Hi Dobri,
<wsse:UsernameToken xmlns:wsu="* > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > *" wsu:Id="UsernameToken-13367741"> > <wsse:Username>user</wsse:Username> > <wsse:Password Type=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">pass</wsse:Password>H > </wsse:UsernameToken> Namespaces are ok as it seems. xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd> in the Username Token, wsse namespace must be declared some where in the security header. Can you post the policy you are using, so that we can regenerate and see what goes wrong. Regards, Nandana > When I look at the WSSecurityEngineResult I see the value of > WSUsernamTokenPrincipal to be correctly created. > The "action" has value 1, which means public static final int UT = 1;, or > UsernameToken. > I read that there is another action value that is possible: public static > final int UT_SIGN = 64; I think this means signed UT? If so may be this is > the correct value? And that is why I am receiving the "Unexpected > signature" > exception? > > I am apologizing in advance, that I do not understand all these code and > stuff around rampart. I am sending you my comments, because I think there > are some clues for a problems that may be are caused by what I ahve > observed > till now. > > Best regards, > Dobri > > > On Nov 13, 2007 6:04 PM, Dobri Kitipov <[EMAIL PROTECTED]> > wrote: > > Hi everybody, > > My environment is based on Axis2 1.3, Rampart 1.3. > > What I am testing is symmetric binding with Username token. What I am > > receiving is the following exception: > > "Unexpected signature". > > > > I know the reason about the problem, but I am interested is it bug in > > rampart or there is another reason for that? Or may be I do not > > understand it well? > > This exception is caused into > > org.apache.rampart.PolicyBasedResultsValidator class and namely into > > the public void validate(ValidatorData data, Vector results) method. > > There are several checks for signitureParts. These checks are for > > "timestamp", "EndorsingSupportingTokens" and > > "SignedEndorsingSupportingTokens". > > The problem is that when I read the WS - Security Policy - 1.1 - July > > 2005, which spec is implemented by Rampart, we can read that there are > > two additional supporting tokens assertions, namely: > > > > - SupportingTokens Assertion > > and > > - SignedSupportingTokens Assertion. > > > > Why these two cases are not processed into the method? Is there any > > particular reason about that? > > > > Here is an excerpt from my service.xml that causes the exception: > > > > <sp:SignedSupportingTokens > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:UsernameToken > > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"; > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> > > </wsp:Policy> > > </sp:SignedSupportingTokens> > > > > My understanding is that I should add two additional cases into the > > above mentioned code in order to have: > > > > signatureParts.add(new WSEncryptionPart("SignedSupportingTokens ")); > > and > > signatureParts.add(new WSEncryptionPart("SupportingTokens ")); > > > > Thank you in advance! > > Best regards, Dobri > > > > PS > > I am applying and the SOAP request: > > > > <?xml version="1.0" encoding="UTF-8"?> > > <soapenv:Envelope > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > > xmlns:wsa="http://www.w3.org/2005/08/addressing";> > > <soapenv:Header> > > <wsse:Security > > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > > soapenv:mustUnderstand="1"> > > <xenc:EncryptedKey Id="EncKeyId-18788761"> > > <xenc:EncryptionMethod > > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> > > <ds:KeyInfo xmlns:ds=" > http://www.w3.org/2000/09/xmldsig#";> > > <wsse:SecurityTokenReference> > > <wsse:KeyIdentifier > > EncodingType=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > " > > ValueType=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier > ">9kbwRNyMypNWhulx0JkHVOFvRB8=</wsse:KeyIdentifier> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > <xenc:CipherData> > > > > <xenc:CipherValue>PjfZ2MAa1HZs1pfzNxa+zdaNKBMgi9fjOdsQSY3jfqkl0lFiWMtc5UOngBfjlN0hNHxfLnU2cJVnEuBTQgHYl2iaJT/VnbDk2Oby5/HZcFyq2ojNarE0iScoJ5beZD0DbSkkpzkq3elfSjYpa1MXRYBtNHcCD+cDkmmpNfZHuJU=</xenc:CipherValue> > > </xenc:CipherData> > > </xenc:EncryptedKey> > > <wsc:DerivedKeyToken > > xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; > > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="derivedKeyId-27003862"> > > <wsse:SecurityTokenReference> > > <wsse:Reference > URI="#EncKeyId-18788761"/> > > </wsse:SecurityTokenReference> > > <wsc:Length>16</wsc:Length> > > > <wsc:Nonce>iy0NzppeoVrO6YfwpMlnSw==</wsc:Nonce> > > <wsc:Offset>0</wsc:Offset> > > </wsc:DerivedKeyToken> > > <xenc:ReferenceList/> > > <wsse:UsernameToken > > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="UsernameToken-13367741"> > > <wsse:Username>vmtest</wsse:Username> > > <wsse:Password > > Type=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">vmtest</wsse:Password> > > </wsse:UsernameToken> > > <wsc:DerivedKeyToken > > xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; > > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="derivedKeyId-24856323"> > > <wsse:SecurityTokenReference> > > <wsse:Reference > URI="#EncKeyId-18788761"/> > > </wsse:SecurityTokenReference> > > <wsc:Length>16</wsc:Length> > > > <wsc:Nonce>SYR+YeMYEbTiIxSg1ZnccQ==</wsc:Nonce> > > <wsc:Offset>0</wsc:Offset> > > </wsc:DerivedKeyToken> > > <ds:Signature xmlns:ds=" > http://www.w3.org/2000/09/xmldsig#"; > > Id="Signature-19419092"> > > <ds:SignedInfo> > > <ds:CanonicalizationMethod > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > > <ds:SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> > > <ds:Reference > URI="#UsernameToken-13367741"> > > <ds:Transforms> > > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > > </ds:Transforms> > > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > > > <ds:DigestValue>n1Tt4rPVpDWRQbkXo21bMOSbcpU=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > > <ds:SignatureValue>JFfbGIEU9tGljsoEbTQfbQA0+jY=</ds:SignatureValue> > > <ds:KeyInfo Id="KeyId-4167406"> > > <wsse:SecurityTokenReference > > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="STRId-13506221"> > > <wsse:Reference > URI="#derivedKeyId-24856323"/> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > </ds:Signature> > > </wsse:Security> > > <wsa:To>http://127.0.0.1:8082/wsstack/services/HelloPojo > </wsa:To> > > > <wsa:MessageID>urn:uuid:FD4944A142545EE74F1194968191631</wsa:MessageID> > > <wsa:Action>urn:sayHello</wsa:Action> > > </soapenv:Header> > > <soapenv:Body> > > <xsd:sayHello xmlns:xsd=" > http://pojo.wsstack.mycompany.com > "> > > <xsd:name>Dodo!</xsd:name> > > </xsd:sayHello> > > </soapenv:Body> > > </soapenv:Envelope> > > >
