Thank you Colm. Would you have a policy example of using EncryptedElements instead of using EncryptedParts? I tried few combinations, but they didn't work out.
Thanks, Giriraj On Mar 23, 2016 12:58 PM, "Colm O hEigeartaigh" <cohei...@apache.org> wrote: > Answers inline. > > On Wed, Mar 23, 2016 at 4:49 PM, Giriraj Bhojak <girira...@gmail.com> > wrote: > >> Do you mean to say the timestamp is not just signed but encrypted as well >> if it is part of the AsymmetricBinding? >> > No, just signed. > >> In my policy I have also added username token as a supporting token, >> outside of AsymmetricBinding. Would this token be signed and encrypted too? >> > > No. However it would be if you specified a > "SignedEncryptedSupportingToken" policy instead of "SupportingToken". > > Colm. > > >> I have written a Java client that is able to successfully send and >> receive a response using the policy. I have a requirement to test the >> endpoint using SoapUI tool as well and that's where I am facing issues >> since I couldn't just import the policy SoapUI. >> >> Thanks, >> Giriraj >> On Mar 23, 2016 7:04 AM, "Colm O hEigeartaigh" <cohei...@apache.org> >> wrote: >> >>> If you are using the SymmetricBinding or AsymmetricBinding policies, the >>> Timestamp is automatically signed if the "IncludeTimestamp" policy is in >>> the Binding policy. >>> >>> The "sp:Header" policy in SignedParts/EncryptedParts is designed to be >>> used >>> for SOAP headers, not for internal headers in the security header (such >>> as >>> Timestamp). Instead, use an "EncryptedElements" policy, with an XPath >>> expression pointing to the Timestamp. >>> >>> Colm. >>> >>> On Tue, Mar 22, 2016 at 3:17 AM, Giriraj Bhojak <girira...@gmail.com> >>> wrote: >>> >>> > Hello, >>> > >>> > >>> > I need to sign and encrypt the timestamp WS-Security header. >>> > >>> > My policy file has following assertions: >>> > >>> > >>> > >>> > <sp:SignedParts> >>> > >>> > <sp:Body /> >>> > >>> > <sp:Header Namespace=" >>> > >>> > >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>> > " /> >>> > >>> > </sp:SignedParts> >>> > >>> > <sp:EncryptedParts> >>> > >>> > <sp:Body /> >>> > >>> > <sp:Header Namespace=" >>> > >>> > >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>> > " /> >>> > >>> > </sp:EncryptedParts> >>> > >>> > Above namespace belongs to wsu element. >>> > >>> > I can still see following entry in the wsse:Security element: >>> > >>> > >>> > >>> > <wsu:Timestamp >>> > wsu:Id="TS-A91AE37C42BC91148914586148175181"> >>> > >>> > >>> > <wsu:Created>2016-03-22T02:46:57.516Z</wsu:Created> >>> > >>> > >>> > <wsu:Expires>2016-03-22T02:51:57.516Z</wsu:Expires> >>> > >>> > </wsu:Timestamp> >>> > >>> > >>> > >>> > If I try to add the namespace of wsse into the signed and encrypted >>> parts >>> > above in order to encrypt and sign entire header as follows: >>> > >>> > <sp:SignedParts> >>> > >>> > <sp:Body /> >>> > >>> > <sp:Header Namespace=" >>> > >>> > >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>> > " /> >>> > >>> > </sp:SignedParts> >>> > >>> > <sp:EncryptedParts> >>> > >>> > <sp:Body /> >>> > >>> > <sp:Header Namespace=" >>> > >>> > >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>> > " /> >>> > >>> > </sp:EncryptedParts> >>> > >>> > >>> > >>> > Then on the CXF server I get: >>> > >>> > org.apache.cxf.interceptor.Fault- Exception Message: Found element { >>> > http://www.w3.org/2001/04/xmlenc#}EncryptionMethod but could not find >>> > matching RPC/Literal part >>> > >>> > I am using CXF v2.7.11. >>> > >>> > Am I doing something wrong? >>> > >>> > Thanks, >>> > Giriraj >>> > >>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
