[
https://issues.apache.org/jira/browse/RAMPART-138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nandana Mihindukulasooriya resolved RAMPART-138.
------------------------------------------------
Resolution: Fixed
Fixed in revision 619883.
> Created response of SymmetricBindingBuilder WITHOUT timestamp is incorrect
> --------------------------------------------------------------------------
>
> Key: RAMPART-138
> URL: https://issues.apache.org/jira/browse/RAMPART-138
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Christian Mielke
> Assignee: Nandana Mihindukulasooriya
> Fix For: 1.3
>
>
> When using the policy below, the RAMPART SymmetricBindingBuilder creates a
> server-response that has not the correct order of elements for the
> protection-order EncryptBeforeSigning. A client which recieves the response
> (I tested it with a WCF 3.0 client) says that the response has not the
> correct protection order.
> If the policy gets extended with a timestamp, the error doesn't appear.
> <wsp:Policy wsu:Id="token"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
>
> <wsp:Policy>
>
> <sp:RequireThumbprintReference/>
>
>
>
> <sp:WssX509V3Token10/>
>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:ProtectionToken>
>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:EncryptBeforeSigning/>
>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:EndorsingSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:IssuedToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
> <Issuer
> xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
> <Address
> xmlns="http://www.w3.org/2005/08/addressing";>
>
> http://localhost:8080/axis2/services/SecurityToken
> </Address>
> </Issuer>
>
> <sp:RequestSecurityTokenTemplate>
> <t:TokenType
> xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
>
> urn:oasis:names:tc:SAML:1.0:assertion
> </t:TokenType>
> <t:KeyType
> xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
>
> http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
> </t:KeyType>
> <t:KeySize
> xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
> 256
> </t:KeySize>
>
> </sp:RequestSecurityTokenTemplate>
> <wsp:Policy>
>
>
> <sp:RequireExternalReference />
> </wsp:Policy>
> </sp:IssuedToken>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:MustSupportRefThumbprint/>
>
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
>
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body/>
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing"; />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing"; />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing"; />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing"; />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing"; />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing"; />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing"; />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body/>
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
