmlns="http://mydials.com/";></About> </s:Body> </s:Envelope> </MessageLogTraceRecord> B) Axis2/Rampart Client WS Call (Fails) ======================================= <MessageLogTraceRecord> <HttpRequest xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageT race"> <Method>POST</Method> <QueryString></QueryString> <WebHeaders> <Content-Length>3556</Content-Length> <Content-Type>text/xml; charset=UTF-8</Content-Type> <Host>secure.mywaynesworld.com</Host> <User-Agent>Axis2</User-Agent> <SOAPAction>"http://mydials.com/DataSubmissionApiContract/About";</SOAPAction > </WebHeaders> </HttpRequest> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m essage-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke n-profile-1.0#X509v3" wsu:Id="CertId-19300432">MIID9jCCA1+gAwIBAgIKGn50yQAAAAAACjANBgkqhkiG9w0BAQU FADAjMSEwHwYDVQQDExhzZWN1cmUubXl3YXluZXN3b3JsZC5jb20wHhcNMDcwNTMxMDM0MzIyWhc NMDgwNTMxMDM1MzIyWjBDMRswGQYDVQQDExJteWRpYWxzLnRlbmFudC5tcngxJDAiBgkqhkiG9w0 BCQEWFXRpbS5tdW5yb0BteWRhaWxzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw7R liiCROuOT6V31jypwP6OTjb40agX58G/EfC4UdbbJq8IJnJvjwwINL5pqO6MnbWb5Yu8UqVZfq1C p0RKD990pI+kU2uF3hZRRO3/vpOblC8Dc7JiiXMGtWEnWUNXJEeqM3eh1PWgOLNUL5BHnFoFeNWD kP51lDT85lO7U9k0CAwEAAaOCAg8wggILMA4GA1UdDwEB/wQEAwIE8DBEBgkqhkiG9w0BCQ8ENzA 1MA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQY DVR0OBBYEFGG7t9ZjyT6NkjuPg71bZF92LoOWMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB8GA1UdIwQ YMBaAFA8eG25fvBNb0QHxAlI06P/AuA4QMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGPWh0dHA6Ly9 zdGFnaW5nLXNlcnZlci9DZXJ0RW5yb2xsL3NlY3VyZS5teXdheW5lc3dvcmxkLmNvbS5jcmyGP2Z pbGU6Ly9cXHN0YWdpbmctc2VydmVyXENlcnRFbnJvbGxcc2VjdXJlLm15d2F5bmVzd29ybGQuY29 tLmNybDCBxgYIKwYBBQUHAQEEgbkwgbYwWAYIKwYBBQUHMAKGTGh0dHA6Ly9zdGFnaW5nLXNlcnZ lci9DZXJ0RW5yb2xsL3N0YWdpbmctc2VydmVyX3NlY3VyZS5teXdheW5lc3dvcmxkLmNvbS5jcnQ wWgYIKwYBBQUHMAKGTmZpbGU6Ly9cXHN0YWdpbmctc2VydmVyXENlcnRFbnJvbGxcc3RhZ2luZy1 zZXJ2ZXJfc2VjdXJlLm15d2F5bmVzd29ybGQuY29tLmNydDANBgkqhkiG9w0BAQUFAAOBgQAlOlN wFXFA8oFMANGRo7RLNEZnO69LrRrxsR7Z9O3NXGs94HPqWZ5Vm/USnNqX0255q+3AN6lgjLHz3WC N4aW/2akDK1GqRAEZufd0oq9IK+bGKB6BJVw3DrLycJMzOOf+E7e4CoRKL/LLdzEcPkWOVNIiq7/ WMpUbvAht3Ymj1g==</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-5699121"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMet hod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> <ds:Reference URI="#Timestamp-20632381"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> <ds:DigestValue>GwFUrF3rPn8LNX469gyemUFiZ0A=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> kPOyYNJekpNOMU9fXVYhyD5ekgd/qFXiH6PVWhN/m3AD/qUbB/IIFGjZk56roYsa3FCheL22ovog JKEjhrrbi7UH0WJ2+DDpBcGyNQx4aORgzWbWcTQIoSLsh4cn059Rz3d7UZNlsmTNwRZet10IYMvL RQ+Haz7RJ2sMYrE0pkc= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-4677928"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" wsu:Id="STRId-20290587"> <wsse:Reference URI="#CertId-19300432" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke n-profile-1.0#X509v3"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" wsu:Id="Timestamp-20632381"> <wsu:Created>2007-06-21T00:46:52.187Z</wsu:Created> <wsu:Expires>2007-06-21T00:51:52.187Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> <To soapenv:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none";>https://stag ing-server/Services/DataSubmissionService.svc</To> <Action soapenv:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none";>http://mydia ls.com/DataSubmissionApiContract/About</Action> </soapenv:Header> <soapenv:Body> <ns3:About xmlns:ns3="http://mydials.com/";></ns3:About> </soapenv:Body> </soapenv:Envelope> </MessageLogTraceRecord>
