Hello Sanjay,
Please observe the following:
SOAP Request from your .NET client
################################
<wsse:Security>
<wsu:Timestamp
wsu:Id="Timestamp-74569579-8e34-407f-a10c-c27d3b119b80">
<wsu:Created>2008-07-23T14:55:04Z</wsu:Created>
<wsu:Expires>2008-07-23T15:00:04Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
### Java ###
<wsu:Timestamp xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-1035988">
<wsu:Created>2008-07-24T08:59:27.952Z</wsu:Created>
<wsu:Expires>2008-07-24T09:04:27.952Z</wsu:Expires>
</wsu:Timestamp>
Please take a look at the clock synchonization between the two machines.
By default this value should not have a difference bigger than 300 seconds
(5 minutes) timetolive parameter in Axis(for sure) or Axis2( I guess
too) [1].
I you would like to change this default value in .NET proceed as follow in
the configuration file.
MICROSOFT World: WSE 3.0 [2] - Use the tags timeToleranceInSeconds and
defaultTtlInSeconds in the app.config file of the web service in your
project (illustration follows with the corresponding xml tags)
< configuration >
< microsoft.web.services3 >
< security >
< timeToleranceInSeconds value = "3600" / >
< defaultTtlInSeconds value = "3600" / >
Maybe you may investigate in this direction because your SOAP message seems
OK but it fails when verifying the timestamp.
Also in .NET the timestamp is always there by default. You cannot remove it.
This is not the case with Java where you may specify if it is there or not.
Hope this helps.
[1] - http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ#time [2] -
http://msdn.microsoft.com/en-us/library/ms824668.aspx
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
On 7/24/08, Sanjay Vivek <[EMAIL PROTECTED]> wrote:
>
>
>
> Hi everyone,
>
> I'm attempting to invoke a simple Rampart enabled EchoService from a .NET
> client. However, I get a "The timestamp could not be validated" error
> everytime. I've disabled the Timestamp option on the service side but it
> doesn't make any difference. I've compared the Timestamp formatting between
> a .NET and Java client and there's not much difference at all as shown
> below:
>
> ### .NET ###
> <wsu:Timestamp wsu:Id="Timestamp-74569579-8e34-407f-a10c-c27d3b119b80">
> <wsu:Created>2008-07-23T14:55:04Z</wsu:Created>
> <wsu:Expires>2008-07-23T15:00:04Z</wsu:Expires>
> </wsu:Timestamp>
>
> ### Java ###
> <wsu:Timestamp xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Timestamp-1035988">
> <wsu:Created>2008-07-24T08:59:27.952Z</wsu:Created>
> <wsu:Expires>2008-07-24T09:04:27.952Z</wsu:Expires>
> </wsu:Timestamp>
>
> I've searched the web and one of the issues raised was that a .NET client
> appends the Timestamp at the top of the security header while a Java client
> appends the Timestamp at the bottom of the security header. Could this be an
> issue? Although I doubt the ordering of WSSE elements should make any
> difference.
>
> I've posted both the SOAP request (from a .NET client) and response (from a
> Rampart enabled service) messages at the bottom of this email for further
> reference. Any insight would be greatly appreciated. Cheers.
>
> Regards
> --------------
> Sanjay Vivek
>
>
>
>
> SOAP Request from a .NET client
> ################################
>
> <?xml version="1.0" encoding="utf-8"?>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="
> http://www.w3.org/2001/XMLSchema"; xmlns:wsa="
> http://schemas.xmlsoap.org/ws/2004/08/addressing"; xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> <soap:Header>
> <wsa:Action>urn:echo</wsa:Action>
>
>
> <wsa:MessageID>urn:uuid:1673e489-d3be-4810-b40e-854423fef2c2</wsa:MessageID>
> <wsa:ReplyTo>
> <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> </wsa:ReplyTo>
> <wsa:To>
> http://128.240.2.3:8083/rampart-echo/services/RampartEchoService.RampartEchoServiceHttpSoap11Endpoint
> </wsa:To>
> <wsse:Security>
> <wsu:Timestamp
> wsu:Id="Timestamp-74569579-8e34-407f-a10c-c27d3b119b80">
> <wsu:Created>2008-07-23T14:55:04Z</wsu:Created>
> <wsu:Expires>2008-07-23T15:00:04Z</wsu:Expires>
> </wsu:Timestamp>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <echo xmlns="http://service.echo.rampart";>
> <arg>hello</arg>
> </echo>
> </soap:Body>
> </soap:Envelope>
>
>
> SOAP Response from a Rampart enabled service
> ############################################
>
> <?xml version='1.0' encoding='utf-8'?>
> <soapenv:Envelope xmlns:soapenv="
> http://schemas.xmlsoap.org/soap/envelope/";>
> <soapenv:Header xmlns:wsa="
> http://schemas.xmlsoap.org/ws/2004/08/addressing";>
> <wsa:To>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
>
> <wsa:MessageID>urn:uuid:42C68E847DB869C8CA1216824473152</wsa:MessageID>
> <wsa:Action>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>
>
> <wsa:RelatesTo>urn:uuid:257f8523-4b91-4073-b87a-76c0b3e4151f</wsa:RelatesTo>
> </soapenv:Header>
> <soapenv:Body>
> <soapenv:Fault xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
> <faultcode>wsse:InvalidSecurity</faultcode>
> <faultstring>The timestamp could not be
> validated</faultstring>
> <detail />
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
