[jira] Commented: (SYNAPSE-161) Can't persuade Rampart to send certificate serial + issuer - only either BinaryToken or Identity

Thu, 25 Oct 2007 03:21:52 -0700 

    [ 
https://issues.apache.org/jira/browse/SYNAPSE-161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537560
 ] 

Paul Anderson commented on SYNAPSE-161:
---------------------------------------

        <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:encryptionKeyIdentifier value="IssuerSerial" />

..doesn't seem to help.

In the policy file:-

                        <sp:SignedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                                <sp:Body/>
                        </sp:SignedParts>

                        <sp:Wss10 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                                <wsp:Policy>
                                        <sp:MustSupportRefIssuerSerial/>

                                </wsp:Policy>
                        </sp:Wss10>
                        <sp:Wss11 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                                <wsp:Policy>
                                        <sp:MustSupportRefIssuerSerial/>
                                </wsp:Policy>
                        </sp:Wss11>

If I don't put the above wss10/wss11, there's an error when I require anything 
to be signed. If I put it, it stops complaining. Now to try to get the required 
XML to be written:-

                                        <sp:InitiatorToken>
                                                <wsp:Policy>
                                                        <sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
 or Never or whatever
                                                                <wsp:Policy>
<sp:RequireIssuerSerialReference/>
<!--<sp:RequireKeyIdentifierReference/>-->
                                                <sp:WssX509V3Token10/>
                                                                </wsp:Policy>
                                                        </sp:X509Token>
                                                </wsp:Policy>
                                        </sp:InitiatorToken>

Whatever support I have required inside Wss11 and Wss10, it doesn't seem to 
matter. Only RequireKeyIdentifierReference does what it is supposed to. 
RequireIssuerSerialReference has the same effect as 
RequireKeyIdentifierReference!



> Can't persuade Rampart to send certificate serial + issuer - only either 
> BinaryToken or Identity
> ------------------------------------------------------------------------------------------------
>
>                 Key: SYNAPSE-161
>                 URL: https://issues.apache.org/jira/browse/SYNAPSE-161
>             Project: Synapse
>          Issue Type: Bug
>         Environment: JDK6 on RHEL3
>            Reporter: Paul Anderson
>
> I tried playing with WS-Policy to set InitiatorToken Never, and got Rampart 
> to send the cert identity for WS-Security signing.
> But setting ws10 and ws11 to require serial/issuer TokenReference support, 
> and setting the InitiatorToken to use it, didn't work - still, the identity 
> was sent.
> It's a problem for me because on the recipient side I have to be specific 
> about what form the cert will come in, and I have 2 WS clients. I don't want 
> to deploy the service twice just for that.
> Maybe it's just the version of Rampart and it's been fixed since Synapse 
> snapshot 17th Oct - I'll see with the next binary.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to