Jeff, It seems that the message is not delivered to the rampart-user, I am again copying the rampart-dev.
Thanks, Ruwan On Wed, Mar 26, 2008 at 6:08 AM, Ruwan Linton <[EMAIL PROTECTED]> wrote: > Hi Jeff, > > I think we need to consult our security experts :-) to get the answer for > this, So I am copying the rampart-user list here. > > Rampart guys, Can you please have a look at this policy and tell us what > is wrong with that? > > Thanks, > Ruwan > > > On Wed, Mar 26, 2008 at 5:13 AM, Jeff Davis <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > I'm attempting to get a WS-Policy XML defined that will support > > UserNameToken with a password digest. Here's my policy file: > > > > <wsp:Policy wsu:Id="UTOverTransport" > > xmlns:wsu=" > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:TransportBinding > > xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:TransportToken> > > <wsp:Policy> > > <sp:HttpsToken > > RequireClientCertificate="false"/> > > </wsp:Policy> > > </sp:TransportToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic256/> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Lax/> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp/> > > </wsp:Policy> > > </sp:TransportBinding> > > <sp:SignedSupportingTokens > > xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:UsernameToken > > sp:IncludeToken=" > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > > "> > > <wsp:Policy> > > <sp:HashPassword/> > > </wsp:Policy> > > </sp:UsernameToken> > > </wsp:Policy> > > </sp:SignedSupportingTokens> > > <ramp:RampartConfig xmlns:ramp=" > > http://ws.apache.org/rampart/policy";> > > <ramp:user>alice</ramp:user> > > <ramp:encryptionUser>bob</ramp:encryptionUser> > > <ramp:passwordCallbackClass>samples.userguide.PWCallback > > </ramp:passwordCallbackClass> > > </ramp:RampartConfig> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > When I run this, it just brings back the password in the clear, i.e.,: > > <wsse:Password Type=" > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > > ">password</wsse:Password> > > > > Where as I am expecting something like: > > <wsse:Password Type=" > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest > > ">fwfVj34yd9/LSCWcJVwm6jDNIkQ=</wsse:Password> > > > > Now, I suspect it's because I'm using the wrong WS-SecurityPolicy > > namespace, > > but when I switch it to the one ending in 200702, I get no UserName > > returned > > at all. > > > > Any help would be greatly appreciated! > > > > jeff > > > > > > -- > Ruwan Linton > http://www.wso2.org - "Oxygenating the Web Services Platform" -- Ruwan Linton http://www.wso2.org - "Oxygenating the Web Services Platform"
