Re: I have a wotking fix in the signed/encrypted version now (and thanks Colm)

Colm O hEigeartaigh Wed, 15 Oct 2014 07:18:09 -0700

Ok you are using a WS-SecurityPolicy 1.1 policy. sp13:Created + sp13:Nonce
do not apply for this version of the specification, and so that is why they
are not in the message.


Colm.

On Wed, Oct 15, 2014 at 12:13 PM, Chris <[email protected]> wrote:

> Here is the policy from the WSDL:
>
> /<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>                 wsu:Id="Service6Soap1p2Soap12HttpPort_Fault_Policy">
>                 <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
>                 <sp:SignedElements
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
>                 <sp:EncryptedParts
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
>                 <sp:EncryptedElements
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
>         </wsp:Policy>
>         <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy";
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>                 wsu:Id="Service6Soap1p2Soap12HttpPort_Input_Policy">
>                 <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                         <sp:Body />
>                         <sp:Header Name="fmw-context"
> Namespace="http://xmlns.oracle.com/fmw/context/1.0"; />
>                         <sp:Header Name="" Namespace="
> http://www.w3.org/2005/08/addressing"; />
>                         <sp:Header Name=""
>                                 Namespace="
> http://schemas.xmlsoap.org/ws/2004/08/addressing"; />
>                 </sp:SignedParts>
>                 <sp:SignedElements
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
>                 <sp:EncryptedParts
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                         <sp:Body />
>                         <sp:Header Name="fmw-context"
> Namespace="http://xmlns.oracle.com/fmw/context/1.0"; />
>                 </sp:EncryptedParts>
>                 <sp:EncryptedElements
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
>         </wsp:Policy>
>         <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy";
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>                 wsu:Id="Service6Soap1p2Soap12HttpPort_Output_Policy">
>                 <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                         <sp:Body />
>                 </sp:SignedParts>
>                 <sp:SignedElements
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
>                 <sp:EncryptedParts
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                         <sp:Body />
>                 </sp:EncryptedParts>
>                 <sp:EncryptedElements
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
>         </wsp:Policy>
>         <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy";
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>
>
> wsu:Id="wss10_username_token_with_message_protection_service_policy_timestamp_nonce">
>                 <sp:AsymmetricBinding
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                         <wsp:Policy>
>                                 <sp:InitiatorToken>
>                                         <wsp:Policy>
>                                                 <sp:X509Token
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
>                                                         <wsp:Policy>
>
> <sp:WssX509V3Token10 />
>                                                         </wsp:Policy>
>                                                 </sp:X509Token>
>                                         </wsp:Policy>
>                                 </sp:InitiatorToken>
>                                 <sp:RecipientToken>
>                                         <wsp:Policy>
>                                                 <sp:X509Token
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
>                                                         <wsp:Policy>
>
> <sp:WssX509V3Token10 />
>                                                         </wsp:Policy>
>                                                 </sp:X509Token>
>                                         </wsp:Policy>
>                                 </sp:RecipientToken>
>                                 <sp:AlgorithmSuite>
>                                         <wsp:Policy>
>                                                 <sp:Basic128 />
>                                         </wsp:Policy>
>                                 </sp:AlgorithmSuite>
>                                 <sp:Layout>
>                                         <wsp:Policy>
>                                                 <sp:Lax />
>                                         </wsp:Policy>
>                                 </sp:Layout>
>                                 <sp:IncludeTimestamp />
>                                 <sp:OnlySignEntireHeadersAndBody />
>                         </wsp:Policy>
>                 </sp:AsymmetricBinding>
>                 <sp:Wss10 xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                         <wsp:Policy />
>                 </sp:Wss10>
>                 <sp:SignedSupportingTokens
>                         xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                         <wsp:Policy>
>                                 <sp:UsernameToken
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
>                                         <wsp:Policy
>
> xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802";>
>                                                 <sp:WssUsernameToken10 />
>                                                 <sp13:Created />
>                                                 <sp13:Nonce />
>                                         </wsp:Policy>
>                                 </sp:UsernameToken>
>                         </wsp:Policy>
>                 </sp:SignedSupportingTokens>
>         </wsp:Policy>
> /
> The following is the usename token part as produced by oracle, I added the
> Created and Nonce myself. Oracle does not request them even if if you set
> "required" on the server:
>
> /<sp:SignedSupportingTokens
>         xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>         <wsp:Policy>
>                 <sp:UsernameToken
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
>                         <wsp:Policy>
>                                 <sp:WssUsernameToken10 />
>                         </wsp:Policy>
>                 </sp:UsernameToken>
>         </wsp:Policy>
> </sp:SignedSupportingTokens>
> </wsp:Policy>/
>
>
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749913.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: I have a wotking fix in the signed/encrypted version now (and thanks Colm)

Reply via email to