Rampart 1.4 and WSE 3.0

Tue, 26 May 2009 04:09:04 -0700 

Dear all,

I've developed a WebService using Axis2 and Rampart 1.4 and I'm trying to use a 
WSE 3.0 client to consume this WS.

After some tests, I've found the order I should use for items in the InFlow to 
use: signature, encrypt and timestamp, the inflow conffiguration is:

        <parameter name="InflowSecurity">
          <action>          
            <items>Signature Encrypt Timestamp</items>
            <passwordCallbackClass>****</passwordCallbackClass>            
            <signaturePropFile>service.properties</signaturePropFile>
            <decryptionPropFile>service.properties</decryptionPropFile>
            <enableSignatureConfirmation>false</enableSignatureConfirmation>
          </action>
          </parameter>

This works fine, the problem iis in the response, my WSE client throws the 
following error:

WSE2005: Protection requirements in MutualCertificate10assertion are not 
satisfied

I think the problem is that my OutFlow Configuration misses some kind of 
security element WSE 3.0 requires or adds something that it does'nt expect, but 
I have no idea what is. I'm using a wizard to create this WSE client and check 
the option: Signature and Encrypt, and my outflow configuration is as follows:


    <parameter name="OutflowSecurity">
          <action>          
            <items>Encrypt Timestamp NoSerialization</items>
            <user>servercert</user>
            <passwordCallbackClass>*******</passwordCallbackClass>
            <encryptionPropFile>service.properties</encryptionPropFile>
            <encryptionKeyIdentifier>Thumbprint</encryptionKeyIdentifier>
            <encryptionUser>useReqSigCert</encryptionUser>       
          </action>
          
          <action>          
            <items>Signature</items>
            <user>servercert</user>
            <passwordCallbackClass>******</passwordCallbackClass>
            
            <signaturePropFile>service.properties</signaturePropFile>
            <signatureKeyIdentifier>Thumbprint</signatureKeyIdentifier>
            <signatureParts>
              {Element}{http://www.w3.org/2005/08/addressing}To; 
              {Element}{http://www.w3.org/2005/08/addressing}MessageID; 
              {Element}{http://www.w3.org/2005/08/addressing}Action; 
              {Element}{http://www.w3.org/2005/08/addressing}RelatesTo;
              
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
              
              {}{}Body;
            </signatureParts>
            
            <enableSignatureConfirmation>false</enableSignatureConfirmation>
          </action>
    </parameter>    


Y use two actions because I think WSE requires the signature of Addressing 
elements, timestamp and body, but I can't sign the Timestamp element before it 
is created, doesn't I?

Could anybody point out some idea or solution to this problem.

Thanks a lot!

V Guardiola

Reply via email to