[
https://issues.apache.org/jira/browse/RAMPART-46?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510886
]
Dimuthu Leelarathne commented on RAMPART-46:
--------------------------------------------
I see some problems in the reported issue.
The username sent out by axis client is "user2007" (in the first messsage given
above), but the .net expects is "user_2007" (in the second message given
above). And when I look at the sysout of the password call back handler, it
prints "adpinc2007r". These three things contradicts each other.
Furthermore the sysout indicates that "usage" is 2. For password type text, the
usage must be 5.
Please look at the "samples/basic/sample02" on how to include UsernameToken.
> org.apache.axis2.AxisFault: The security token could not be authenticated or
> authorized
> ----------------------------------------------------------------------------------------
>
> Key: RAMPART-46
> URL: https://issues.apache.org/jira/browse/RAMPART-46
> Project: Rampart
> Issue Type: Test
> Affects Versions: 1.1
> Environment: AXIS2 1.1 Client Side
> WSE 3.0 .net Server
> Reporter: Shweta Desai
> Priority: Blocker
>
> I have set the security header as written below.
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-9624795">
> <wsse:Username>user2007</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>2007</wsse:Password>
>
> <wsse:Nonce>QOqyFHT9TydDSKieEDOdjw==</wsse:Nonce>
> <wsu:Created>2007-05-24T21:38:11Z</wsu:Created>
> </wsse:UsernameToken>
> But .net server expecting the token something written below.
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="SecurityToken-e1d2ddef-25f1-455e-a535-42aec1f8a1fc">
> <wsse:Username>user_2007</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>2007</wsse:Password>
>
> <wsse:Nonce>mI0DNp0NZZ9BRlGYQn7xdQ==</wsse:Nonce>
> <wsu:Created>2006-12-05T23:42:15Z</wsu:Created>
> </wsse:UsernameToken>
> And because of that I am getting error like
> org.apache.axis2.AxisFault: The security token could not be authenticated or
> authorized ---> WSE565: The password provided by the SecurityTokenManager
> does not match the one on the incoming token.
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:271)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
>
> Few things of my coding:
> Sysout of callback password:
> pass type>> null
> password>> null
> Identifier>> adpinc2007r
> Usage>> 2
> key>> null
> And passwordCallback function is something below:
> String id = pwcb.getIdentifer();
> if("user_2007".equals(id)) {
> pwcb.setPassword("2007");
> }
> I will be thankful if you guide me for this authentication issues.
> I am new to this security header setting and I am not sure I have done right
> or not.
> Your help will be very appriciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
