Hello Alberto, May I ask you if you also tried with Certificates, Signature and Timestamp? May I kindly ask you if you have some tips for such a configuration.
Thank you! José On 8/22/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > This is the correct configuration for a Microsoft.Net, WSE2.0Sp3 web > services and an Axis1.4, wss4j v1.5.3 client with usernmametoken > authentication with passworddigest and signature of the request: > > Policy for the .NET server: > > <wsp:Policy wsu:Id="Sign-Username"> > <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect=" > http://schemas.xmlsoap.org/2002/12/wsse#part";>wsp:Body() > wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) > wse:Timestamp()</wsp:MessagePredicate> > <wssp:Integrity wsp:Usage="wsp:Required"> > <wssp:TokenInfo> > <wssp:SecurityToken> > <wssp:TokenType> > http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType> > <wssp:Claims> > <wse:Parent> > <wssp:SecurityToken wse:IdentityToken="true"> > <wssp:TokenType> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken > </wssp:TokenType> > </wssp:SecurityToken> > </wse:Parent> > </wssp:Claims> > </wssp:SecurityToken> > </wssp:TokenInfo> > <wssp:MessageParts Dialect=" > http://schemas.xmlsoap.org/2002/12/wsse#part";>wsp:Body() > wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) > wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) > wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts> > </wssp:Integrity> > </wsp:Policy> > > <wssp:MessageParts> tag include all the message parts that, if add at the > request must be signed. > > Axis client-deploy.wssd: > > <deployment xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java=" > http://xml.apache.org/axis/wsdd/providers/java";> > <transport name="http" pivot="java: > org.apache.axis.transport.http.HTTPSender"/> > <globalConfiguration > > <parameter name="addressing.namespace.URI" value=" > http://schemas.xmlsoap.org/ws/2004/03/addressing"/> > <requestFlow> > <handler type="java: > org.apache.axis.message.addressing.handler.AddressingHandler" /> > <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > > <parameter name="action" value="Timestamp UsernameTokenSignature"/> > <parameter name="passwordCallbackClass" value=" > org.tempuri.testWs.Service1.PasswordCallBack"/> > <parameter name="user" value="Username"/> > <parameter name="passwordType" value="PasswordDigest" /> > <parameter name="precisionInMilliseconds" value="0" /> > <parameter name="signatureParts" value="{Element}{ > http://schemas.xmlsoap.org/soap/envelope/}Body; > {Element}{ > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp > ; > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID; > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action; > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To; > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From; > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}FaultTo"/> > </handler> > </requestFlow > > </globalConfiguration > > </deployment> > > Tip: If you have problems with the server verification of the signature, > check that you are signing all the parts you are sending and that are listed > in the <wssp:MessageParts> of the policy config. > > if you want a detailed howto you can find it at: > > http://digilander.libero.it/alblab/interop1.txt > > Hope this can help, > Alberto Coletti > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
