Re: I have a wotking fix in the signed/encrypted version now (and thanks Colm)

Wed, 15 Oct 2014 04:14:24 -0700 

Here is the policy from the WSDL:

/<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
        
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
                wsu:Id="Service6Soap1p2Soap12HttpPort_Fault_Policy">
                <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
                <sp:SignedElements
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
                <sp:EncryptedParts
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
                <sp:EncryptedElements
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
        </wsp:Policy>
        <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
        
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
                wsu:Id="Service6Soap1p2Soap12HttpPort_Input_Policy">
                <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                        <sp:Body />
                        <sp:Header Name="fmw-context"
Namespace="http://xmlns.oracle.com/fmw/context/1.0"; />
                        <sp:Header Name="" 
Namespace="http://www.w3.org/2005/08/addressing"; />
                        <sp:Header Name=""
                                
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; />
                </sp:SignedParts>
                <sp:SignedElements
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
                <sp:EncryptedParts
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                        <sp:Body />
                        <sp:Header Name="fmw-context"
Namespace="http://xmlns.oracle.com/fmw/context/1.0"; />
                </sp:EncryptedParts>
                <sp:EncryptedElements
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
        </wsp:Policy>
        <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
        
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
                wsu:Id="Service6Soap1p2Soap12HttpPort_Output_Policy">
                <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                        <sp:Body />
                </sp:SignedParts>
                <sp:SignedElements
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
                <sp:EncryptedParts
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                        <sp:Body />
                </sp:EncryptedParts>
                <sp:EncryptedElements
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
        </wsp:Policy>
        <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
        
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
        
wsu:Id="wss10_username_token_with_message_protection_service_policy_timestamp_nonce">
                <sp:AsymmetricBinding
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                        <wsp:Policy>
                                <sp:InitiatorToken>
                                        <wsp:Policy>
                                                <sp:X509Token
                                                
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
                                                        <wsp:Policy>
                                                                
<sp:WssX509V3Token10 />
                                                        </wsp:Policy>
                                                </sp:X509Token>
                                        </wsp:Policy>
                                </sp:InitiatorToken>
                                <sp:RecipientToken>
                                        <wsp:Policy>
                                                <sp:X509Token
                                                
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
                                                        <wsp:Policy>
                                                                
<sp:WssX509V3Token10 />
                                                        </wsp:Policy>
                                                </sp:X509Token>
                                        </wsp:Policy>
                                </sp:RecipientToken>
                                <sp:AlgorithmSuite>
                                        <wsp:Policy>
                                                <sp:Basic128 />
                                        </wsp:Policy>
                                </sp:AlgorithmSuite>
                                <sp:Layout>
                                        <wsp:Policy>
                                                <sp:Lax />
                                        </wsp:Policy>
                                </sp:Layout>
                                <sp:IncludeTimestamp />
                                <sp:OnlySignEntireHeadersAndBody />
                        </wsp:Policy>
                </sp:AsymmetricBinding>
                <sp:Wss10 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                        <wsp:Policy />
                </sp:Wss10>
                <sp:SignedSupportingTokens
                        
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                        <wsp:Policy>
                                <sp:UsernameToken
                                
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
                                        <wsp:Policy
                                        
xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802";>
                                                <sp:WssUsernameToken10 />
                                                <sp13:Created />
                                                <sp13:Nonce />
                                        </wsp:Policy>
                                </sp:UsernameToken>
                        </wsp:Policy>
                </sp:SignedSupportingTokens>
        </wsp:Policy>
/
The following is the usename token part as produced by oracle, I added the
Created and Nonce myself. Oracle does not request them even if if you set
"required" on the server:

/<sp:SignedSupportingTokens
        xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
        <wsp:Policy>
                <sp:UsernameToken
                
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
                        <wsp:Policy>
                                <sp:WssUsernameToken10 />
                        </wsp:Policy>
                </sp:UsernameToken>
        </wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:Policy>/







--
View this message in context: 
http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749913.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to