[
https://issues.apache.org/jira/browse/RAMPART-111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542400
]
Paul Anderson commented on RAMPART-111:
---------------------------------------
And does your patch mean that Rampart uses only the declared required support
in Wss10 / Wss11 to set the key identifier? I.e. Rampart knows nothing about
settings like <sp:RequireKeyIdentifierReference/> in the Asymmetric Binding?
I'll find the code and have a look.
> Rampart won't send certificate serial + issuer. Only either BinaryToken or
> Identity, but not always as it should
> ----------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-111
> URL: https://issues.apache.org/jira/browse/RAMPART-111
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.3
> Environment: JDK6 on RHEL3, in Synapse 1.1
> Reporter: Paul Anderson
> Assignee: Nandana Mihindukulasooriya
> Attachments: RAMPART-111.patch
>
>
> Usually, Rampart seems to send BinaryToken (literal certificate) with
> messages when you specify a signed body and/or signed username token.
> I need to get Rampart to use Key Identifier or Issuer/Serial No. instead, and
> preferably when UsernameToken's enabled too.
> But I found:
> - If I use signed supporting tokens (username) then Rampart will always send
> only a literal BinaryToken.
> - If I disable username token, set Body to be signed, and set InitiatorToken
> Never in my WS-Policy, Rampart sends the key identity as token reference for
> WS-Security signing.
> But it always does this, even if I try to specify Issuer/Serial as the token
> reference by including
> <ramp:signatureKeyIdentifier>IssuerSerial</ramp:signatureKeyIdentifier>
> and/or
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
> or Never or AlwaysToRecipient
> <wsp:Policy>
> <sp:RequireIssuerSerialReference/>
> <!--<sp:RequireKeyIdentifierReference/>-->
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> These seemed to have no effect:
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> Putting the lines in the RecipientToken as well seemed to have no effect.
> It's a problem for me because on the recipient side I have to be specific
> about what form the certificate key will come in, and I have 2 WS clients for
> the same service. I don't want to deploy the service twice just because
> Rampart can only send BinaryToken.
> I hope there's a nightly build of Axis2 or Rampart alone that I can use to
> check any fix. Maybe I've misunderstood, and these are undocumented features
> and not a bug.. Maybe Rampart works OK for SymmetricBinding - I'm using
> Asymmetric.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
