Created response of SymmetricBindingBuilder WITHOUT timestamp is incorrect --------------------------------------------------------------------------
Key: RAMPART-138
URL: https://issues.apache.org/jira/browse/RAMPART-138
Project: Rampart
Issue Type: Bug
Components: rampart-core
Affects Versions: 1.3
Reporter: Christian Mielke
Fix For: 1.3
When using the policy below, the RAMPART SymmetricBindingBuilder creates a
server-response that has not the correct order of elements for the
protection-order EncryptBeforeSigning. A client which recieves the response (I
tested it with a WCF 3.0 client) says that the response has not the correct
protection order.
If the policy gets extended with a timestamp, the error doesn't appear.
<wsp:Policy wsu:Id="token"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:EncryptBeforeSigning/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:IssuedToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<Issuer
xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<Address
xmlns="http://www.w3.org/2005/08/addressing";>
http://localhost:8080/axis2/services/SecurityToken
</Address>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<t:TokenType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
urn:oasis:names:tc:SAML:1.0:assertion
</t:TokenType>
<t:KeyType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
</t:KeyType>
<t:KeySize
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
256
</t:KeySize>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireExternalReference />
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefThumbprint/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"; />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"; />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"; />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"; />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"; />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"; />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"; />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
