You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-user@axis.apache.org by Raghu Udupa <ru...@easylink.com> on 2008/10/01 18:03:33 UTC
rampart_handler_util.c -- parameter not set
Hi,
I modified axis2.xml to include Security phase in outflow phase order.
That allowed the web services client to attempt rampart module. I am
using axis2_http_server for doing the testing.
1. Is it OK to include security phase in axis2.xml when the client
does not engage rampart module?
2. Also, the webservices client is getting following error while
attempting to engage rampart module.
[Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
[rampart][rampart_handler_utils] 0 parameter is not set.
[Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
RampartClientConfiguration not set in message context
[Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284 in
openssl_x509_get_subject_key_identifier] oxs defualt error , The
extenension index of NID_subject_key_identifier is not valid
[Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred in
transport
[Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
[rampart][rampart_engine] Cannot get saved rampart_context
[Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
[rampart][rampart_in_handler] rampart_context creation failed.
[Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler RampartInHandler
invoke failed within phase PreDispatch
[Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
PreDispatch failed
[Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
Unidentified character in SOAP 1.1 builder helper processing
3. I am also including the server log. I am using a self signed
certificate generated using openssl to sign the message. Digest
verification is succeeding. But signature verification is failing.
Thanks,
Raghu
RE: rampart_handler_util.c -- parameter not set
Posted by Manjula Peiris <ma...@wso2.com>.
On Sat, 2008-10-04 at 07:54 -0400, Raghu Udupa wrote:
> Thanks Manjula.
>
> Does the policy.xml has to reside in AXIS2_HOME? Can I specify full pathname (to point to the policy file located in some other directory) through neeti APIs?
No you can have it anywhere as you can pass it to
neethi_util_create_policy_from_file() function. In the samples we have
specified it to take from client home, because for a use runs Samples
in Rampart/c can get it to be used out of the box.
Thanks,
Majula.
>
> Regards,
> Raghu
>
> ________________________________
>
> From: Manjula Peiris [mailto:manjula@wso2.com]
> Sent: Fri 10/3/2008 11:11 PM
> To: Apache AXIS C User List
> Subject: RE: rampart_handler_util.c -- parameter not set
>
>
>
>
> On Fri, 2008-10-03 at 22:43 -0400, Raghu Udupa wrote:
> > Thanks, Shankar, for the explanation. I was trying to send a signed request and receive a clear (un-signed) response.
> >
> > Our web services client need to connect to different web services some of which may require signed messages. So, can we do either of the following:
> >
> > 1.
> > Does the policy.xml has to be named as policy.xml on the client side? If I can specify policy_cust1.xml for customer 1 and policy_cust2.xml for customer 2, then, same client will be able to handle multiple customers. Basically, my question is there a restriction like axis2c config file name being axis2.xml
>
> No it does not need to be policy.xml. If you carefully look at the
> rampart sample client you will understand. What you need to do is
> calling the neethi_util_create_policy_from_file() function with the
> policy file name.
>
> > 2.
> > Can we specify receiver certificate, for each customer programmatically through an API
>
> Current API does not allow this. Even though there are some properties
> like username can be passed through programmatically.
>
> >
> > Regards,
> >
> > Raghu
> >
> >
> > ________________________________
> >
> > From: Uthaiyashankar [mailto:shankar@wso2.com]
> > Sent: Fri 10/3/2008 10:07 PM
> > To: Apache AXIS C User List
> > Subject: Re: rampart_handler_util.c -- parameter not set
> >
> >
> >
> > Hi Raghu,
> >
> > I think your configurations are wrong. First of all, I have to be clear
> > that whether message sent from server to client is also signed? It has
> > to be signed, otherwise rampart will not work. From client side, still
> > we don't have support to have different security policy for outgoing
> > message and incoming message. Hence my further explanations will assume
> > even the message from server to client is signed.
> >
> > To sign from server to client, you have to give <rampc:Certificate> and
> > <rampc:PrivateKey> in server side configuration. Also, you have to give
> > <rampc:ReceiverCertificate> in client's configuration.
> >
> > Sample4 shipped with Rampart[1] is actually the usecase you are trying
> > to achieve. You can have a look at that.
> >
> > Regards,
> > Shankar
> >
> > [1]
> > https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4
> >
> > Raghu Udupa wrote:
> > > Thanks Shankar.
> > >
> > > I am a bit confused about specifying security phase in axis2.xml for
> > > client as well as for server.
> > >
> > > We need to sign the documents that are sent to the client which need to
> > > be verified at the server.
> > >
> > > Could you tell me whether my settings of axis2.xml and policy.xml on the
> > > client side and axis2.xml and service.xml on the server side are correct
> > > for a correct implementation of signature verification
> > >
> > > CLIENT SIDE
> > >
> > > axis2.xml
> > > =========
> > >
> > > <phaseOrder type="outflow">
> > > <!-- User defined phases could be added here -->
> > > <!--phase name="userphase1"/-->
> > > <!--system predefined phase-->
> > > <phase name="MessageOut"/>
> > > <phase name="Security"/>
> > > <!--phase name="Security"/-->
> > > </phaseOrder>
> > >
> > > policy.xml
> > > ==========
> > >
> > > <rampc:RampartConfig
> > > xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> > > <rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate>
> > > <rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey>
> > > </rampc:RampartConfig>
> > >
> > >
> > > SERVER SIDE
> > >
> > > axis2.xml
> > > =========
> > >
> > > <phaseOrder type="inflow">
> > > <!-- System pre defined phases -->
> > > <phase name="Transport"/>
> > > <phase name="PreDispatch"/>
> > > <phase name="Dispatch"/>
> > > <phase name="PostDispatch"/>
> > > <phase name="Security"/>
> > > </phaseOrder>
> > >
> > > service.xml
> > > ===========
> > >
> > > <service name="ReceiveEasyLinkFaxService">
> > > <parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter>
> > > <description>ReceiveEasyLinkFaxService Service</description>
> > > <module ref="rampart"/>
> > > <operation name="ReceiveFax">
> > > ....
> > > ....
> > > <rampc:RampartConfig
> > > xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> > > <rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC
> > > ertificate>
> > > </rampc:RampartConfig>
> > >
> > > Thanks,
> > > Raghu
> > >
> > > -----Original Message-----
> > > From: Uthaiyashankar [mailto:shankar@wso2.com]
> > > Sent: Thursday, October 02, 2008 1:13 PM
> > > To: Apache AXIS C User List
> > > Subject: Re: rampart_handler_util.c -- parameter not set
> > >
> > > Raghu Udupa wrote:
> > >
> > >> Thanks Samisa.
> > >>
> > >> The first reported error is parameter 0 not being set in
> > >> rampart_handler_util.c. I wanted to know which configuration parameter
> > >> method rampart_get_rampart_configuration in rampart_handler_util.c is
> > >> looking for.
> > >>
> > >>
> > >
> > > That error message is misleading. It is actually not an error. :). We
> > > have to remove it. So, you can safely ignore it.
> > >
> > > Regards,
> > > Shankar.
> > >
> > >
> > >> Regards,
> > >> Raghu
> > >>
> > >> -----Original Message-----
> > >> From: Samisa Abeysinghe [mailto:samisa@wso2.com]
> > >> Sent: Wednesday, October 01, 2008 9:32 PM
> > >> To: Apache AXIS C User List
> > >> Subject: Re: rampart_handler_util.c -- parameter not set
> > >>
> > >>
> > >>
> > >>> 2. Also, the webservices client is getting following error while
> > >>> attempting to engage rampart module.
> > >>>
> > >>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
> > >>> [rampart][rampart_handler_utils] 0 parameter is not set.
> > >>>
> > >>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
> > >>> RampartClientConfiguration not set in message context
> > >>>
> > >>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
> > >>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
> > >>> extenension index of NID_subject_key_identifier is not valid
> > >>>
> > >>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
> > >>>
> > >
> > >
> > >>> in transport
> > >>>
> > >>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
> > >>> [rampart][rampart_engine] Cannot get saved rampart_context
> > >>>
> > >>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
> > >>> [rampart][rampart_in_handler] rampart_context creation failed.
> > >>>
> > >>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
> > >>> RampartInHandler invoke failed within phase PreDispatch
> > >>>
> > >>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
> > >>> PreDispatch failed
> > >>>
> > >>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
> > >>> Unidentified character in SOAP 1.1 builder helper processing
> > >>>
> > >>>
> > >>>
> > >> As the error says, there is something wrong in your key.
> > >>
> > >> Samisa...
> > >>
> > >>
> > >>> 3. I am also including the server log. I am using a self signed
> > >>> certificate generated using openssl to sign the message. Digest
> > >>> verification is succeeding. But signature verification is
> > >>>
> > >>>
> > >> failing.
> > >>
> > >>
> > >>>
> > >>>
> > >>> Thanks,
> > >>> Raghu
> > >>>
> > >>>
> > >> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > >> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> > >>
> > >>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > >> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> > >
> > >
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
RE: rampart_handler_util.c -- parameter not set
Posted by Raghu Udupa <ru...@easylink.com>.
Thanks Manjula.
Does the policy.xml has to reside in AXIS2_HOME? Can I specify full pathname (to point to the policy file located in some other directory) through neeti APIs?
Regards,
Raghu
________________________________
From: Manjula Peiris [mailto:manjula@wso2.com]
Sent: Fri 10/3/2008 11:11 PM
To: Apache AXIS C User List
Subject: RE: rampart_handler_util.c -- parameter not set
On Fri, 2008-10-03 at 22:43 -0400, Raghu Udupa wrote:
> Thanks, Shankar, for the explanation. I was trying to send a signed request and receive a clear (un-signed) response.
>
> Our web services client need to connect to different web services some of which may require signed messages. So, can we do either of the following:
>
> 1.
> Does the policy.xml has to be named as policy.xml on the client side? If I can specify policy_cust1.xml for customer 1 and policy_cust2.xml for customer 2, then, same client will be able to handle multiple customers. Basically, my question is there a restriction like axis2c config file name being axis2.xml
No it does not need to be policy.xml. If you carefully look at the
rampart sample client you will understand. What you need to do is
calling the neethi_util_create_policy_from_file() function with the
policy file name.
> 2.
> Can we specify receiver certificate, for each customer programmatically through an API
Current API does not allow this. Even though there are some properties
like username can be passed through programmatically.
>
> Regards,
>
> Raghu
>
>
> ________________________________
>
> From: Uthaiyashankar [mailto:shankar@wso2.com]
> Sent: Fri 10/3/2008 10:07 PM
> To: Apache AXIS C User List
> Subject: Re: rampart_handler_util.c -- parameter not set
>
>
>
> Hi Raghu,
>
> I think your configurations are wrong. First of all, I have to be clear
> that whether message sent from server to client is also signed? It has
> to be signed, otherwise rampart will not work. From client side, still
> we don't have support to have different security policy for outgoing
> message and incoming message. Hence my further explanations will assume
> even the message from server to client is signed.
>
> To sign from server to client, you have to give <rampc:Certificate> and
> <rampc:PrivateKey> in server side configuration. Also, you have to give
> <rampc:ReceiverCertificate> in client's configuration.
>
> Sample4 shipped with Rampart[1] is actually the usecase you are trying
> to achieve. You can have a look at that.
>
> Regards,
> Shankar
>
> [1]
> https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4
>
> Raghu Udupa wrote:
> > Thanks Shankar.
> >
> > I am a bit confused about specifying security phase in axis2.xml for
> > client as well as for server.
> >
> > We need to sign the documents that are sent to the client which need to
> > be verified at the server.
> >
> > Could you tell me whether my settings of axis2.xml and policy.xml on the
> > client side and axis2.xml and service.xml on the server side are correct
> > for a correct implementation of signature verification
> >
> > CLIENT SIDE
> >
> > axis2.xml
> > =========
> >
> > <phaseOrder type="outflow">
> > <!-- User defined phases could be added here -->
> > <!--phase name="userphase1"/-->
> > <!--system predefined phase-->
> > <phase name="MessageOut"/>
> > <phase name="Security"/>
> > <!--phase name="Security"/-->
> > </phaseOrder>
> >
> > policy.xml
> > ==========
> >
> > <rampc:RampartConfig
> > xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> > <rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate>
> > <rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey>
> > </rampc:RampartConfig>
> >
> >
> > SERVER SIDE
> >
> > axis2.xml
> > =========
> >
> > <phaseOrder type="inflow">
> > <!-- System pre defined phases -->
> > <phase name="Transport"/>
> > <phase name="PreDispatch"/>
> > <phase name="Dispatch"/>
> > <phase name="PostDispatch"/>
> > <phase name="Security"/>
> > </phaseOrder>
> >
> > service.xml
> > ===========
> >
> > <service name="ReceiveEasyLinkFaxService">
> > <parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter>
> > <description>ReceiveEasyLinkFaxService Service</description>
> > <module ref="rampart"/>
> > <operation name="ReceiveFax">
> > ....
> > ....
> > <rampc:RampartConfig
> > xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> > <rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC
> > ertificate>
> > </rampc:RampartConfig>
> >
> > Thanks,
> > Raghu
> >
> > -----Original Message-----
> > From: Uthaiyashankar [mailto:shankar@wso2.com]
> > Sent: Thursday, October 02, 2008 1:13 PM
> > To: Apache AXIS C User List
> > Subject: Re: rampart_handler_util.c -- parameter not set
> >
> > Raghu Udupa wrote:
> >
> >> Thanks Samisa.
> >>
> >> The first reported error is parameter 0 not being set in
> >> rampart_handler_util.c. I wanted to know which configuration parameter
> >> method rampart_get_rampart_configuration in rampart_handler_util.c is
> >> looking for.
> >>
> >>
> >
> > That error message is misleading. It is actually not an error. :). We
> > have to remove it. So, you can safely ignore it.
> >
> > Regards,
> > Shankar.
> >
> >
> >> Regards,
> >> Raghu
> >>
> >> -----Original Message-----
> >> From: Samisa Abeysinghe [mailto:samisa@wso2.com]
> >> Sent: Wednesday, October 01, 2008 9:32 PM
> >> To: Apache AXIS C User List
> >> Subject: Re: rampart_handler_util.c -- parameter not set
> >>
> >>
> >>
> >>> 2. Also, the webservices client is getting following error while
> >>> attempting to engage rampart module.
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
> >>> [rampart][rampart_handler_utils] 0 parameter is not set.
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
> >>> RampartClientConfiguration not set in message context
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
> >>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
> >>> extenension index of NID_subject_key_identifier is not valid
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
> >>>
> >
> >
> >>> in transport
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
> >>> [rampart][rampart_engine] Cannot get saved rampart_context
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
> >>> [rampart][rampart_in_handler] rampart_context creation failed.
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
> >>> RampartInHandler invoke failed within phase PreDispatch
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
> >>> PreDispatch failed
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
> >>> Unidentified character in SOAP 1.1 builder helper processing
> >>>
> >>>
> >>>
> >> As the error says, there is something wrong in your key.
> >>
> >> Samisa...
> >>
> >>
> >>> 3. I am also including the server log. I am using a self signed
> >>> certificate generated using openssl to sign the message. Digest
> >>> verification is succeeding. But signature verification is
> >>>
> >>>
> >> failing.
> >>
> >>
> >>>
> >>>
> >>> Thanks,
> >>> Raghu
> >>>
> >>>
> >> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >>
> >>
> >>
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
RE: rampart_handler_util.c -- parameter not set
Posted by Manjula Peiris <ma...@wso2.com>.
On Fri, 2008-10-03 at 22:43 -0400, Raghu Udupa wrote:
> Thanks, Shankar, for the explanation. I was trying to send a signed request and receive a clear (un-signed) response.
>
> Our web services client need to connect to different web services some of which may require signed messages. So, can we do either of the following:
>
> 1.
> Does the policy.xml has to be named as policy.xml on the client side? If I can specify policy_cust1.xml for customer 1 and policy_cust2.xml for customer 2, then, same client will be able to handle multiple customers. Basically, my question is there a restriction like axis2c config file name being axis2.xml
No it does not need to be policy.xml. If you carefully look at the
rampart sample client you will understand. What you need to do is
calling the neethi_util_create_policy_from_file() function with the
policy file name.
> 2.
> Can we specify receiver certificate, for each customer programmatically through an API
Current API does not allow this. Even though there are some properties
like username can be passed through programmatically.
>
> Regards,
>
> Raghu
>
>
> ________________________________
>
> From: Uthaiyashankar [mailto:shankar@wso2.com]
> Sent: Fri 10/3/2008 10:07 PM
> To: Apache AXIS C User List
> Subject: Re: rampart_handler_util.c -- parameter not set
>
>
>
> Hi Raghu,
>
> I think your configurations are wrong. First of all, I have to be clear
> that whether message sent from server to client is also signed? It has
> to be signed, otherwise rampart will not work. From client side, still
> we don't have support to have different security policy for outgoing
> message and incoming message. Hence my further explanations will assume
> even the message from server to client is signed.
>
> To sign from server to client, you have to give <rampc:Certificate> and
> <rampc:PrivateKey> in server side configuration. Also, you have to give
> <rampc:ReceiverCertificate> in client's configuration.
>
> Sample4 shipped with Rampart[1] is actually the usecase you are trying
> to achieve. You can have a look at that.
>
> Regards,
> Shankar
>
> [1]
> https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4
>
> Raghu Udupa wrote:
> > Thanks Shankar.
> >
> > I am a bit confused about specifying security phase in axis2.xml for
> > client as well as for server.
> >
> > We need to sign the documents that are sent to the client which need to
> > be verified at the server.
> >
> > Could you tell me whether my settings of axis2.xml and policy.xml on the
> > client side and axis2.xml and service.xml on the server side are correct
> > for a correct implementation of signature verification
> >
> > CLIENT SIDE
> >
> > axis2.xml
> > =========
> >
> > <phaseOrder type="outflow">
> > <!-- User defined phases could be added here -->
> > <!--phase name="userphase1"/-->
> > <!--system predefined phase-->
> > <phase name="MessageOut"/>
> > <phase name="Security"/>
> > <!--phase name="Security"/-->
> > </phaseOrder>
> >
> > policy.xml
> > ==========
> >
> > <rampc:RampartConfig
> > xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> > <rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate>
> > <rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey>
> > </rampc:RampartConfig>
> >
> >
> > SERVER SIDE
> >
> > axis2.xml
> > =========
> >
> > <phaseOrder type="inflow">
> > <!-- System pre defined phases -->
> > <phase name="Transport"/>
> > <phase name="PreDispatch"/>
> > <phase name="Dispatch"/>
> > <phase name="PostDispatch"/>
> > <phase name="Security"/>
> > </phaseOrder>
> >
> > service.xml
> > ===========
> >
> > <service name="ReceiveEasyLinkFaxService">
> > <parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter>
> > <description>ReceiveEasyLinkFaxService Service</description>
> > <module ref="rampart"/>
> > <operation name="ReceiveFax">
> > ....
> > ....
> > <rampc:RampartConfig
> > xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> > <rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC
> > ertificate>
> > </rampc:RampartConfig>
> >
> > Thanks,
> > Raghu
> >
> > -----Original Message-----
> > From: Uthaiyashankar [mailto:shankar@wso2.com]
> > Sent: Thursday, October 02, 2008 1:13 PM
> > To: Apache AXIS C User List
> > Subject: Re: rampart_handler_util.c -- parameter not set
> >
> > Raghu Udupa wrote:
> >
> >> Thanks Samisa.
> >>
> >> The first reported error is parameter 0 not being set in
> >> rampart_handler_util.c. I wanted to know which configuration parameter
> >> method rampart_get_rampart_configuration in rampart_handler_util.c is
> >> looking for.
> >>
> >>
> >
> > That error message is misleading. It is actually not an error. :). We
> > have to remove it. So, you can safely ignore it.
> >
> > Regards,
> > Shankar.
> >
> >
> >> Regards,
> >> Raghu
> >>
> >> -----Original Message-----
> >> From: Samisa Abeysinghe [mailto:samisa@wso2.com]
> >> Sent: Wednesday, October 01, 2008 9:32 PM
> >> To: Apache AXIS C User List
> >> Subject: Re: rampart_handler_util.c -- parameter not set
> >>
> >>
> >>
> >>> 2. Also, the webservices client is getting following error while
> >>> attempting to engage rampart module.
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
> >>> [rampart][rampart_handler_utils] 0 parameter is not set.
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
> >>> RampartClientConfiguration not set in message context
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
> >>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
> >>> extenension index of NID_subject_key_identifier is not valid
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
> >>>
> >
> >
> >>> in transport
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
> >>> [rampart][rampart_engine] Cannot get saved rampart_context
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
> >>> [rampart][rampart_in_handler] rampart_context creation failed.
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
> >>> RampartInHandler invoke failed within phase PreDispatch
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
> >>> PreDispatch failed
> >>>
> >>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
> >>> Unidentified character in SOAP 1.1 builder helper processing
> >>>
> >>>
> >>>
> >> As the error says, there is something wrong in your key.
> >>
> >> Samisa...
> >>
> >>
> >>> 3. I am also including the server log. I am using a self signed
> >>> certificate generated using openssl to sign the message. Digest
> >>> verification is succeeding. But signature verification is
> >>>
> >>>
> >> failing.
> >>
> >>
> >>>
> >>>
> >>> Thanks,
> >>> Raghu
> >>>
> >>>
> >> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >>
> >>
> >>
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
RE: rampart_handler_util.c -- parameter not set
Posted by Raghu Udupa <ru...@easylink.com>.
Thanks, Shankar, for the explanation. I was trying to send a signed request and receive a clear (un-signed) response.
Our web services client need to connect to different web services some of which may require signed messages. So, can we do either of the following:
1.
Does the policy.xml has to be named as policy.xml on the client side? If I can specify policy_cust1.xml for customer 1 and policy_cust2.xml for customer 2, then, same client will be able to handle multiple customers. Basically, my question is there a restriction like axis2c config file name being axis2.xml
2.
Can we specify receiver certificate, for each customer programmatically through an API
Regards,
Raghu
________________________________
From: Uthaiyashankar [mailto:shankar@wso2.com]
Sent: Fri 10/3/2008 10:07 PM
To: Apache AXIS C User List
Subject: Re: rampart_handler_util.c -- parameter not set
Hi Raghu,
I think your configurations are wrong. First of all, I have to be clear
that whether message sent from server to client is also signed? It has
to be signed, otherwise rampart will not work. From client side, still
we don't have support to have different security policy for outgoing
message and incoming message. Hence my further explanations will assume
even the message from server to client is signed.
To sign from server to client, you have to give <rampc:Certificate> and
<rampc:PrivateKey> in server side configuration. Also, you have to give
<rampc:ReceiverCertificate> in client's configuration.
Sample4 shipped with Rampart[1] is actually the usecase you are trying
to achieve. You can have a look at that.
Regards,
Shankar
[1]
https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4
Raghu Udupa wrote:
> Thanks Shankar.
>
> I am a bit confused about specifying security phase in axis2.xml for
> client as well as for server.
>
> We need to sign the documents that are sent to the client which need to
> be verified at the server.
>
> Could you tell me whether my settings of axis2.xml and policy.xml on the
> client side and axis2.xml and service.xml on the server side are correct
> for a correct implementation of signature verification
>
> CLIENT SIDE
>
> axis2.xml
> =========
>
> <phaseOrder type="outflow">
> <!-- User defined phases could be added here -->
> <!--phase name="userphase1"/-->
> <!--system predefined phase-->
> <phase name="MessageOut"/>
> <phase name="Security"/>
> <!--phase name="Security"/-->
> </phaseOrder>
>
> policy.xml
> ==========
>
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> <rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate>
> <rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey>
> </rampc:RampartConfig>
>
>
> SERVER SIDE
>
> axis2.xml
> =========
>
> <phaseOrder type="inflow">
> <!-- System pre defined phases -->
> <phase name="Transport"/>
> <phase name="PreDispatch"/>
> <phase name="Dispatch"/>
> <phase name="PostDispatch"/>
> <phase name="Security"/>
> </phaseOrder>
>
> service.xml
> ===========
>
> <service name="ReceiveEasyLinkFaxService">
> <parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter>
> <description>ReceiveEasyLinkFaxService Service</description>
> <module ref="rampart"/>
> <operation name="ReceiveFax">
> ....
> ....
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> <rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC
> ertificate>
> </rampc:RampartConfig>
>
> Thanks,
> Raghu
>
> -----Original Message-----
> From: Uthaiyashankar [mailto:shankar@wso2.com]
> Sent: Thursday, October 02, 2008 1:13 PM
> To: Apache AXIS C User List
> Subject: Re: rampart_handler_util.c -- parameter not set
>
> Raghu Udupa wrote:
>
>> Thanks Samisa.
>>
>> The first reported error is parameter 0 not being set in
>> rampart_handler_util.c. I wanted to know which configuration parameter
>> method rampart_get_rampart_configuration in rampart_handler_util.c is
>> looking for.
>>
>>
>
> That error message is misleading. It is actually not an error. :). We
> have to remove it. So, you can safely ignore it.
>
> Regards,
> Shankar.
>
>
>> Regards,
>> Raghu
>>
>> -----Original Message-----
>> From: Samisa Abeysinghe [mailto:samisa@wso2.com]
>> Sent: Wednesday, October 01, 2008 9:32 PM
>> To: Apache AXIS C User List
>> Subject: Re: rampart_handler_util.c -- parameter not set
>>
>>
>>
>>> 2. Also, the webservices client is getting following error while
>>> attempting to engage rampart module.
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
>>> [rampart][rampart_handler_utils] 0 parameter is not set.
>>>
>>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
>>> RampartClientConfiguration not set in message context
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
>>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
>>> extenension index of NID_subject_key_identifier is not valid
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
>>>
>
>
>>> in transport
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
>>> [rampart][rampart_engine] Cannot get saved rampart_context
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
>>> [rampart][rampart_in_handler] rampart_context creation failed.
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
>>> RampartInHandler invoke failed within phase PreDispatch
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
>>> PreDispatch failed
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
>>> Unidentified character in SOAP 1.1 builder helper processing
>>>
>>>
>>>
>> As the error says, there is something wrong in your key.
>>
>> Samisa...
>>
>>
>>> 3. I am also including the server log. I am using a self signed
>>> certificate generated using openssl to sign the message. Digest
>>> verification is succeeding. But signature verification is
>>>
>>>
>> failing.
>>
>>
>>>
>>>
>>> Thanks,
>>> Raghu
>>>
>>>
>> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>>
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
Re: rampart_handler_util.c -- parameter not set
Posted by Uthaiyashankar <sh...@wso2.com>.
Hi Raghu,
I think your configurations are wrong. First of all, I have to be clear
that whether message sent from server to client is also signed? It has
to be signed, otherwise rampart will not work. From client side, still
we don't have support to have different security policy for outgoing
message and incoming message. Hence my further explanations will assume
even the message from server to client is signed.
To sign from server to client, you have to give <rampc:Certificate> and
<rampc:PrivateKey> in server side configuration. Also, you have to give
<rampc:ReceiverCertificate> in client's configuration.
Sample4 shipped with Rampart[1] is actually the usecase you are trying
to achieve. You can have a look at that.
Regards,
Shankar
[1]
https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4
Raghu Udupa wrote:
> Thanks Shankar.
>
> I am a bit confused about specifying security phase in axis2.xml for
> client as well as for server.
>
> We need to sign the documents that are sent to the client which need to
> be verified at the server.
>
> Could you tell me whether my settings of axis2.xml and policy.xml on the
> client side and axis2.xml and service.xml on the server side are correct
> for a correct implementation of signature verification
>
> CLIENT SIDE
>
> axis2.xml
> =========
>
> <phaseOrder type="outflow">
> <!-- User defined phases could be added here -->
> <!--phase name="userphase1"/-->
> <!--system predefined phase-->
> <phase name="MessageOut"/>
> <phase name="Security"/>
> <!--phase name="Security"/-->
> </phaseOrder>
>
> policy.xml
> ==========
>
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> <rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate>
> <rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey>
> </rampc:RampartConfig>
>
>
> SERVER SIDE
>
> axis2.xml
> =========
>
> <phaseOrder type="inflow">
> <!-- System pre defined phases -->
> <phase name="Transport"/>
> <phase name="PreDispatch"/>
> <phase name="Dispatch"/>
> <phase name="PostDispatch"/>
> <phase name="Security"/>
> </phaseOrder>
>
> service.xml
> ===========
>
> <service name="ReceiveEasyLinkFaxService">
> <parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter>
> <description>ReceiveEasyLinkFaxService Service</description>
> <module ref="rampart"/>
> <operation name="ReceiveFax">
> ....
> ....
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> <rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC
> ertificate>
> </rampc:RampartConfig>
>
> Thanks,
> Raghu
>
> -----Original Message-----
> From: Uthaiyashankar [mailto:shankar@wso2.com]
> Sent: Thursday, October 02, 2008 1:13 PM
> To: Apache AXIS C User List
> Subject: Re: rampart_handler_util.c -- parameter not set
>
> Raghu Udupa wrote:
>
>> Thanks Samisa.
>>
>> The first reported error is parameter 0 not being set in
>> rampart_handler_util.c. I wanted to know which configuration parameter
>> method rampart_get_rampart_configuration in rampart_handler_util.c is
>> looking for.
>>
>>
>
> That error message is misleading. It is actually not an error. :). We
> have to remove it. So, you can safely ignore it.
>
> Regards,
> Shankar.
>
>
>> Regards,
>> Raghu
>>
>> -----Original Message-----
>> From: Samisa Abeysinghe [mailto:samisa@wso2.com]
>> Sent: Wednesday, October 01, 2008 9:32 PM
>> To: Apache AXIS C User List
>> Subject: Re: rampart_handler_util.c -- parameter not set
>>
>>
>>
>>> 2. Also, the webservices client is getting following error while
>>> attempting to engage rampart module.
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
>>> [rampart][rampart_handler_utils] 0 parameter is not set.
>>>
>>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
>>> RampartClientConfiguration not set in message context
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
>>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
>>> extenension index of NID_subject_key_identifier is not valid
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
>>>
>
>
>>> in transport
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
>>> [rampart][rampart_engine] Cannot get saved rampart_context
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
>>> [rampart][rampart_in_handler] rampart_context creation failed.
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
>>> RampartInHandler invoke failed within phase PreDispatch
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
>>> PreDispatch failed
>>>
>>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
>>> Unidentified character in SOAP 1.1 builder helper processing
>>>
>>>
>>>
>> As the error says, there is something wrong in your key.
>>
>> Samisa...
>>
>>
>>> 3. I am also including the server log. I am using a self signed
>>> certificate generated using openssl to sign the message. Digest
>>> verification is succeeding. But signature verification is
>>>
>>>
>> failing.
>>
>>
>>>
>>>
>>> Thanks,
>>> Raghu
>>>
>>>
>> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>>
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
RE: rampart_handler_util.c -- parameter not set
Posted by Raghu Udupa <ru...@easylink.com>.
Thanks Shankar.
I am a bit confused about specifying security phase in axis2.xml for
client as well as for server.
We need to sign the documents that are sent to the client which need to
be verified at the server.
Could you tell me whether my settings of axis2.xml and policy.xml on the
client side and axis2.xml and service.xml on the server side are correct
for a correct implementation of signature verification
CLIENT SIDE
axis2.xml
=========
<phaseOrder type="outflow">
<!-- User defined phases could be added here -->
<!--phase name="userphase1"/-->
<!--system predefined phase-->
<phase name="MessageOut"/>
<phase name="Security"/>
<!--phase name="Security"/-->
</phaseOrder>
policy.xml
==========
<rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate>
<rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey>
</rampc:RampartConfig>
SERVER SIDE
axis2.xml
=========
<phaseOrder type="inflow">
<!-- System pre defined phases -->
<phase name="Transport"/>
<phase name="PreDispatch"/>
<phase name="Dispatch"/>
<phase name="PostDispatch"/>
<phase name="Security"/>
</phaseOrder>
service.xml
===========
<service name="ReceiveEasyLinkFaxService">
<parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter>
<description>ReceiveEasyLinkFaxService Service</description>
<module ref="rampart"/>
<operation name="ReceiveFax">
....
....
<rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC
ertificate>
</rampc:RampartConfig>
Thanks,
Raghu
-----Original Message-----
From: Uthaiyashankar [mailto:shankar@wso2.com]
Sent: Thursday, October 02, 2008 1:13 PM
To: Apache AXIS C User List
Subject: Re: rampart_handler_util.c -- parameter not set
Raghu Udupa wrote:
> Thanks Samisa.
>
> The first reported error is parameter 0 not being set in
> rampart_handler_util.c. I wanted to know which configuration parameter
> method rampart_get_rampart_configuration in rampart_handler_util.c is
> looking for.
>
That error message is misleading. It is actually not an error. :). We
have to remove it. So, you can safely ignore it.
Regards,
Shankar.
> Regards,
> Raghu
>
> -----Original Message-----
> From: Samisa Abeysinghe [mailto:samisa@wso2.com]
> Sent: Wednesday, October 01, 2008 9:32 PM
> To: Apache AXIS C User List
> Subject: Re: rampart_handler_util.c -- parameter not set
>
>
>> 2. Also, the webservices client is getting following error while
>> attempting to engage rampart module.
>>
>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
>> [rampart][rampart_handler_utils] 0 parameter is not set.
>>
>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
>> RampartClientConfiguration not set in message context
>>
>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
>> extenension index of NID_subject_key_identifier is not valid
>>
>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
>> in transport
>>
>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
>> [rampart][rampart_engine] Cannot get saved rampart_context
>>
>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
>> [rampart][rampart_in_handler] rampart_context creation failed.
>>
>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
>> RampartInHandler invoke failed within phase PreDispatch
>>
>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
>> PreDispatch failed
>>
>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
>> Unidentified character in SOAP 1.1 builder helper processing
>>
>>
> As the error says, there is something wrong in your key.
>
> Samisa...
>
>> 3. I am also including the server log. I am using a self signed
>> certificate generated using openssl to sign the message. Digest
>> verification is succeeding. But signature verification is
>>
> failing.
>
>>
>>
>> Thanks,
>> Raghu
>>
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
Re: rampart_handler_util.c -- parameter not set
Posted by Uthaiyashankar <sh...@wso2.com>.
Raghu Udupa wrote:
> Thanks Samisa.
>
> The first reported error is parameter 0 not being set in
> rampart_handler_util.c. I wanted to know which configuration parameter
> method rampart_get_rampart_configuration in rampart_handler_util.c is
> looking for.
>
That error message is misleading. It is actually not an error. :). We
have to remove it. So, you can safely ignore it.
Regards,
Shankar.
> Regards,
> Raghu
>
> -----Original Message-----
> From: Samisa Abeysinghe [mailto:samisa@wso2.com]
> Sent: Wednesday, October 01, 2008 9:32 PM
> To: Apache AXIS C User List
> Subject: Re: rampart_handler_util.c -- parameter not set
>
>
>> 2. Also, the webservices client is getting following error while
>> attempting to engage rampart module.
>>
>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
>> [rampart][rampart_handler_utils] 0 parameter is not set.
>>
>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
>> RampartClientConfiguration not set in message context
>>
>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
>> extenension index of NID_subject_key_identifier is not valid
>>
>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
>> in transport
>>
>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
>> [rampart][rampart_engine] Cannot get saved rampart_context
>>
>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
>> [rampart][rampart_in_handler] rampart_context creation failed.
>>
>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
>> RampartInHandler invoke failed within phase PreDispatch
>>
>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
>> PreDispatch failed
>>
>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
>> Unidentified character in SOAP 1.1 builder helper processing
>>
>>
> As the error says, there is something wrong in your key.
>
> Samisa...
>
>> 3. I am also including the server log. I am using a self signed
>> certificate generated using openssl to sign the message. Digest
>> verification is succeeding. But signature verification is
>>
> failing.
>
>>
>>
>> Thanks,
>> Raghu
>>
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
RE: rampart_handler_util.c -- parameter not set
Posted by Raghu Udupa <ru...@easylink.com>.
Thanks Samisa.
The first reported error is parameter 0 not being set in
rampart_handler_util.c. I wanted to know which configuration parameter
method rampart_get_rampart_configuration in rampart_handler_util.c is
looking for.
Regards,
Raghu
-----Original Message-----
From: Samisa Abeysinghe [mailto:samisa@wso2.com]
Sent: Wednesday, October 01, 2008 9:32 PM
To: Apache AXIS C User List
Subject: Re: rampart_handler_util.c -- parameter not set
>
>
> 2. Also, the webservices client is getting following error while
> attempting to engage rampart module.
>
> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
> [rampart][rampart_handler_utils] 0 parameter is not set.
>
> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
> RampartClientConfiguration not set in message context
>
> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
> extenension index of NID_subject_key_identifier is not valid
>
> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
> in transport
>
> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
> [rampart][rampart_engine] Cannot get saved rampart_context
>
> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
> [rampart][rampart_in_handler] rampart_context creation failed.
>
> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
> RampartInHandler invoke failed within phase PreDispatch
>
> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
> PreDispatch failed
>
> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
> Unidentified character in SOAP 1.1 builder helper processing
>
As the error says, there is something wrong in your key.
Samisa...
>
> 3. I am also including the server log. I am using a self signed
> certificate generated using openssl to sign the message. Digest
> verification is succeeding. But signature verification is
failing.
>
>
>
> Thanks,
> Raghu
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
Re: rampart_handler_util.c -- parameter not set
Posted by Samisa Abeysinghe <sa...@wso2.com>.
Raghu Udupa wrote:
>
> Hi,
>
>
>
> I modified axis2.xml to include Security phase in outflow phase order.
> That allowed the web services client to attempt rampart module. I am
> using axis2_http_server for doing the testing.
>
>
>
>
>
> 1. Is it OK to include security phase in axis2.xml when the client
> does not engage rampart module?
>
Yes.
>
> 1.
>
>
> 2. Also, the webservices client is getting following error while
> attempting to engage rampart module.
>
> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241)
> [rampart][rampart_handler_utils] 0 parameter is not set.
>
> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381)
> RampartClientConfiguration not set in message context
>
> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284
> in openssl_x509_get_subject_key_identifier] oxs defualt error , The
> extenension index of NID_subject_key_identifier is not valid
>
> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
> in transport
>
> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122)
> [rampart][rampart_engine] Cannot get saved rampart_context
>
> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114)
> [rampart][rampart_in_handler] rampart_context creation failed.
>
> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler
> RampartInHandler invoke failed within phase PreDispatch
>
> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase
> PreDispatch failed
>
> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368)
> Unidentified character in SOAP 1.1 builder helper processing
>
As the error says, there is something wrong in your key.
Samisa...
>
> 3. I am also including the server log. I am using a self signed
> certificate generated using openssl to sign the message. Digest
> verification is succeeding. But signature verification is failing.
>
>
>
> Thanks,
> Raghu
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.173 / Virus Database: 270.7.5/1702 - Release Date: 10/1/2008 9:05 AM
>
>
--
Samisa Abeysinghe
Director, Engineering; WSO2 Inc.
http://www.wso2.com/ - "The Open Source SOA Company"
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org