[jira] Created: (RAMPART-111) Rampart won't send certificate serial + issuer. Only either BinaryToken or Identity, but not always as it should

[Paul Anderson (JIRA)]

Rampart won't send certificate serial + issuer. Only either BinaryToken or 
Identity, but not always as it should
----------------------------------------------------------------------------------------------------------------

                 Key: RAMPART-111
                 URL: https://issues.apache.org/jira/browse/RAMPART-111
             Project: Rampart
          Issue Type: Bug
    Affects Versions: 1.3
         Environment: JDK6 on RHEL3, in Synapse 1.1
            Reporter: Paul Anderson


Usually, Rampart seems to send BinaryToken (literal certificate) with messages 
when you specify a signed body and/or signed username token.

I need to get Rampart to use Key Identifier or Issuer/Serial No. instead, and 
preferably when UsernameToken's enabled too.

But I found:

- If I use signed supporting tokens (username) then Rampart will always send 
only a literal BinaryToken.

- If I disable username token, set Body to be signed, and set InitiatorToken 
Never in my WS-Policy, Rampart sends the key identity as token reference for 
WS-Security signing.
But it always does this, even if I try to specify Issuer/Serial as the token 
reference by including
<ramp:signatureKeyIdentifier>IssuerSerial</ramp:signatureKeyIdentifier>
and/or
                                        <sp:InitiatorToken> 
                                                <wsp:Policy> 
                                                        <sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
 or Never or AlwaysToRecipient
                                                                <wsp:Policy> 
<sp:RequireIssuerSerialReference/> 
<!--<sp:RequireKeyIdentifierReference/>--> 
                                                <sp:WssX509V3Token10/> 
                                                                </wsp:Policy> 
                                                        </sp:X509Token> 
                                                </wsp:Policy> 
                                        </sp:InitiatorToken> 

These seemed to have no effect:
                                        <sp:MustSupportRefKeyIdentifier/>
                                        <sp:MustSupportRefIssuerSerial/>

Putting the lines in the RecipientToken as well seemed to have no effect.

It's a problem for me because on the recipient side I have to be specific about 
what form the certificate key will come in, and I have 2 WS clients for the 
same service. I don't want to deploy the service twice just because Rampart can 
only send BinaryToken.

I hope there's a nightly build of Axis2 or Rampart alone that I can use to 
check any fix. Maybe I've misunderstood, and these are undocumented features 
and not a bug.. Maybe Rampart works OK for SymmetricBinding - I'm using 
Asymmetric.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.