Here is the solution: I started developing a secure web service in my development computer. However when I deployed the application (in another server[JBoss]) to simulate different clients connecting to the web service with different LOCAL TIME ZONES, things went bad...
Problems with TIMESTAMP validation... I got error the following error depending on the tested client (either dotnet or java): In Microsoft [dotnet framework 2.0, WSE 3.0] WSE065: Creation time of the timestamp is in the future. This typically indicates lack of synchronization between sender and receiver clocks. or for java [Axis 1.4, wss4j 1.5.3] Exception: WSDoAllReceiver: security processing failed; nested exception is: org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header. (WSSecurityEngine: Invalid timestamp The security semantics of message have expired) The problems are due that the two clocks in the clients and the server are not synchonized. JAVA World: WSS4J - Use the timeToLive parameter in the handler to resolve this problem [1] [2]. MICROSOFT World: WSE 3.0 - Use the tags timeToleranceInSeconds and defaultTtlInSeconds in the app.config file of the web service in your project (illustration follows with the corresponding xml tags) [3] <configuration> <microsoft.web.services3> <security> <timeToleranceInSeconds value = "3600" /> <defaultTtlInSeconds value = "3600" /> [1] - http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ#time [2] - http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html#TTL_TIMESTAMP [3] - http://msdn.microsoft.com/en-us/library/ms824668.aspx [fyi] - http://www.google.ch/search?q=Secure+Web+Services+Interoperability+using+X.509+Certificate+Token+Profile+(AXIS+1.4%2C+WSS4J+1.5.3%2C+dotnet+2.0%2C+WSE+3.0+)&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr-FR:official&client=firefox-a Hope this helps! Jose Ferreiro On Wed, May 14, 2008 at 1:38 PM, José Ferreiro <> wrote: > Dear newsgroup, > > I successfully developed a server side service using axis 1.4 and wss4j > 1.5.3. > I implemented the signature, encryption and timestamp features. > > I may manage the local time in the server. > Nevertheless, I will have clients from different local times (not same > time as in the server. the local time in the server is GMT+1 ). > > How can a java client implement/apply the right timestamp according to the > server GMT+1 using axis 1.4 and wss4j 1.5.3? > > All suggestions are welcome. > > Thank you in advance > > Jose Ferreiro > -- José Ferreiro EPFL Communication Systems engineer