[Dev] Issue with An X509 certificate with version 1

[Jorge]

Hi all.

I need to call a backend service secured with signonly, it´s a thirdparty
service.
The certificate that they send me it´s V1 and when I used it with SOAPUI or
a java client it work just fine...The request XML contain this part:




CN=2323434,OU=test,O=test,L=test,ST=test,C=CU
11718339280033114430




And I can get a sucessfull response.



But If I use the WSO2 EI with an endpoint with the signonly policy with
this InitiatorToken:

   

http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never;>








I get this error:
An unsupported token was provided (An X509 certificate with version 3 must
be used for SKI. The presented cert has version: 1)

If I change the certificate with another one but V3, I can see the request
with the ds:X509IssuerSerial tag but with errors in the response because
the signature verification  fail in the server side.

Any idea about how can I solve this issue?

Regards,
   Jorge
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Problem with IE6 using WS-SecurityPolicy

[Jorge]

Hi Bernanrd,
can you try to change the InitiatorToken:



http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never;>









In my case it work.


Regards,
   Jorge

El lun., 14 may. 2018 a las 5:03, Bernard Paris ()
escribió:

> Hi devs,
>
> We need to useWS-SecurityPolicy with x509Token to query a ws, so we
> defined an address endpoint with policy, something like
> https://remote.server;>
> 
> 
> 
>
> Here is the initiatorToken part of the policy file I defined in the policy
> file:
>
> 
>  
>   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy;>
>
> 
>  
>   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient;>
>
>
> 
> 
>
>   
>  
> 
>
> …. expecting I will got some "ds:X509Data" datas in the SOAP header to
> send, something like
>
> 
>  wsu:Id="STR-EAF95CB2EABEB3293D13643957589981128">
> 
> 
>
> CN=WSJanusTEST_BULL001
> 1243600900
>
>
> Unfortunately the only thing I get is
>
> 
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd;
> wsu:Id="STRId-171B34AA705833EBA0152628551959218">
>  URI="#CertId-171B34AA705833EBA0152628551959116" ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "/>
> 
> 
>
>
> Could you tell me where I'm wrong ?
> Here are the related carbon logs:
> [2018-05-14 10:44:27,520] [EI-Core] DEBUG - WSDoAllSender WSDoAllSender:
> enter invoke()
> [2018-05-14 10:44:27,520] [EI-Core] DEBUG - AsymmetricBindingBuilder
> AsymmetricBindingBuilder build invoked
> [2018-05-14 10:44:27,520] [EI-Core] DEBUG - BindingBuilder Processing
> symmetric binding: Setting up encryption token and signature token
> [2018-05-14 10:44:27,520] [EI-Core] DEBUG - BindingBuilder Obtaining the
> Encryption Token
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - BindingBuilder Token
> inclusion: 3
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - BindingBuilder User : CertEcole
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - RampartUtil loading class :
> be.ucl.sgsi.sisg.bp.PWCBHandler
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - BindingBuilder Password :
> aSecret
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - RampartUtil Loading Signature
> crypto
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - RampartUtil Using provider:
> org.apache.ws.security.components.crypto.Merlin
> [2018-05-14 10:44:27,521] [EI-Core] DEBUG - RampartUtil Cache Hit : Crypto
> Object was found in cache.
> [2018-05-14 10:44:27,527] [EI-Core] DEBUG - AsymmetricBindingBuilder
> AsymmetricBindingBuilder build invoked : DONE
>
>
>
>
> Thanks for any help,
> Bernard
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Ansible Resources Released for WSO2 Identity Server 5.6.0

[Ching Tien Shi]

WSO2 Installation Experience team is pleased to announce the release of
Ansible resources for WSO2 Identity Server 5.6.0.

*Ansible*
Released Artifacts:

   - WSO2 Identity Server v5.6.0.1 -
   https://github.com/wso2/ansible-is/releases/tag/v5.6.0.1

Issues:

   - WSO2 Identity Server v.5.6.0.1 -
   https://github.com/wso2/ansible-is/issues


*How You Can Contribute*

Join our mailing list and correspond with the developers directly.

Developer List: dev@wso2.org

User List: u...@wso2.org


*Reporting Issues*
We encourage you to report issues and documentation faults regarding WSO2
Ansible resource through respective repositories by creating issues.

Thank you!

WSO2 Installation Experience Team

Ching Shi
Software Engineer
WSO2

Email: ch...@wso2.com
Mobile: +94770186272
Web: http://wso2.com
[image: http://wso2.com/signature] 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Upgrading C4 OSGi to support Java 10

[Selvaratnam Uthaiyashankar]

Then, can you get APIM to build using JDK8, but run on JDK 10 please? We'll
see how to proceed after doing that.

On Thu, Sep 6, 2018 at 2:29 PM Tharindu Wijewardane 
wrote:

> Hi all,
>
> As KasunG suggested I tried to get the carbon kernel (built with java 8)
> to run on java 10 first. Followings are the things I tried/found out.
>
>
>- Existing carbon 4 cannot be run on java 10 as the equinox version
>Kepler is not compatible with java 9 or 10. There are known issues they did
>not fix on Kepler.
>
>
>- Earlier I have upgraded the equinox version to Photon (latest) and I
>have been trying to build with java 10 and was able to fix some issues but
>still I came across some issues even when building with java 8.
>
>
> *Cannot complete the install because one or more required items could not
> be found.*
>
> * Software being installed: Carbon Product 4.4.34.SNAPSHOT
> (carbon.product.id  4.4.34.SNAPSHOT)*
>
> * Missing requirement: Equinox Provisioning Metadata Repository
> 1.3.0.v20180302-1057 (org.eclipse.equinox.p2.metadata.repository
> 1.3.0.v20180302-1057) requires 'osgi.bundle; org.tukaani.xz 1.3.0' but it
> could not be found*
>
> * Cannot satisfy dependency:*
>
> *  From: Carbon Product 4.4.34.SNAPSHOT (carbon.product.id
>  4.4.34.SNAPSHOT)*
>
> *  To: org.eclipse.equinox.p2.iu;
> org.wso2.carbon.core.runtime.feature.group
> [4.4.34.SNAPSHOT,4.4.34.SNAPSHOT]*
>
> * Cannot satisfy dependency:*
>
> *  From: Equinox Provisioning Console 1.1.0.v20180130-1836
> (org.eclipse.equinox.p2.console 1.1.0.v20180130-1836)*
>
> *  To: java.package; org.eclipse.equinox.p2.engine [2.0.0,3.0.0)*
>
> * Cannot satisfy dependency:*
>
> *  From: Equinox Provisioning Engine 2.6.0.v20180409-1209
> (org.eclipse.equinox.p2.engine 2.6.0.v20180409-1209)*
>
> *  To: java.package;
> org.eclipse.equinox.internal.p2.metadata.repository.io
>  0.0.0*
>
> * Cannot satisfy dependency:*
>
> *  From: WSO2 Carbon - Carbon Runtime Feature 4.4.34.SNAPSHOT
> (org.wso2.carbon.core.runtime.feature.group 4.4.34.SNAPSHOT)*
>
> *  To: org.eclipse.equinox.p2.iu; org.eclipse.equinox.p2.console
> [1.1.0.v20180130-1836,1.1.0.v20180130-1836]*
>
>
> I found out there had been similar issues in previous equinox versions
> which have been fixed but seems to be resurfaced with Photon. I posted
> about that in eclipse forum.
>
>
>
>- Next I upgraded the equinox version to luna - which is an older
>version of equinox but newer than Kepler. It is the version used in C5
>hence I did not have to manually install the dependencies to local repo as
>they were already available in wso2 nexus. I could get it to compile with
>java 8 and with some modifications to wso2server.sh run it on java 10
>successfully. (Earlier Praminda had done this)
>
> Now that I have get the carbon kernal to run on java 10 what should my
> next step be? To integrate the changes to C4 or keep trying to build it on
> java 10?
> I am currently facing issues getting to generate stub classes from wsdl
> when building with java 10.
>
> Thanks
>
>
> On Mon, Sep 3, 2018 at 2:54 PM, Tharindu Wijewardane 
> wrote:
>
>> Hi Kasun,
>>
>> 1.) The fix I did was in a very old version of felix.scr.generator which
>> was released in 2011. I could not find the source on github so I downloaded
>> the source jar from maven repo and modified and installed to my local m2
>> repo by changing the version. Since this issue does not exist in newer
>> versions I am not sure how can i send the fix to Felix. (newer versions of 
>> felix.scr.generator
>> are not compatible with old scr plugin 1.7.4 which is the working version
>> for scr annotations).
>> What I thought of was to deploy the modified version in wso2 nexus repo
>> but I am not aware of the procedure (or whether should it be done like
>> that) please let me know.
>>
>> 2.) So far my focus was on building C4 with java 10. In that case I will
>> try to compile with java 8 and get it to run on java 10 first.
>>
>> Thanks
>>
>> On Mon, Sep 3, 2018 at 1:54 PM, KasunG Gajasinghe 
>> wrote:
>>
>>>
>>>
>>> On Mon, Sep 3, 2018 at 11:38 AM Tharindu Wijewardane 
>>> wrote:
>>>
 Hi all,

 An update on the previous email.

 In order to automatically generate osgi metadata xmls during the maven
 build either of following annotation schemas can be used.


- Felix SCR annotations
- OSGi declarative services (DS) annotations

 Older versions of maven scr plugin has used felix scr annotations but
 later on its mentioned on the documentations that it has started to support
 both felix scr annotations and DS annotations from osgi which is the
 standard set of annotations for generating osgi meta data xmls. This is
 done by adding the relevant dependency to pom with the scr plugin. However
 newer versions of scr plugin do not seem to be 

Re: [Dev] Upgrading C4 OSGi to support Java 10

[Tharindu Wijewardane]

Hi all,

As KasunG suggested I tried to get the carbon kernel (built with java 8) to
run on java 10 first. Followings are the things I tried/found out.


   - Existing carbon 4 cannot be run on java 10 as the equinox version
   Kepler is not compatible with java 9 or 10. There are known issues they did
   not fix on Kepler.


   - Earlier I have upgraded the equinox version to Photon (latest) and I
   have been trying to build with java 10 and was able to fix some issues but
   still I came across some issues even when building with java 8.


*Cannot complete the install because one or more required items could not
be found.*

* Software being installed: Carbon Product 4.4.34.SNAPSHOT
(carbon.product.id  4.4.34.SNAPSHOT)*

* Missing requirement: Equinox Provisioning Metadata Repository
1.3.0.v20180302-1057 (org.eclipse.equinox.p2.metadata.repository
1.3.0.v20180302-1057) requires 'osgi.bundle; org.tukaani.xz 1.3.0' but it
could not be found*

* Cannot satisfy dependency:*

*  From: Carbon Product 4.4.34.SNAPSHOT (carbon.product.id
 4.4.34.SNAPSHOT)*

*  To: org.eclipse.equinox.p2.iu;
org.wso2.carbon.core.runtime.feature.group
[4.4.34.SNAPSHOT,4.4.34.SNAPSHOT]*

* Cannot satisfy dependency:*

*  From: Equinox Provisioning Console 1.1.0.v20180130-1836
(org.eclipse.equinox.p2.console 1.1.0.v20180130-1836)*

*  To: java.package; org.eclipse.equinox.p2.engine [2.0.0,3.0.0)*

* Cannot satisfy dependency:*

*  From: Equinox Provisioning Engine 2.6.0.v20180409-1209
(org.eclipse.equinox.p2.engine 2.6.0.v20180409-1209)*

*  To: java.package; org.eclipse.equinox.internal.p2.metadata.repository.io
 0.0.0*

* Cannot satisfy dependency:*

*  From: WSO2 Carbon - Carbon Runtime Feature 4.4.34.SNAPSHOT
(org.wso2.carbon.core.runtime.feature.group 4.4.34.SNAPSHOT)*

*  To: org.eclipse.equinox.p2.iu; org.eclipse.equinox.p2.console
[1.1.0.v20180130-1836,1.1.0.v20180130-1836]*


I found out there had been similar issues in previous equinox versions
which have been fixed but seems to be resurfaced with Photon. I posted
about that in eclipse forum.



   - Next I upgraded the equinox version to luna - which is an older
   version of equinox but newer than Kepler. It is the version used in C5
   hence I did not have to manually install the dependencies to local repo as
   they were already available in wso2 nexus. I could get it to compile with
   java 8 and with some modifications to wso2server.sh run it on java 10
   successfully. (Earlier Praminda had done this)

Now that I have get the carbon kernal to run on java 10 what should my next
step be? To integrate the changes to C4 or keep trying to build it on java
10?
I am currently facing issues getting to generate stub classes from wsdl
when building with java 10.

Thanks


On Mon, Sep 3, 2018 at 2:54 PM, Tharindu Wijewardane 
wrote:

> Hi Kasun,
>
> 1.) The fix I did was in a very old version of felix.scr.generator which
> was released in 2011. I could not find the source on github so I downloaded
> the source jar from maven repo and modified and installed to my local m2
> repo by changing the version. Since this issue does not exist in newer
> versions I am not sure how can i send the fix to Felix. (newer versions of 
> felix.scr.generator
> are not compatible with old scr plugin 1.7.4 which is the working version
> for scr annotations).
> What I thought of was to deploy the modified version in wso2 nexus repo
> but I am not aware of the procedure (or whether should it be done like
> that) please let me know.
>
> 2.) So far my focus was on building C4 with java 10. In that case I will
> try to compile with java 8 and get it to run on java 10 first.
>
> Thanks
>
> On Mon, Sep 3, 2018 at 1:54 PM, KasunG Gajasinghe  wrote:
>
>>
>>
>> On Mon, Sep 3, 2018 at 11:38 AM Tharindu Wijewardane 
>> wrote:
>>
>>> Hi all,
>>>
>>> An update on the previous email.
>>>
>>> In order to automatically generate osgi metadata xmls during the maven
>>> build either of following annotation schemas can be used.
>>>
>>>
>>>- Felix SCR annotations
>>>- OSGi declarative services (DS) annotations
>>>
>>> Older versions of maven scr plugin has used felix scr annotations but
>>> later on its mentioned on the documentations that it has started to support
>>> both felix scr annotations and DS annotations from osgi which is the
>>> standard set of annotations for generating osgi meta data xmls. This is
>>> done by adding the relevant dependency to pom with the scr plugin. However
>>> newer versions of scr plugin do not seem to be supporting felix scr
>>> annotations and what i found from the community is that the scr plugin is
>>> in maintenance mode and it is better to use maven bundle plugin (without
>>> the scr plugin) which only supports osgi ds annotations.
>>>
>>> Since felix scr annotations are used in C4 I had 2 options to proceed.
>>> Either to fix java 10 compatibility issues in