Answers inline. On Wed, Mar 23, 2016 at 4:49 PM, Giriraj Bhojak <girira...@gmail.com> wrote:
> Do you mean to say the timestamp is not just signed but encrypted as well > if it is part of the AsymmetricBinding? > No, just signed. > In my policy I have also added username token as a supporting token, > outside of AsymmetricBinding. Would this token be signed and encrypted too? > No. However it would be if you specified a "SignedEncryptedSupportingToken" policy instead of "SupportingToken". Colm. > I have written a Java client that is able to successfully send and receive > a response using the policy. I have a requirement to test the endpoint > using SoapUI tool as well and that's where I am facing issues since I > couldn't just import the policy SoapUI. > > Thanks, > Giriraj > On Mar 23, 2016 7:04 AM, "Colm O hEigeartaigh" <cohei...@apache.org> > wrote: > >> If you are using the SymmetricBinding or AsymmetricBinding policies, the >> Timestamp is automatically signed if the "IncludeTimestamp" policy is in >> the Binding policy. >> >> The "sp:Header" policy in SignedParts/EncryptedParts is designed to be >> used >> for SOAP headers, not for internal headers in the security header (such as >> Timestamp). Instead, use an "EncryptedElements" policy, with an XPath >> expression pointing to the Timestamp. >> >> Colm. >> >> On Tue, Mar 22, 2016 at 3:17 AM, Giriraj Bhojak <girira...@gmail.com> >> wrote: >> >> > Hello, >> > >> > >> > I need to sign and encrypt the timestamp WS-Security header. >> > >> > My policy file has following assertions: >> > >> > >> > >> > <sp:SignedParts> >> > >> > <sp:Body /> >> > >> > <sp:Header Namespace=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > " /> >> > >> > </sp:SignedParts> >> > >> > <sp:EncryptedParts> >> > >> > <sp:Body /> >> > >> > <sp:Header Namespace=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > " /> >> > >> > </sp:EncryptedParts> >> > >> > Above namespace belongs to wsu element. >> > >> > I can still see following entry in the wsse:Security element: >> > >> > >> > >> > <wsu:Timestamp >> > wsu:Id="TS-A91AE37C42BC91148914586148175181"> >> > >> > >> > <wsu:Created>2016-03-22T02:46:57.516Z</wsu:Created> >> > >> > >> > <wsu:Expires>2016-03-22T02:51:57.516Z</wsu:Expires> >> > >> > </wsu:Timestamp> >> > >> > >> > >> > If I try to add the namespace of wsse into the signed and encrypted >> parts >> > above in order to encrypt and sign entire header as follows: >> > >> > <sp:SignedParts> >> > >> > <sp:Body /> >> > >> > <sp:Header Namespace=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> > " /> >> > >> > </sp:SignedParts> >> > >> > <sp:EncryptedParts> >> > >> > <sp:Body /> >> > >> > <sp:Header Namespace=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> > " /> >> > >> > </sp:EncryptedParts> >> > >> > >> > >> > Then on the CXF server I get: >> > >> > org.apache.cxf.interceptor.Fault- Exception Message: Found element { >> > http://www.w3.org/2001/04/xmlenc#}EncryptionMethod but could not find >> > matching RPC/Literal part >> > >> > I am using CXF v2.7.11. >> > >> > Am I doing something wrong? >> > >> > Thanks, >> > Giriraj >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
