Hi everyone,
I'm attempting to invoke a simple Rampart enabled EchoService from a .NET
client. However, I get a "The timestamp could not be validated" error
everytime. I've disabled the Timestamp option on the service side but it
doesn't make any difference. I've compared the Timestamp formatting between a
.NET and Java client and there's not much difference at all as shown below:
### .NET ###
<wsu:Timestamp wsu:Id="Timestamp-74569579-8e34-407f-a10c-c27d3b119b80">
<wsu:Created>2008-07-23T14:55:04Z</wsu:Created>
<wsu:Expires>2008-07-23T15:00:04Z</wsu:Expires>
</wsu:Timestamp>
### Java ###
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-1035988">
<wsu:Created>2008-07-24T08:59:27.952Z</wsu:Created>
<wsu:Expires>2008-07-24T09:04:27.952Z</wsu:Expires>
</wsu:Timestamp>
I've searched the web and one of the issues raised was that a .NET client
appends the Timestamp at the top of the security header while a Java client
appends the Timestamp at the bottom of the security header. Could this be an
issue? Although I doubt the ordering of WSSE elements should make any
difference.
I've posted both the SOAP request (from a .NET client) and response (from a
Rampart enabled service) messages at the bottom of this email for further
reference. Any insight would be greatly appreciated. Cheers.
BTW I've also posted this question on the general Axis2 mailing list since
there might be someone in the general Axis community who may have come across
this issue before.
Regards
--------------
Sanjay Vivek
SOAP Request from a .NET client
################################
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<soap:Header>
<wsa:Action>urn:echo</wsa:Action>
<wsa:MessageID>urn:uuid:1673e489-d3be-4810-b40e-854423fef2c2</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://128.240.2.3:8083/rampart-echo/services/RampartEchoService.RampartEchoServiceHttpSoap11Endpoint</wsa:To>
<wsse:Security>
<wsu:Timestamp
wsu:Id="Timestamp-74569579-8e34-407f-a10c-c27d3b119b80">
<wsu:Created>2008-07-23T14:55:04Z</wsu:Created>
<wsu:Expires>2008-07-23T15:00:04Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<echo xmlns="http://service.echo.rampart";>
<arg>hello</arg>
</echo>
</soap:Body>
</soap:Envelope>
SOAP Response from a Rampart enabled service
############################################
<?xml version='1.0' encoding='utf-8'?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";>
<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
<wsa:MessageID>urn:uuid:42C68E847DB869C8CA1216824473152</wsa:MessageID>
<wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>
<wsa:RelatesTo>urn:uuid:257f8523-4b91-4073-b87a-76c0b3e4151f</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body>
<soapenv:Fault
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>The timestamp could not be validated</faultstring>
<detail />
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
