Hi! Meanwhile I have my services running and my .NET WCF client accepts the token from the Security Token Service. In the next step, the .NET client calls a business service and sends the requested SAML token as endorsed supporting token to the business service. The message is encrypted and signed. Protection order is EncryptBeforeSigning. The Axis-Business-Service accepts the request with the endorsed supporting token and generates the response. The response is also encrypted and signed. Now the .NET client doesn't accept the response from business server and writes following error:
The received message does not meet the required message protection order 'EncryptBeforeSign'. I debuged RAMPART and the SymmetricMessageBuilder and couldn't find a mistake in the method doEncryptBeforeSign. In the attachment of this mail is the policy I use for the business service and the request and the response between the .NET client and the business service. Is there anything known that EncryptBeforeSign doesn't work correctly in the symmetric binding? Greetings Christian
Request from the .NET WCF client: ---------------------------------- <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:a="http://www.w3.org/2005/08/addressing"; xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <s:Header> <a:Action s:mustUnderstand="1" u:Id="_3">testEcho</a:Action> <a:MessageID u:Id="_4">urn:uuid:aae822d6-f208-420c-9027-bdb9e271a3a7</a:MessageID> <ActivityId CorrelationId="2e77b6c8-734d-4360-b2d0-1d8ee4814e16" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics";>00000000-0000-0000-0000-000000000000</ActivityId> <a:ReplyTo u:Id="_5"> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> </a:ReplyTo> <a:To s:mustUnderstand="1" u:Id="_6">http://localhost:8080/axis2/services/Test</a:To> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <e:EncryptedKey Id="uuid-2da4f050-2add-4c21-a20f-7f95c2c6af50-2" xmlns:e="http://www.w3.org/2001/04/xmlenc#";> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns="http://www.w3.org/2000/09/xmldsig#"/> </e:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <o:SecurityTokenReference> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>YwoR6x9arhlatX6ydRJ+9000OH8=</o:KeyIdentifier> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>ArtoO9lhMUzX78ozjSdyrnLPOJCVgamt5KvGoQjyxEfffsk7wBXRUsvGI9vdQ0W/tB9PqYLem2jlfumG0tpeH2vYEIYIAs+7I6PQr8nZSKY6YEXyVl+di4fdCdH90uVkqcS+r0DMxQ4Q1PYcmEYPuP563Yu7sYaCehDH+WyxjIc=</e:CipherValue> </e:CipherData> </e:EncryptedKey> <Assertion AssertionID="_2e983f430e9b4472bce22eacde60dcfc" IssueInstant="2008-02-06T15:10:09.500Z" Issuer="STS ISSUER" MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion"> <Conditions NotBefore="2008-02-06T15:10:09.500Z" NotOnOrAfter="2008-02-06T15:15:09.500Z"></Conditions> <AttributeStatement> <Subject> <SubjectConfirmation> <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <EncryptedKey Id="EncKeyId-urn:uuid:F8DACD1FEB4561F81512023106095006" xmlns="http://www.w3.org/2001/04/xmlenc#";> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>MIICajCCAdOgAwIBAgIRAK1b4DeDgdBWCs8rKv73OpcwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNOUlcxEDAOBgNVBAcTB0NvbG9nbmUxDzANBgNVBAoTBlRlY0RvYzEQMA4GA1UECxMHUGhvZW5peDEcMBoGA1UEAxMTVGVjRG9jIFRlc3QgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRdGVjZG9jQHRlY2RvYy5uZXQwHhcNMDgwMjA1MTQwODE1WhcNMzUwNjIyMTQwODE1WjARMQ8wDQYDVQQDDAZBbnViaXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANqsb49F+zl5G+9Mhkigo+L3V2XbjgmYH4a7plP6uDMUsP4WS3pG+6E+xCNouH+nmdYT6ivQEltbkcThz8LMlbJc6ek/GBG9RkRmtFbrzdzy5C8/2y3QSvcDnSRDeNE/lXBGiK6qVI/NXCpjjoFnKVDYJMOgR00YchAQXDZjTZwXAgMBAAGjQjBAMB8GA1UdIwQYMBaAFEvw0AA85snfNajBgUkcHne94HW0MB0GA1UdDgQWBBRmv6OHw3VPKtrGg19NQKepPvhcwDANBgkqhkiG9w0BAQUFAAOBgQCVPLOazHAjtRWLzuzaTh5BNqzL5GLO/HD1AuM2naV+acZYOjHFGoT14ibKE0TTsRjYq2KnZDQtGXQ/P+CdU7QY3QONLq7Lh1ljslsoLr1e+xboDQxkJ5QxC3q1Xoq+KuUnlynEY1x5qd+FMETszObt/GS6W2ol9mSgyKFYxQchTg==</KeyIdentifier> </SecurityTokenReference> </KeyInfo> <CipherData> <CipherValue>ZcHG5LORjH9eooDoqdRY1ZBdof94PyImTvAxRZbLyVIJyQ9BePlBEb5+DlvQLPfmWekurvsj/MESxJlNnBvuVnLnRv+g+jcV1KIoEALaQT9Ae/2ZDf0D9HGOYdk0oBeildqVI43imL84S03LvYnl0KnyWxcCze495OoWYN4ZOjU=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> </SubjectConfirmation> </Subject> <Attribute AttributeName="test" AttributeNameSpace="org.test"> <AttributeValue>TestUser</AttributeValue> </Attribute> </AttributeStatement> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></CanonicalizationMethod> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></SignatureMethod> <Reference URI="#_2e983f430e9b4472bce22eacde60dcfc"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></Transform> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <InclusiveNamespaces PrefixList="code ds kind rw saml samlp typens #default xsd xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#";></InclusiveNamespaces> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></DigestMethod> <DigestValue>8uuqX5WIIsFYXLLZ2slFGyk/RX8=</DigestValue> </Reference> </SignedInfo> <SignatureValue>ZQtDSY3YPboJ0wmquROlwVmwT9IPuwRu0tG/vxYkGaUBqQenY8GFcg+khxlYXvlTmQ/4gCX6bSFxlTGtS+jTg5NHptPN7nacNijKIx2yJiNP2GLHcAzFbIUuqEOqYAOIWh9zYCWtEF/0fgRZD7r27/Oq+gMaKQYaEZrEv5Uy1Tk=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>MIICajCCAdOgAwIBAgIRAK1b4DeDgdBWCs8rKv73OpcwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNOUlcxEDAOBgNVBAcTB0NvbG9nbmUxDzANBgNVBAoTBlRlY0RvYzEQMA4GA1UECxMHUGhvZW5peDEcMBoGA1UEAxMTVGVjRG9jIFRlc3QgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRdGVjZG9jQHRlY2RvYy5uZXQwHhcNMDgwMjA1MTQwODE1WhcNMzUwNjIyMTQwODE1WjARMQ8wDQYDVQQDDAZBbnViaXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANqsb49F+zl5G+9Mhkigo+L3V2XbjgmYH4a7plP6uDMUsP4WS3pG+6E+xCNouH+nmdYT6ivQEltbkcThz8LMlbJc6ek/GBG9RkRmtFbrzdzy5C8/2y3QSvcDnSRDeNE/lXBGiK6qVI/NXCpjjoFnKVDYJMOgR00YchAQXDZjTZwXAgMBAAGjQjBAMB8GA1UdIwQYMBaAFEvw0AA85snfNajBgUkcHne94HW0MB0GA1UdDgQWBBRmv6OHw3VPKtrGg19NQKepPvhcwDANBgkqhkiG9w0BAQUFAAOBgQCVPLOazHAjtRWLzuzaTh5BNqzL5GLO/HD1AuM2naV+acZYOjHFGoT14ibKE0TTsRjYq2KnZDQtGXQ/P+CdU7QY3QONLq7Lh1ljslsoLr1e+xboDQxkJ5QxC3q1Xoq+KuUnlynEY1x5qd+FMETszObt/GS6W2ol9mSgyKFYxQchTg==</X509Certificate> </X509Data> </KeyInfo> </Signature> </Assertion> <c:DerivedKeyToken u:Id="_7" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc";> <o:SecurityTokenReference> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_2e983f430e9b4472bce22eacde60dcfc</o:KeyIdentifier> </o:SecurityTokenReference> <c:Offset>0</c:Offset> <c:Length>24</c:Length> <c:Nonce>HnqfaywZFEZV/0xiYTAVLg==</c:Nonce> </c:DerivedKeyToken> <Signature Id="_0" xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <Reference URI="#_2"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>Jb9VqcE4HhUEOwlPmR4GXxzcCuk=</DigestValue> </Reference> <Reference URI="#_3"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>HnqPnX5jHx1KgnPbnCllxwpy4C0=</DigestValue> </Reference> <Reference URI="#_4"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>4+glYcrc7mf/KHvg6ZOQv3uNtjQ=</DigestValue> </Reference> <Reference URI="#_5"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue> </Reference> <Reference URI="#_6"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>u2DLdGKVSFiFPyEOIObGk6GLh0U=</DigestValue> </Reference> </SignedInfo> <SignatureValue>+ouJIYCP4LXqNwozz+1y05u5nuA=</SignatureValue> <KeyInfo> <o:SecurityTokenReference> <o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; URI="#uuid-2da4f050-2add-4c21-a20f-7f95c2c6af50-2"/> </o:SecurityTokenReference> </KeyInfo> </Signature> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <Reference URI="#_0"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>2/RyZmXknjKO5s5Pd2mA9uitF/Y=</DigestValue> </Reference> </SignedInfo> <SignatureValue>2/GKsSEsnuEJhSwS+uYpprJgcds=</SignatureValue> <KeyInfo> <o:SecurityTokenReference> <o:Reference URI="#_7"/> </o:SecurityTokenReference> </KeyInfo> </Signature> <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#";> <e:DataReference URI="#_1"/> </e:ReferenceList> </o:Security> </s:Header> <s:Body u:Id="_2"> <e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns:e="http://www.w3.org/2001/04/xmlenc#";> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc";></e:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; URI="#uuid-2da4f050-2add-4c21-a20f-7f95c2c6af50-2"></o:Reference> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>WHtw89CX/lhW01KjC+Edd67U+/QgwcX3He1eWuuIR/QuV/+Q+hrQFmOKr0lbxdTeX8qEsB8fj8nzXeMZvWbo2dWEyPKcn0sYeO4X+t3KsCpYhkCIsq6UaTMH279F/7+R7/tCl6fN50yrD61m92h+KmpzmEF0cN1pVtXl+4LY8+k=</e:CipherValue> </e:CipherData> </e:EncryptedData> </s:Body></s:Envelope> Response from the business service: ----------------------------------- <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsa="http://www.w3.org/2005/08/addressing";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"> <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:DataReference URI="#EncDataId-23459236" /> </xenc:ReferenceList> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-9891211"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <ds:Reference URI="#Id-23459236"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>qmdVjbSnl+J8fFFZehfmtskqp48=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-8762565"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>I6nKdlWDgIgEjp3Y/kppIxzKz0A=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-2029813"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>ioq+YztsB7Q+IWPPHv4Cv2Ub2tM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>n/LQR6IDRg2LQ3Rm8EqHfYWz96E=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-12931428"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-6457059"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1";>lf9dv6aNXNuv8DjaOcT/+StfG/I=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-8762565">http://tecdoc.net/phoenix/wsdl/TestPortType/echoResponse</wsa:Action> <wsa:RelatesTo xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-2029813">urn:uuid:aae822d6-f208-420c-9027-bdb9e271a3a7</wsa:RelatesTo> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-23459236"> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EncDataId-23459236" Type="http://www.w3.org/2001/04/xmlenc#Content";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1";>lf9dv6aNXNuv8DjaOcT/+StfG/I=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>OLSmIeqpcMLjuWkohWZntK5DAm1U8YLqdaxqqyPe1AtXzdwWjOoKu9mwNKOBxa2l+HCSI7RP3KUDUnl4DLnMjPx6S2aOAWXLVDCZRcN8I811v5AWSxaqiwtessytxeLaOO8nQlUfidkSfvXy+eLBmw2wdNHinx79tUWy5g9sex2S3bmQzHM+x+vIh6Dwld+/R35iZ5x/74qoATbT/prGbqFa/k4r7Th7uikemUJNPAwHREeo15fheMk/eXHry71toUCyGlsR9zDkmec7gG106YYaI2EzaEomQ8gESjSYXQe8SLqIwtS13ut5kzWzHlre1TpgvpsCBdN/32CVeCRoCWIcfECFapwQ5ththzIbfTfdJ7JaSg9GnKZ11kk7wwVMY2G6l5kqwGn4l3hz4ldxJhJVlpI624KQr2qluYNz71pIXGQoIkc/97pFlB+F3mbY</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>0
<wsp:Policy wsu:Id="token" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256 /> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:EncryptBeforeSigning/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <Address xmlns="http://www.w3.org/2005/08/addressing";> http://localhost:8080/axis2/services/SecurityToken </Address> </Issuer> <sp:RequestSecurityTokenTemplate> <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";> urn:oasis:names:tc:SAML:1.0:assertion </t:TokenType> <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";> http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey </t:KeyType> <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";> 256 </t:KeySize> </sp:RequestSecurityTokenTemplate> <wsp:Policy> <sp:RequireExternalReference /> </wsp:Policy> </sp:IssuedToken> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportRefThumbprint/> </wsp:Policy> </sp:Wss11> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportIssuedTokens /> <sp:RequireServerEntropy /> </wsp:Policy> </sp:Trust10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"; /> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"; /> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"; /> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"; /> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"; /> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"; /> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"; /> </sp:SignedParts> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:EncryptedParts> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>server</ramp:user> <ramp:encryptionUser>useReqSigCert</ramp:encryptionUser> <ramp:passwordCallbackClass>PasswordCallbackInHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">anubis.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">passwd</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">anubis.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">passwd</ramp:property> </ramp:crypto> </ramp:encryptionCypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
