Thanks Colm. Do you mean to say the timestamp is not just signed but encrypted as well if it is part of the AsymmetricBinding?
In my policy I have also added username token as a supporting token, outside of AsymmetricBinding. Would this token be signed and encrypted too? I have written a Java client that is able to successfully send and receive a response using the policy. I have a requirement to test the endpoint using SoapUI tool as well and that's where I am facing issues since I couldn't just import the policy SoapUI. Thanks, Giriraj On Mar 23, 2016 7:04 AM, "Colm O hEigeartaigh" <[email protected]> wrote: > If you are using the SymmetricBinding or AsymmetricBinding policies, the > Timestamp is automatically signed if the "IncludeTimestamp" policy is in > the Binding policy. > > The "sp:Header" policy in SignedParts/EncryptedParts is designed to be used > for SOAP headers, not for internal headers in the security header (such as > Timestamp). Instead, use an "EncryptedElements" policy, with an XPath > expression pointing to the Timestamp. > > Colm. > > On Tue, Mar 22, 2016 at 3:17 AM, Giriraj Bhojak <[email protected]> > wrote: > > > Hello, > > > > > > I need to sign and encrypt the timestamp WS-Security header. > > > > My policy file has following assertions: > > > > > > > > <sp:SignedParts> > > > > <sp:Body /> > > > > <sp:Header Namespace=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " /> > > > > </sp:SignedParts> > > > > <sp:EncryptedParts> > > > > <sp:Body /> > > > > <sp:Header Namespace=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " /> > > > > </sp:EncryptedParts> > > > > Above namespace belongs to wsu element. > > > > I can still see following entry in the wsse:Security element: > > > > > > > > <wsu:Timestamp > > wsu:Id="TS-A91AE37C42BC91148914586148175181"> > > > > > > <wsu:Created>2016-03-22T02:46:57.516Z</wsu:Created> > > > > > > <wsu:Expires>2016-03-22T02:51:57.516Z</wsu:Expires> > > > > </wsu:Timestamp> > > > > > > > > If I try to add the namespace of wsse into the signed and encrypted parts > > above in order to encrypt and sign entire header as follows: > > > > <sp:SignedParts> > > > > <sp:Body /> > > > > <sp:Header Namespace=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " /> > > > > </sp:SignedParts> > > > > <sp:EncryptedParts> > > > > <sp:Body /> > > > > <sp:Header Namespace=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " /> > > > > </sp:EncryptedParts> > > > > > > > > Then on the CXF server I get: > > > > org.apache.cxf.interceptor.Fault- Exception Message: Found element { > > http://www.w3.org/2001/04/xmlenc#}EncryptionMethod but could not find > > matching RPC/Literal part > > > > I am using CXF v2.7.11. > > > > Am I doing something wrong? > > > > Thanks, > > Giriraj > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
