Re: [Dev] [ESB] Issue after adding basic scenario integrity security to an application.

Fri, 14 Aug 2015 01:16:01 -0700 

Below is my client policy. Is there a way I can resolve this issue?

Thanks!

<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
wsu:Id="EncrOnlyAnonymous">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
            <wsp:Policy>
               <sp:ProtectionToken>
                  <wsp:Policy>
                     <sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
                        <wsp:Policy>

 <sp:RequireThumbprintReference></sp:RequireThumbprintReference>
                           <sp:WssX509V3Token10></sp:WssX509V3Token10>
                        </wsp:Policy>
                     </sp:X509Token>
                  </wsp:Policy>
               </sp:ProtectionToken>
               <sp:AlgorithmSuite>
                  <wsp:Policy>
                     <sp:Basic256></sp:Basic256>
                  </wsp:Policy>
               </sp:AlgorithmSuite>
               <sp:Layout>
                  <wsp:Policy>
                     <sp:Lax></sp:Lax>
                  </wsp:Policy>
               </sp:Layout>
               <sp:IncludeTimestamp></sp:IncludeTimestamp>

 <sp:OnlySignEntireHeadersAndBody></sp:OnlySignEntireHeadersAndBody>
            </wsp:Policy>
         </sp:SymmetricBinding>
         <sp:SignedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
            <sp:Body></sp:Body>
         </sp:SignedParts>
         <sp:Wss11 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
            <wsp:Policy>

 <sp:MustSupportRefKeyIdentifier></sp:MustSupportRefKeyIdentifier>

 <sp:MustSupportRefIssuerSerial></sp:MustSupportRefIssuerSerial>
               <sp:MustSupportRefThumbprint></sp:MustSupportRefThumbprint>

 <sp:RequireSignatureConfirmation></sp:RequireSignatureConfirmation>
            </wsp:Policy>
         </sp:Wss11>
         <sp:Trust10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
            <wsp:Policy>
               <sp:RequireClientEntropy></sp:RequireClientEntropy>
               <sp:RequireServerEntropy></sp:RequireServerEntropy>
               <sp:MustSupportIssuedTokens></sp:MustSupportIssuedTokens>
            </wsp:Policy>
         </sp:Trust10>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:encryptionUser>service</ramp:encryptionUser>
<ramp:user>client</ramp:user>
<ramp:passwordCallbackClass>com.wso2.training.orderprocessingclient.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/WSO2/Order
Processing Client/cert/client/client.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">12345678</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

On Fri, Aug 14, 2015 at 10:11 AM, Jayanga Kaushalya <jayan...@wso2.com>
wrote:

> Hi all,
>
> I have an unsecured web service which is secured by the ESB basic scenario
> integrity type security. But when I am receiving responses from the ESB,
> "org.apache.axis2.AxisFault: An invalid security token was provided (Bad
> TokenType "")" exception is occurring on the client side. I have captured
> the response from the ESB and below is the header.
>
> I am using ESB 4.8.1, Axis2 1.6.3 (Client and service) and jdk 1.7.0_79
> for ESB.
>
> Thanks!
>
> <?xml version="1.0" encoding="UTF-8"?>
>    <soapenv:Envelope xmlns:soapenv="
> http://www.w3.org/2003/05/soap-envelope";>
>       <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";>
>          <wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="true">
>             <wsu:Timestamp xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Timestamp-4">
>                <wsu:Created>2015-08-14T04:00:06.049Z</wsu:Created>
>                <wsu:Expires>2015-08-14T04:05:06.049Z</wsu:Expires>
>             </wsu:Timestamp>
>             <wsse11:SignatureConfirmation xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> Value="LTmJ0jPu/DcTGZmN0MIy+twqZB4="
> wsu:Id="SigConf-5"></wsse11:SignatureConfirmation>
>             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
> Id="Signature-6">
>                <ds:SignedInfo>
>                   <ds:CanonicalizationMethod Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
>                   <ds:SignatureMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod>
>                   <ds:Reference URI="#Id-2081567383">
>                      <ds:Transforms>
>                         <ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
>  <ds:DigestValue>rqPRR6/8V79kdX3BrcnLyhvXNiE=</ds:DigestValue>
>                   </ds:Reference>
>                   <ds:Reference URI="#Timestamp-4">
>                      <ds:Transforms>
>                         <ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
>  <ds:DigestValue>RUWwpwUOGdMxZ5jamH/+IdJPQKA=</ds:DigestValue>
>                   </ds:Reference>
>                   <ds:Reference URI="#SigConf-5">
>                      <ds:Transforms>
>                         <ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
>  <ds:DigestValue>D7n0pN2q+Nnuh5wXHLb59yqnCsY=</ds:DigestValue>
>                   </ds:Reference>
>                </ds:SignedInfo>
>
>  <ds:SignatureValue>WMrqkmbOCbpolhServlK7V2F2XU=</ds:SignatureValue>
>                <ds:KeyInfo Id="KeyId-295CFB957FE117D42714395248060513">
>                   <wsse:SecurityTokenReference xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="STRId-295CFB957FE117D42714395248060514">
>                      <wsse:KeyIdentifier EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
> ">inOQyK8FRll86txuLv/BtEivw+g=</wsse:KeyIdentifier>
>                   </wsse:SecurityTokenReference>
>                </ds:KeyInfo>
>             </ds:Signature>
>          </wsse:Security>
>
>  <wsa:MessageID>urn:uuid:ea79f47e-11d7-4a44-857d-f10ec14b9e66</wsa:MessageID>
>          <wsa:Action>urn:getOrderListResponse</wsa:Action>
>
>  <wsa:RelatesTo>urn:uuid:8a4e2e4b-2680-4be3-ae5e-812aa8129246</wsa:RelatesTo>
>       </soapenv:Header>
>
> --
> *Jayanga Kaushalya*
> Software Engineer
> Mobile: +94777860160
> WSO2 Inc. | http://wso2.com
> lean.enterprise.middleware
>



-- 
*Jayanga Kaushalya*
Software Engineer
Mobile: +94777860160
WSO2 Inc. | http://wso2.com
lean.enterprise.middleware

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to