You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Laurent COLLET <la...@predict.fr> on 2005/09/06 11:34:27 UTC
WSS4J and DOTNET
Hi,
I work on testing interoperability between Java and .net WebServices. At
present, my main problem is to sign request.
My client can send a signed request to the server, but the server
response with a soap error:
:
(snippet of the result on the client side)
Erreur: WSE402: The message does not conform to the policy it was mapped to.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
faultSubcode:
faultString: WSE402: The message does not conform to the policy it was
mapped to.
faultActor: http://server04/ServiceSecurise/Service1.asmx
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:WSE402: The message does not
conform to the policy it was mapped to.
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
at
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
at
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
at
org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse(AddressingHandler.java:300)
at
org.apache.axis.message.addressing.handler.AddressingHandler.invoke(AddressingHandler.java:110)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
at org.apache.axis.client.Call.invoke(Call.java:2748)
at org.apache.axis.client.Call.invoke(Call.java:2424)
at org.apache.axis.client.Call.invoke(Call.java:2347)
at org.apache.axis.client.Call.invoke(Call.java:1804)
at
wss.Service1Soap_BindingStub.helloWorld(Service1Soap_BindingStub.java:115)
at ws.Main.main(Main.java:102)
I checked all the certificate and the policy on the server is correct:
I catch the xml message from the Java Client and from the .net Client.
Here is the main difference between the 2 files:
WSS4J CLIENT:
...
- <#> <ds:Signature xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
<ds:SignatureMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
- <#> <ds:Reference URI="*#id-20259687*">
- <#> <ds:Transforms>
<ds:Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
<ds:DigestValue>V9LIVl8g9d9u1dvhWrcUwXHJu/8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>VDg9rKbO2cGkoMvmaHNxL5bnLki+A41AsiPd3PZakFtic3XLmrQ42jiwFufqkJXkZDubzPzQCyTM
OBI5De6Ub+mK81c6BsO6qrKiJjLP+tZuSPMjqwwFjxE06qnCoLlqhgewJ7MIaO+EvertTffiFgSl
xMAZNsL9XoMWGX7bSbU=</ds:SignatureValue>
- <#> <ds:KeyInfo Id="*KeyId-14625088*">
- <#> <wsse:SecurityTokenReference
xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*"
wsu:Id="*STRId-22908277*">
<wsse:Reference URI="*#CertId-14080341*"
ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*"
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
...
.NET CLIENT
...
<<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*">
- <#> <SignedInfo>
<ds:CanonicalizationMethod
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"
xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*" />
<SignatureMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
- <#> <Reference URI="*#Id-8c11c53d-dd74-44c3-9cec-e76163be1c44*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
<DigestValue>v4Te1liHeznwsXqfYThWz4/oGY8=</DigestValue>
</Reference>
- <#> <Reference URI="*#Id-d5c91450-9be5-4c20-a11e-ad4dbfa9b6df*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
<DigestValue>t9W3z0PflXfGh/dhTekRC/32PqM=</DigestValue>
</Reference>
- <#> <Reference URI="*#Id-86fd872f-fcf8-4874-9649-c424546078f1*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
<DigestValue>bX3Xibb7JA1TAAZFLjxwwWAxJus=</DigestValue>
</Reference>
- <#> <Reference URI="*#Id-d2416533-130a-48f0-99d7-9d93acd664f9*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
<DigestValue>xApDHcXdNXowrCxORsCYZbIKiLs=</DigestValue>
</Reference>
- <#> <Reference
URI="*#Timestamp-7d5835ff-7a51-4fab-9cd9-a5f4edcf4496*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
<DigestValue>w22vEmgmXpdiNBkZXtZRj1Yp2Zk=</DigestValue>
</Reference>
- <#> <Reference URI="*#Id-59bb037e-d745-4d0d-90f3-9414e74d7954*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
<DigestValue>WghIsez5aKicT4HXUSDFq+YkTUA=</DigestValue>
</Reference>
</SignedInfo>
...
As you can see there is much more reference on the .NET CLIENT.
My questions:
- Do you think that the error message come from this lack of reference?
- How is it possible to change the configuration of my Java Client to
make possible the interop?
Here is my WSDD file:
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<!-- ADDRESSING -->
<handler
type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
<!-- SECURITY -->
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="user"
value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
/>
<parameter name="passwordCallbackClass"
value="ws.PWCallback" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="signatureKeyIdentifier"
value="DirectReference" />
</handler>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender"><!-- OK -->
<parameter name="action" value="UsernameToken Timestamp" />
<parameter name="user" value="login" />
<parameter name="passwordCallbackClass"
value="ws.PWCallback" />
<parameter name="passwordType" value="PasswordText"
/><!-- PasswordDigest -->
<parameter name="addUTElements" value="Nonce Created" />
</handler>
</requestFlow>
<responseFlow>
<handler
type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
</responseFlow>
</globalConfiguration>
</deployment>
Thanks for your help.
Regards,
Laurent
Re: WSS4J and DOTNET
Posted by Davide Romanini <d....@cineca.it>.
Il giorno mer, 07/09/2005 alle 11.46 +0200, Laurent COLLET ha scritto:
> With WSS4J the BinarySecurityToken is after the UsernameToken. I try
> to add a second BST but I don't find any other way than adding a new
> signature on my wsdd file like this
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Timestamp Signature NoSerialization" />
> <parameter name="user" value="c441dda96a365ebdc25f344d1a59211d_435e19e1-be28-4dd4-817c-f1e0c5bbc233" />
> <parameter name="passwordCallbackClass" value="ws.PWCallback" />
> <parameter name="signaturePropFile" value="crypto.properties" />
> <parameter name="signatureParts" value="
> {}{}Body;
> {}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;
> {}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;
> {}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;
> {}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" />
> <parameter name="signatureKeyIdentifier" value="DirectReference" />
> </handler>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Signature" />
> <parameter name="user" value="c441dda96a365ebdc25f344d1a59211d_435e19e1-be28-4dd4-817c-f1e0c5bbc233" />
> <parameter name="passwordCallbackClass" value="ws.PWCallback" />
> <parameter name="signaturePropFile" value="crypto.properties" />
> <parameter name="signatureParts" value="" />
> <parameter name="signatureKeyIdentifier" value="DirectReference" />
> </handler>
> But the SOAP message generate an error "An error was discovered
> processing the <Security> header". I think this error is due to the
> second <Signature> element introduced.
>
> So, my questions are:
> - Do you think that the interop problem is due to this lack of one
> BinarySecurityToken?
> - If yes, is it possible to add a second BinarySecurityToken without
> adding a new <signature> element?
>
In dotnet.xml seems to me that the second BST
(SecurityToken-fb1690aa-a03b-45b7-a50b-ab66373d4c94) isn't used at all,
the signature is generated only using the second one
(SecurityToken-82c05b4c-3cb7-4e48-9d87-17a0855ff52b), that's just the
right one.
I don't know why .NET appends the first token (it's CN=Serveur.Net2) but
it depends on some configuration setting of the security framework for
sure. For example the Policy may include a global SecurityToken
Assertion to make sure that all requests attach a specific certificate.
If it's the case, I think that WSS4J doesn't support a "fast" way to
perform this action (probably you can do that "manually", but I don't
think it's so simple).
Bye,
Davide Romanini
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J and DOTNET
Posted by Davide Romanini <d....@cineca.it>.
Il giorno mer, 07/09/2005 alle 11.46 +0200, Laurent COLLET ha scritto:
> With WSS4J the BinarySecurityToken is after the UsernameToken. I try
> to add a second BST but I don't find any other way than adding a new
> signature on my wsdd file like this
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Timestamp Signature NoSerialization" />
> <parameter name="user" value="c441dda96a365ebdc25f344d1a59211d_435e19e1-be28-4dd4-817c-f1e0c5bbc233" />
> <parameter name="passwordCallbackClass" value="ws.PWCallback" />
> <parameter name="signaturePropFile" value="crypto.properties" />
> <parameter name="signatureParts" value="
> {}{}Body;
> {}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;
> {}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;
> {}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;
> {}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" />
> <parameter name="signatureKeyIdentifier" value="DirectReference" />
> </handler>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Signature" />
> <parameter name="user" value="c441dda96a365ebdc25f344d1a59211d_435e19e1-be28-4dd4-817c-f1e0c5bbc233" />
> <parameter name="passwordCallbackClass" value="ws.PWCallback" />
> <parameter name="signaturePropFile" value="crypto.properties" />
> <parameter name="signatureParts" value="" />
> <parameter name="signatureKeyIdentifier" value="DirectReference" />
> </handler>
> But the SOAP message generate an error "An error was discovered
> processing the <Security> header". I think this error is due to the
> second <Signature> element introduced.
>
> So, my questions are:
> - Do you think that the interop problem is due to this lack of one
> BinarySecurityToken?
> - If yes, is it possible to add a second BinarySecurityToken without
> adding a new <signature> element?
>
In dotnet.xml seems to me that the second BST
(SecurityToken-fb1690aa-a03b-45b7-a50b-ab66373d4c94) isn't used at all,
the signature is generated only using the second one
(SecurityToken-82c05b4c-3cb7-4e48-9d87-17a0855ff52b), that's just the
right one.
I don't know why .NET appends the first token (it's CN=Serveur.Net2) but
it depends on some configuration setting of the security framework for
sure. For example the Policy may include a global SecurityToken
Assertion to make sure that all requests attach a specific certificate.
If it's the case, I think that WSS4J doesn't support a "fast" way to
perform this action (probably you can do that "manually", but I don't
think it's so simple).
Bye,
Davide Romanini
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J and DOTNET
Posted by Laurent COLLET <la...@predict.fr>.
Hi,
I compared the both file I sent yesterday and I have discovered that
there are 2 different BinarySecurityToken on the .Net client: 1 after
the Timestamp and 1 after the UsernameToken.
code snippet:
<<wsu:Timestamp wsu:Id="*Timestamp-261a1fc1-f5c5-4b7e-a087-206a7dc1f18f*">
<wsu:Created>2005-09-06T15:50:04Z</wsu:Created>
<wsu:Expires>2005-09-06T15:51:04Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*" EncodingType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary*" xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*" wsu:Id="*SecurityToken-fb1690aa-a03b-45b7-a50b-ab66373d4c94*">XXX</wsse:BinarySecurityToken>
- <#> <wsse:UsernameToken xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*" wsu:Id="*SecurityToken-d59acd5f-06f5-4041-bf79-909bbf8775d6*">
<wsse:Username>login</wsse:Username>
<wsse:Password
Type="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText*">passwd</wsse:Password>
<wsse:Nonce>/qrV4MvlXmI4A8AvdeyFPA==</wsse:Nonce>
<wsu:Created>2005-09-06T15:50:04Z</wsu:Created>
</wsse:UsernameToken>
<wsse:BinarySecurityToken
ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*" EncodingType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary*" xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*" wsu:Id="*SecurityToken-82c05b4c-3cb7-4e48-9d87-17a0855ff52b*">XXX</wsseBinarySecurityToken>
With WSS4J the BinarySecurityToken is after the UsernameToken. I try to
add a second BST but I don't find any other way than adding a new
signature on my wsdd file like this
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Timestamp Signature NoSerialization" />
<parameter name="user" value="c441dda96a365ebdc25f344d1a59211d_435e19e1-be28-4dd4-817c-f1e0c5bbc233" />
<parameter name="passwordCallbackClass" value="ws.PWCallback" />
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="signatureParts" value="
{}{}Body;
{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;
{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;
{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;
{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
</handler>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="user" value="c441dda96a365ebdc25f344d1a59211d_435e19e1-be28-4dd4-817c-f1e0c5bbc233" />
<parameter name="passwordCallbackClass" value="ws.PWCallback" />
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="signatureParts" value="" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
</handler>
But the SOAP message generate an error "An error was discovered
processing the <Security> header". I think this error is due to the
second <Signature> element introduced.
So, my questions are:
- Do you think that the interop problem is due to this lack of one
BinarySecurityToken?
- If yes, is it possible to add a second BinarySecurityToken without
adding a new <signature> element?
Thanks in advance.
Regards,
Laurent
Laurent COLLET a écrit :
> I made different changes since my last mail and here is the result.
> There are 2 files dotnet.xml and java.xml. For me there are nearly the
> same.. but dotnet.xml works and the other no...
> If someone courageous could check a little bit and help me, I will be
> very grateful. My idea box is empty! ;)
>
> regards,
> Laurent
>
>
>
> Davide Romanini a écrit :
>
>>Il giorno mar, 06/09/2005 alle 15.38 +0200, Laurent COLLET ha scritto:
>>
>>
>>
>>>as you can see. some elements are missing: ReplyTo, RelatesTo and
>>>FaultTo. This elements are missing in the default configuration of the
>>>AddressingHandler. So, for instance, I try to found a good tutorial on
>>>Apache WS-Addressing...
>>>
>>>
>>>
>>
>>I think you should manually add the missing addressing headers in the
>>client:
>>
>> AddressingHeaders headers = new AddressingHeaders();
>> Action a = new Action(new URI("urn:action"));
>> headers.setAction(a);
>> EndpointReference epr = new EndpointReference("http://www.apache.org");
>> headers.setFaultTo(epr);
>> [..]
>>
>>then you add it in a property field before to make the call:
>>
>> call.setProperty(Constants.ENV_ADDRESSING_REQUEST_HEADERS, headers);
>>
>>Then you should be able to sign the headers WSE expects.
>>
>>I don't know if there's a way to set these fields in the wsdd, in my
>>experience I have only used the default headers.
>>
>>Refer to the ShortTutorial.txt in CVS:
>>http://cvs.apache.org/viewcvs.cgi/ws-addressing/ShortTutorial.txt?rev=1.2&view=markup
>>
>>Bye,
>>Davide Romanini
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soap:Header><wsa:Action wsu:Id="Id-5def7328-2bd2-4258-8493-96947e08771b">http://www.predict.fr/WebService/HelloWorld</wsa:Action><wsa:MessageID wsu:Id="Id-3a2e11e1-a785-4a0e-a856-60bacf50b1b2">uuid:7f7d6608-84e2-4f25-bf0d-faacc7812b4f</wsa:MessageID><wsa:ReplyTo wsu:Id="Id-ab7bb344-42e3-4cce-a0f0-46ca2970bbac"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address></wsa:ReplyTo><wsa:To wsu:Id="Id-4c2d1d30-d11b-45cb-8a04-f9df5ac18e31">http://server04/ServiceSecurise/Service1.asmx</wsa:To><wss
> e:Security soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-261a1fc1-f5c5-4b7e-a087-206a7dc1f18f"><wsu:Created>2005-09-06T15:50:04Z</wsu:Created><wsu:Expires>2005-09-06T15:51:04Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-fb1690aa-a03b-45b7-a50b-ab66373d4c94">MIIEXTCCA0WgAwIBAgIKP4/IbAADAAAAJDANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdQUkVESUNUMB4XDTA1MDgyOTE1MzI1OVoXDTA2MDgyOTE1NDI1OVowgZsxCzAJBgNVBAYTAkZSMRswGQYDVQQIExJNZXVydGhlIGV0IE1vc2VsbGUxDjAMBgNVBAcTBU5hbmN5MRAwDgYDVQQKEwdQUkVESUNUMQwwCgYDVQQLDANSJkQxFTATBgNVBAMTDFNlcnZldXIuTmV0MjEoMCYGCSqGSIb3DQEJARYZbGF1cmVudC5jb2xsZXRAcHJlZGljdC5mcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzXm6PlIhj7ff
> cnUBvp5UE9KdN4OIY4vvTFWh92Bn47xj4oAdftcvQpIC6dEi3SHRybAurnkaPOLkngfryC3XI8JQs9kjkmK2Ev8exXDUfbaP4SivZSr0AaR8Cb/4AWsAuy+jFV31wEhe570x7MWXB7gAgNQV3Nq+Nt2eNkgIPmkCAwEAAaOCAa0wggGpMA4GA1UdDwEB/wQEAwIE8DBEBgkqhkiG9w0BCQ8ENzA1MA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFLeHWrMsdA7dK6HxvFJG5qzB2EvcMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdIwQYMBaAFILKHtE/KX07FBZDFpR0wJK/23gnMGcGA1UdHwRgMF4wXKBaoFiGKWh0dHA6Ly9zZXJ2ZXIwNC9DZXJ0RW5yb2xsL1BSRURJQ1QoMykuY3JshitmaWxlOi8vXFxzZXJ2ZXIwNFxDZXJ0RW5yb2xsXFBSRURJQ1QoMykuY3JsMIGSBggrBgEFBQcBAQSBhTCBgjA+BggrBgEFBQcwAoYyaHR0cDovL3NlcnZlcjA0L0NlcnRFbnJvbGwvc2VydmVyMDRfUFJFRElDVCgzKS5jcnQwQAYIKwYBBQUHMAKGNGZpbGU6Ly9cXHNlcnZlcjA0XENlcnRFbnJvbGxcc2VydmVyMDRfUFJFRElDVCgzKS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAMbU7x3e3XpKl/wNC48GfBtw83dphLIlNtco0/caE7gqqQyybOU1LDYqTwf5cqp8L8RnpcmUSkK30jaowy1LGFoXJ9CFpzhNcuUV04hcm5XxkMhjS4dmBGxavUXmTfxmiLtmnxuSNun+10Nxm654hGFmdCLKcY1j7I1OY+cSkDpo4RwYQ6ClLVI32MDnNjGaOBDyspzcwCF9F8ijQDWJhJGtcS2SX
> MJ4S++H4RZvkd9heFYA8Xr/nowmR4YXBAZcKB37cXccg1n5C+IHZ2D++TC3VB0SGEsDN5mtM7CPfPC7r5kXq1BcsPpTXfO4fr30f/zGNhrFAWjwlD5bl0As7zM=</wsse:BinarySecurityToken><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-d59acd5f-06f5-4041-bf79-909bbf8775d6"><wsse:Username>login</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">passwd</wsse:Password><wsse:Nonce>/qrV4MvlXmI4A8AvdeyFPA==</wsse:Nonce><wsu:Created>2005-09-06T15:50:04Z</wsu:Created></wsse:UsernameToken><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-82c05b4c-3cb7-4e48-9
> d87-17a0855ff52b">MIIEUzCCAzugAwIBAgIKYfMbZAADAAAAJTANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdQUkVESUNUMB4XDTA1MDkwNDA3NDcyNloXDTA2MDkwNDA3NTcyNlowgZExCzAJBgNVBAYTAkZSMREwDwYDVQQIEwhMT1JSQUlORTEQMA4GA1UEBwwHTkFOQ8K1WTEQMA4GA1UEChMHUFJFRElDVDEMMAoGA1UECwwDUiZEMRMwEQYDVQQDEwpDbGllbnQrS2V5MSgwJgYJKoZIhvcNAQkBFhlsYXVyZW50LmNvbGxldEBwcmVkaWN0LmZyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC14Hew360uC9GkQPSzZ+XQr4Zk9IOa6wUAQIgaq7+ihqRUZxcQTmdgiDOtVEJxzzxpNPYDQcf9WvNH98nYPAgd+UdN4ciZi+FzvxAtS0b/bbJXjnWdYvk+rjFBwCowCFdkxqOLUSjrpzZKOD+5pzM7umeS//0gjc2uKLcusN1yoQIDAQABo4IBrTCCAakwDgYDVR0PAQH/BAQDAgTwMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUZoa6oPBGvWnEBEbIZP3z3jl41bQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUgsoe0T8pfTsUFkMWlHTAkr/beCcwZwYDVR0fBGAwXjBcoFqgWIYpaHR0cDovL3NlcnZlcjA0L0NlcnRFbnJvbGwvUFJFRElDVCgzKS5jcmyGK2ZpbGU6Ly9cXHNlcnZlcjA0XENlcnRFbnJvbGxcUFJFRElDVCgzKS5jcmwwgZIGCCsGAQUFBwEBBIGFMIGCMD4GCCsGAQUFBzAChjJodHRwOi8vc2V
> ydmVyMDQvQ2VydEVucm9sbC9zZXJ2ZXIwNF9QUkVESUNUKDMpLmNydDBABggrBgEFBQcwAoY0ZmlsZTovL1xcc2VydmVyMDRcQ2VydEVucm9sbFxzZXJ2ZXIwNF9QUkVESUNUKDMpLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAiF/6mm7GLbekWcORVqf7qQIoOgPpBWZNbzscrARlFo9SwEWQcAVNJXzdlyjODHpqpnpebnN9tj5SDfmfPWynctAC0nqewdG8h+7+y8IE3jbl796N1xFqu7uIVNOFe/e4NC8mVEXiwusPLaYGQiXdKRr2VzgUlqUSuPujP8wyECjK8FrEyWzKvLiUOm0AIuoRsEaRRHVA1lF9jMu5yiaY/res7Hf+0oDwe6b8Bb9F+XrL5ftKae9qhRqu4Slgip9RE0JrkWBY71Z0tkBwyQa8kBEvENjmW2Ax0SfHs4yW2vmM8QIbw5Q8bLHNNGQ6f/fDe29rxXw1qmQwepEtVba5aA==</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#Id-5def7328-2bd2-4258-8493-96947e08771b"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://ww
> w.w3.org/2000/09/xmldsig#sha1" /><DigestValue>T3spTt7yA4jNY7Ryezw+FDKg7KI=</DigestValue></Reference><Reference URI="#Id-3a2e11e1-a785-4a0e-a856-60bacf50b1b2"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>UyNKdSKXodhzXeahV3DqlQ0Lsus=</DigestValue></Reference><Reference URI="#Id-ab7bb344-42e3-4cce-a0f0-46ca2970bbac"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>NYqSLPhJ15QGGTI4wjL17Uj2hv0=</DigestValue></Reference><Reference URI="#Id-4c2d1d30-d11b-45cb-8a04-f9df5ac18e31"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>XOTVSFEFasQAsjz/WWUDLT7J9/w=</DigestValue></Reference><Reference URI="#Timestamp-261a1fc1-f5c5-4b
> 7e-a087-206a7dc1f18f"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>HupqtNIUXJGgVUXYqqZrjXxXNnM=</DigestValue></Reference><Reference URI="#Id-68b53b42-2fa3-4f29-83c0-a20b37a9dc67"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>1AL+A+b5tHJEOYGjrGRd+9hQgmg=</DigestValue></Reference></SignedInfo><SignatureValue>jJWMCGTGFJB2u+jxuJcLYNPipyz2ohJT3LDrblVUs1WOH5M41EwnzsKQsooMehT6t9eDREo8T2or+r+6kWZiUu5M2WEzSCoRctl/RtFRyNyKUj/L6JSPJZf8dMNzGWi8PtBkWmVscmgv4lN2P5/yP9ZjE87/H5MtL5OP1f/R9Io=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#SecurityToken-82c05b4c-3cb7-4e48-9d87-17a0855ff52b" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference><
> /KeyInfo></Signature></wsse:Security></soap:Header><soap:Body wsu:Id="Id-68b53b42-2fa3-4f29-83c0-a20b37a9dc67"><HelloWorld xmlns="http://www.predict.fr/WebService/" /></soap:Body></soap:Envelope>
>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="UTF-8"?>
><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header>
><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
><wsse:UsernameToken><wsse:Username>login</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">passwd</wsse:Password><wsse:Nonce>Th2UDM2rdNojMlfmomMHSA==</wsse:Nonce><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2005-09-06T16:06:05.620Z</wsu:Created></wsse:UsernameToken><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-14080341">MIIEUzCCAzugAwIBAgIKYfMbZAADAAAAJTANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdQUkVE
>SUNUMB4XDTA1MDkwNDA3NDcyNloXDTA2MDkwNDA3NTcyNlowgZExCzAJBgNVBAYTAkZSMREwDwYD
>VQQIEwhMT1JSQUlORTEQMA4GA1UEBwwHTkFOQ8K1WTEQMA4GA1UEChMHUFJFRElDVDEMMAoGA1UE
>CwwDUiZEMRMwEQYDVQQDEwpDbGllbnQrS2V5MSgwJgYJKoZIhvcNAQkBFhlsYXVyZW50LmNvbGxl
>dEBwcmVkaWN0LmZyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC14Hew360uC9GkQPSzZ+XQ
>r4Zk9IOa6wUAQIgaq7+ihqRUZxcQTmdgiDOtVEJxzzxpNPYDQcf9WvNH98nYPAgd+UdN4ciZi+Fz
>vxAtS0b/bbJXjnWdYvk+rjFBwCowCFdkxqOLUSjrpzZKOD+5pzM7umeS//0gjc2uKLcusN1yoQID
>AQABo4IBrTCCAakwDgYDVR0PAQH/BAQDAgTwMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwIC
>AgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUZoa6oPBG
>vWnEBEbIZP3z3jl41bQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUgsoe0T8pfTsU
>FkMWlHTAkr/beCcwZwYDVR0fBGAwXjBcoFqgWIYpaHR0cDovL3NlcnZlcjA0L0NlcnRFbnJvbGwv
>UFJFRElDVCgzKS5jcmyGK2ZpbGU6Ly9cXHNlcnZlcjA0XENlcnRFbnJvbGxcUFJFRElDVCgzKS5j
>cmwwgZIGCCsGAQUFBwEBBIGFMIGCMD4GCCsGAQUFBzAChjJodHRwOi8vc2VydmVyMDQvQ2VydEVu
>cm9sbC9zZXJ2ZXIwNF9QUkVESUNUKDMpLmNydDBABggrBgEFBQcwAoY0ZmlsZTovL1xcc2VydmVy
>MDRcQ2VydEVucm9sbFxzZXJ2ZXIwNF9QUkVESUNUKDMpLmNydDANBgkqhkiG9w0BAQUFAAOCAQEA
>iF/6mm7GLbekWcORVqf7qQIoOgPpBWZNbzscrARlFo9SwEWQcAVNJXzdlyjODHpqpnpebnN9tj5S
>DfmfPWynctAC0nqewdG8h+7+y8IE3jbl796N1xFqu7uIVNOFe/e4NC8mVEXiwusPLaYGQiXdKRr2
>VzgUlqUSuPujP8wyECjK8FrEyWzKvLiUOm0AIuoRsEaRRHVA1lF9jMu5yiaY/res7Hf+0oDwe6b8
>Bb9F+XrL5ftKae9qhRqu4Slgip9RE0JrkWBY71Z0tkBwyQa8kBEvENjmW2Ax0SfHs4yW2vmM8QIb
>w5Q8bLHNNGQ6f/fDe29rxXw1qmQwepEtVba5aA==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
><ds:SignedInfo>
><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
><ds:Reference URI="#id-17649447">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>s+QF7UNXU8VSzQCksmwKVlLwaU8=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-22908277">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>rxMWfg/LW9O0QBcuVWCkFACbWnQ=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-15860788">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>4p2vzjeEWsCIzpNitxGbBn7zGl4=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-15865423">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>u33Enp/H5yx7EMiyMOK5jM+x6eo=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-26655428">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>0GjL7DmFdE/b5qOoeYzKJZSesL0=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-12570890">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>e6/pBEpVrbPq0przZStS6r7EVQI=</ds:DigestValue>
></ds:Reference>
></ds:SignedInfo>
><ds:SignatureValue>
>rkQUgKW0m/I1nhjiO4TMWePP7sDCA7KgOpTkVEpIkR+NM1ysr88prBGLV9BAKWkIPFOONg80karv
>Kov5mEdBwhZ3zXtWR1sL1qZsKY9jtHRolUggd0kNJ1ZW9bK+bYLjaCm1+KQ67tuIxkepAxLix0CH
>gITMngGXeKDcBtEVdk8=
></ds:SignatureValue>
><ds:KeyInfo Id="KeyId-15313427">
><wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-13842387"><wsse:Reference URI="#CertId-14080341" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference></wsse:SecurityTokenReference>
></ds:KeyInfo>
></ds:Signature>
><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-12570890"><wsu:Created>2005-09-06T16:06:05Z</wsu:Created><wsu:Expires>2005-09-06T16:11:05Z</wsu:Expires></wsu:Timestamp></wsse:Security><wsa:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15860788" soapenv:mustUnderstand="0"></wsa:MessageID><wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-26655428" soapenv:mustUnderstand="0">http://server04/ServiceSecurise/Service1.asmx</wsa:To><wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-22908277" soapenv:mustUnderstand="0">http://www.predict.fr/WebService/HelloWorld</wsa:Action><wsa:From soapenv:mustUnderstand="0"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:From><wsa:
> ReplyTo xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15865423" soapenv:mustUnderstand="0"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address></wsa:ReplyTo></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-17649447"><ns1:helloWorld xmlns:ns1="http://www.predict.fr" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"></ns1:helloWorld></soapenv:Body></soapenv:Envelope>
>
>
>------------------------------------------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
Re: WSS4J and DOTNET
Posted by Laurent COLLET <la...@predict.fr>.
Hi,
I compared the both file I sent yesterday and I have discovered that
there are 2 different BinarySecurityToken on the .Net client: 1 after
the Timestamp and 1 after the UsernameToken.
code snippet:
<<wsu:Timestamp wsu:Id="*Timestamp-261a1fc1-f5c5-4b7e-a087-206a7dc1f18f*">
<wsu:Created>2005-09-06T15:50:04Z</wsu:Created>
<wsu:Expires>2005-09-06T15:51:04Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*" EncodingType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary*" xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*" wsu:Id="*SecurityToken-fb1690aa-a03b-45b7-a50b-ab66373d4c94*">XXX</wsse:BinarySecurityToken>
- <#> <wsse:UsernameToken xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*" wsu:Id="*SecurityToken-d59acd5f-06f5-4041-bf79-909bbf8775d6*">
<wsse:Username>login</wsse:Username>
<wsse:Password
Type="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText*">passwd</wsse:Password>
<wsse:Nonce>/qrV4MvlXmI4A8AvdeyFPA==</wsse:Nonce>
<wsu:Created>2005-09-06T15:50:04Z</wsu:Created>
</wsse:UsernameToken>
<wsse:BinarySecurityToken
ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*" EncodingType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary*" xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*" wsu:Id="*SecurityToken-82c05b4c-3cb7-4e48-9d87-17a0855ff52b*">XXX</wsseBinarySecurityToken>
With WSS4J the BinarySecurityToken is after the UsernameToken. I try to
add a second BST but I don't find any other way than adding a new
signature on my wsdd file like this
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Timestamp Signature NoSerialization" />
<parameter name="user" value="c441dda96a365ebdc25f344d1a59211d_435e19e1-be28-4dd4-817c-f1e0c5bbc233" />
<parameter name="passwordCallbackClass" value="ws.PWCallback" />
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="signatureParts" value="
{}{}Body;
{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;
{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;
{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;
{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
</handler>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="user" value="c441dda96a365ebdc25f344d1a59211d_435e19e1-be28-4dd4-817c-f1e0c5bbc233" />
<parameter name="passwordCallbackClass" value="ws.PWCallback" />
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="signatureParts" value="" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
</handler>
But the SOAP message generate an error "An error was discovered
processing the <Security> header". I think this error is due to the
second <Signature> element introduced.
So, my questions are:
- Do you think that the interop problem is due to this lack of one
BinarySecurityToken?
- If yes, is it possible to add a second BinarySecurityToken without
adding a new <signature> element?
Thanks in advance.
Regards,
Laurent
Laurent COLLET a écrit :
> I made different changes since my last mail and here is the result.
> There are 2 files dotnet.xml and java.xml. For me there are nearly the
> same.. but dotnet.xml works and the other no...
> If someone courageous could check a little bit and help me, I will be
> very grateful. My idea box is empty! ;)
>
> regards,
> Laurent
>
>
>
> Davide Romanini a écrit :
>
>>Il giorno mar, 06/09/2005 alle 15.38 +0200, Laurent COLLET ha scritto:
>>
>>
>>
>>>as you can see. some elements are missing: ReplyTo, RelatesTo and
>>>FaultTo. This elements are missing in the default configuration of the
>>>AddressingHandler. So, for instance, I try to found a good tutorial on
>>>Apache WS-Addressing...
>>>
>>>
>>>
>>
>>I think you should manually add the missing addressing headers in the
>>client:
>>
>> AddressingHeaders headers = new AddressingHeaders();
>> Action a = new Action(new URI("urn:action"));
>> headers.setAction(a);
>> EndpointReference epr = new EndpointReference("http://www.apache.org");
>> headers.setFaultTo(epr);
>> [..]
>>
>>then you add it in a property field before to make the call:
>>
>> call.setProperty(Constants.ENV_ADDRESSING_REQUEST_HEADERS, headers);
>>
>>Then you should be able to sign the headers WSE expects.
>>
>>I don't know if there's a way to set these fields in the wsdd, in my
>>experience I have only used the default headers.
>>
>>Refer to the ShortTutorial.txt in CVS:
>>http://cvs.apache.org/viewcvs.cgi/ws-addressing/ShortTutorial.txt?rev=1.2&view=markup
>>
>>Bye,
>>Davide Romanini
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soap:Header><wsa:Action wsu:Id="Id-5def7328-2bd2-4258-8493-96947e08771b">http://www.predict.fr/WebService/HelloWorld</wsa:Action><wsa:MessageID wsu:Id="Id-3a2e11e1-a785-4a0e-a856-60bacf50b1b2">uuid:7f7d6608-84e2-4f25-bf0d-faacc7812b4f</wsa:MessageID><wsa:ReplyTo wsu:Id="Id-ab7bb344-42e3-4cce-a0f0-46ca2970bbac"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address></wsa:ReplyTo><wsa:To wsu:Id="Id-4c2d1d30-d11b-45cb-8a04-f9df5ac18e31">http://server04/ServiceSecurise/Service1.asmx</wsa:To><wss
> e:Security soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-261a1fc1-f5c5-4b7e-a087-206a7dc1f18f"><wsu:Created>2005-09-06T15:50:04Z</wsu:Created><wsu:Expires>2005-09-06T15:51:04Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-fb1690aa-a03b-45b7-a50b-ab66373d4c94">MIIEXTCCA0WgAwIBAgIKP4/IbAADAAAAJDANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdQUkVESUNUMB4XDTA1MDgyOTE1MzI1OVoXDTA2MDgyOTE1NDI1OVowgZsxCzAJBgNVBAYTAkZSMRswGQYDVQQIExJNZXVydGhlIGV0IE1vc2VsbGUxDjAMBgNVBAcTBU5hbmN5MRAwDgYDVQQKEwdQUkVESUNUMQwwCgYDVQQLDANSJkQxFTATBgNVBAMTDFNlcnZldXIuTmV0MjEoMCYGCSqGSIb3DQEJARYZbGF1cmVudC5jb2xsZXRAcHJlZGljdC5mcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzXm6PlIhj7ff
> cnUBvp5UE9KdN4OIY4vvTFWh92Bn47xj4oAdftcvQpIC6dEi3SHRybAurnkaPOLkngfryC3XI8JQs9kjkmK2Ev8exXDUfbaP4SivZSr0AaR8Cb/4AWsAuy+jFV31wEhe570x7MWXB7gAgNQV3Nq+Nt2eNkgIPmkCAwEAAaOCAa0wggGpMA4GA1UdDwEB/wQEAwIE8DBEBgkqhkiG9w0BCQ8ENzA1MA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFLeHWrMsdA7dK6HxvFJG5qzB2EvcMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdIwQYMBaAFILKHtE/KX07FBZDFpR0wJK/23gnMGcGA1UdHwRgMF4wXKBaoFiGKWh0dHA6Ly9zZXJ2ZXIwNC9DZXJ0RW5yb2xsL1BSRURJQ1QoMykuY3JshitmaWxlOi8vXFxzZXJ2ZXIwNFxDZXJ0RW5yb2xsXFBSRURJQ1QoMykuY3JsMIGSBggrBgEFBQcBAQSBhTCBgjA+BggrBgEFBQcwAoYyaHR0cDovL3NlcnZlcjA0L0NlcnRFbnJvbGwvc2VydmVyMDRfUFJFRElDVCgzKS5jcnQwQAYIKwYBBQUHMAKGNGZpbGU6Ly9cXHNlcnZlcjA0XENlcnRFbnJvbGxcc2VydmVyMDRfUFJFRElDVCgzKS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAMbU7x3e3XpKl/wNC48GfBtw83dphLIlNtco0/caE7gqqQyybOU1LDYqTwf5cqp8L8RnpcmUSkK30jaowy1LGFoXJ9CFpzhNcuUV04hcm5XxkMhjS4dmBGxavUXmTfxmiLtmnxuSNun+10Nxm654hGFmdCLKcY1j7I1OY+cSkDpo4RwYQ6ClLVI32MDnNjGaOBDyspzcwCF9F8ijQDWJhJGtcS2SX
> MJ4S++H4RZvkd9heFYA8Xr/nowmR4YXBAZcKB37cXccg1n5C+IHZ2D++TC3VB0SGEsDN5mtM7CPfPC7r5kXq1BcsPpTXfO4fr30f/zGNhrFAWjwlD5bl0As7zM=</wsse:BinarySecurityToken><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-d59acd5f-06f5-4041-bf79-909bbf8775d6"><wsse:Username>login</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">passwd</wsse:Password><wsse:Nonce>/qrV4MvlXmI4A8AvdeyFPA==</wsse:Nonce><wsu:Created>2005-09-06T15:50:04Z</wsu:Created></wsse:UsernameToken><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-82c05b4c-3cb7-4e48-9
> d87-17a0855ff52b">MIIEUzCCAzugAwIBAgIKYfMbZAADAAAAJTANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdQUkVESUNUMB4XDTA1MDkwNDA3NDcyNloXDTA2MDkwNDA3NTcyNlowgZExCzAJBgNVBAYTAkZSMREwDwYDVQQIEwhMT1JSQUlORTEQMA4GA1UEBwwHTkFOQ8K1WTEQMA4GA1UEChMHUFJFRElDVDEMMAoGA1UECwwDUiZEMRMwEQYDVQQDEwpDbGllbnQrS2V5MSgwJgYJKoZIhvcNAQkBFhlsYXVyZW50LmNvbGxldEBwcmVkaWN0LmZyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC14Hew360uC9GkQPSzZ+XQr4Zk9IOa6wUAQIgaq7+ihqRUZxcQTmdgiDOtVEJxzzxpNPYDQcf9WvNH98nYPAgd+UdN4ciZi+FzvxAtS0b/bbJXjnWdYvk+rjFBwCowCFdkxqOLUSjrpzZKOD+5pzM7umeS//0gjc2uKLcusN1yoQIDAQABo4IBrTCCAakwDgYDVR0PAQH/BAQDAgTwMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUZoa6oPBGvWnEBEbIZP3z3jl41bQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUgsoe0T8pfTsUFkMWlHTAkr/beCcwZwYDVR0fBGAwXjBcoFqgWIYpaHR0cDovL3NlcnZlcjA0L0NlcnRFbnJvbGwvUFJFRElDVCgzKS5jcmyGK2ZpbGU6Ly9cXHNlcnZlcjA0XENlcnRFbnJvbGxcUFJFRElDVCgzKS5jcmwwgZIGCCsGAQUFBwEBBIGFMIGCMD4GCCsGAQUFBzAChjJodHRwOi8vc2V
> ydmVyMDQvQ2VydEVucm9sbC9zZXJ2ZXIwNF9QUkVESUNUKDMpLmNydDBABggrBgEFBQcwAoY0ZmlsZTovL1xcc2VydmVyMDRcQ2VydEVucm9sbFxzZXJ2ZXIwNF9QUkVESUNUKDMpLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAiF/6mm7GLbekWcORVqf7qQIoOgPpBWZNbzscrARlFo9SwEWQcAVNJXzdlyjODHpqpnpebnN9tj5SDfmfPWynctAC0nqewdG8h+7+y8IE3jbl796N1xFqu7uIVNOFe/e4NC8mVEXiwusPLaYGQiXdKRr2VzgUlqUSuPujP8wyECjK8FrEyWzKvLiUOm0AIuoRsEaRRHVA1lF9jMu5yiaY/res7Hf+0oDwe6b8Bb9F+XrL5ftKae9qhRqu4Slgip9RE0JrkWBY71Z0tkBwyQa8kBEvENjmW2Ax0SfHs4yW2vmM8QIbw5Q8bLHNNGQ6f/fDe29rxXw1qmQwepEtVba5aA==</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#Id-5def7328-2bd2-4258-8493-96947e08771b"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://ww
> w.w3.org/2000/09/xmldsig#sha1" /><DigestValue>T3spTt7yA4jNY7Ryezw+FDKg7KI=</DigestValue></Reference><Reference URI="#Id-3a2e11e1-a785-4a0e-a856-60bacf50b1b2"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>UyNKdSKXodhzXeahV3DqlQ0Lsus=</DigestValue></Reference><Reference URI="#Id-ab7bb344-42e3-4cce-a0f0-46ca2970bbac"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>NYqSLPhJ15QGGTI4wjL17Uj2hv0=</DigestValue></Reference><Reference URI="#Id-4c2d1d30-d11b-45cb-8a04-f9df5ac18e31"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>XOTVSFEFasQAsjz/WWUDLT7J9/w=</DigestValue></Reference><Reference URI="#Timestamp-261a1fc1-f5c5-4b
> 7e-a087-206a7dc1f18f"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>HupqtNIUXJGgVUXYqqZrjXxXNnM=</DigestValue></Reference><Reference URI="#Id-68b53b42-2fa3-4f29-83c0-a20b37a9dc67"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>1AL+A+b5tHJEOYGjrGRd+9hQgmg=</DigestValue></Reference></SignedInfo><SignatureValue>jJWMCGTGFJB2u+jxuJcLYNPipyz2ohJT3LDrblVUs1WOH5M41EwnzsKQsooMehT6t9eDREo8T2or+r+6kWZiUu5M2WEzSCoRctl/RtFRyNyKUj/L6JSPJZf8dMNzGWi8PtBkWmVscmgv4lN2P5/yP9ZjE87/H5MtL5OP1f/R9Io=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#SecurityToken-82c05b4c-3cb7-4e48-9d87-17a0855ff52b" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference><
> /KeyInfo></Signature></wsse:Security></soap:Header><soap:Body wsu:Id="Id-68b53b42-2fa3-4f29-83c0-a20b37a9dc67"><HelloWorld xmlns="http://www.predict.fr/WebService/" /></soap:Body></soap:Envelope>
>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="UTF-8"?>
><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header>
><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
><wsse:UsernameToken><wsse:Username>login</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">passwd</wsse:Password><wsse:Nonce>Th2UDM2rdNojMlfmomMHSA==</wsse:Nonce><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2005-09-06T16:06:05.620Z</wsu:Created></wsse:UsernameToken><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-14080341">MIIEUzCCAzugAwIBAgIKYfMbZAADAAAAJTANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdQUkVE
>SUNUMB4XDTA1MDkwNDA3NDcyNloXDTA2MDkwNDA3NTcyNlowgZExCzAJBgNVBAYTAkZSMREwDwYD
>VQQIEwhMT1JSQUlORTEQMA4GA1UEBwwHTkFOQ8K1WTEQMA4GA1UEChMHUFJFRElDVDEMMAoGA1UE
>CwwDUiZEMRMwEQYDVQQDEwpDbGllbnQrS2V5MSgwJgYJKoZIhvcNAQkBFhlsYXVyZW50LmNvbGxl
>dEBwcmVkaWN0LmZyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC14Hew360uC9GkQPSzZ+XQ
>r4Zk9IOa6wUAQIgaq7+ihqRUZxcQTmdgiDOtVEJxzzxpNPYDQcf9WvNH98nYPAgd+UdN4ciZi+Fz
>vxAtS0b/bbJXjnWdYvk+rjFBwCowCFdkxqOLUSjrpzZKOD+5pzM7umeS//0gjc2uKLcusN1yoQID
>AQABo4IBrTCCAakwDgYDVR0PAQH/BAQDAgTwMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwIC
>AgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUZoa6oPBG
>vWnEBEbIZP3z3jl41bQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUgsoe0T8pfTsU
>FkMWlHTAkr/beCcwZwYDVR0fBGAwXjBcoFqgWIYpaHR0cDovL3NlcnZlcjA0L0NlcnRFbnJvbGwv
>UFJFRElDVCgzKS5jcmyGK2ZpbGU6Ly9cXHNlcnZlcjA0XENlcnRFbnJvbGxcUFJFRElDVCgzKS5j
>cmwwgZIGCCsGAQUFBwEBBIGFMIGCMD4GCCsGAQUFBzAChjJodHRwOi8vc2VydmVyMDQvQ2VydEVu
>cm9sbC9zZXJ2ZXIwNF9QUkVESUNUKDMpLmNydDBABggrBgEFBQcwAoY0ZmlsZTovL1xcc2VydmVy
>MDRcQ2VydEVucm9sbFxzZXJ2ZXIwNF9QUkVESUNUKDMpLmNydDANBgkqhkiG9w0BAQUFAAOCAQEA
>iF/6mm7GLbekWcORVqf7qQIoOgPpBWZNbzscrARlFo9SwEWQcAVNJXzdlyjODHpqpnpebnN9tj5S
>DfmfPWynctAC0nqewdG8h+7+y8IE3jbl796N1xFqu7uIVNOFe/e4NC8mVEXiwusPLaYGQiXdKRr2
>VzgUlqUSuPujP8wyECjK8FrEyWzKvLiUOm0AIuoRsEaRRHVA1lF9jMu5yiaY/res7Hf+0oDwe6b8
>Bb9F+XrL5ftKae9qhRqu4Slgip9RE0JrkWBY71Z0tkBwyQa8kBEvENjmW2Ax0SfHs4yW2vmM8QIb
>w5Q8bLHNNGQ6f/fDe29rxXw1qmQwepEtVba5aA==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
><ds:SignedInfo>
><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
><ds:Reference URI="#id-17649447">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>s+QF7UNXU8VSzQCksmwKVlLwaU8=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-22908277">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>rxMWfg/LW9O0QBcuVWCkFACbWnQ=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-15860788">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>4p2vzjeEWsCIzpNitxGbBn7zGl4=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-15865423">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>u33Enp/H5yx7EMiyMOK5jM+x6eo=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-26655428">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>0GjL7DmFdE/b5qOoeYzKJZSesL0=</ds:DigestValue>
></ds:Reference>
><ds:Reference URI="#id-12570890">
><ds:Transforms>
><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
></ds:Transforms>
><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
><ds:DigestValue>e6/pBEpVrbPq0przZStS6r7EVQI=</ds:DigestValue>
></ds:Reference>
></ds:SignedInfo>
><ds:SignatureValue>
>rkQUgKW0m/I1nhjiO4TMWePP7sDCA7KgOpTkVEpIkR+NM1ysr88prBGLV9BAKWkIPFOONg80karv
>Kov5mEdBwhZ3zXtWR1sL1qZsKY9jtHRolUggd0kNJ1ZW9bK+bYLjaCm1+KQ67tuIxkepAxLix0CH
>gITMngGXeKDcBtEVdk8=
></ds:SignatureValue>
><ds:KeyInfo Id="KeyId-15313427">
><wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-13842387"><wsse:Reference URI="#CertId-14080341" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference></wsse:SecurityTokenReference>
></ds:KeyInfo>
></ds:Signature>
><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-12570890"><wsu:Created>2005-09-06T16:06:05Z</wsu:Created><wsu:Expires>2005-09-06T16:11:05Z</wsu:Expires></wsu:Timestamp></wsse:Security><wsa:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15860788" soapenv:mustUnderstand="0"></wsa:MessageID><wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-26655428" soapenv:mustUnderstand="0">http://server04/ServiceSecurise/Service1.asmx</wsa:To><wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-22908277" soapenv:mustUnderstand="0">http://www.predict.fr/WebService/HelloWorld</wsa:Action><wsa:From soapenv:mustUnderstand="0"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:From><wsa:
> ReplyTo xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15865423" soapenv:mustUnderstand="0"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address></wsa:ReplyTo></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-17649447"><ns1:helloWorld xmlns:ns1="http://www.predict.fr" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"></ns1:helloWorld></soapenv:Body></soapenv:Envelope>
>
>
>------------------------------------------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
Re: WSS4J and DOTNET
Posted by Laurent COLLET <la...@predict.fr>.
I made different changes since my last mail and here is the result.
There are 2 files dotnet.xml and java.xml. For me there are nearly the
same.. but dotnet.xml works and the other no...
If someone courageous could check a little bit and help me, I will be
very grateful. My idea box is empty! ;)
regards,
Laurent
Davide Romanini a écrit :
>Il giorno mar, 06/09/2005 alle 15.38 +0200, Laurent COLLET ha scritto:
>
>
>
>>as you can see. some elements are missing: ReplyTo, RelatesTo and
>>FaultTo. This elements are missing in the default configuration of the
>>AddressingHandler. So, for instance, I try to found a good tutorial on
>>Apache WS-Addressing...
>>
>>
>>
>
>I think you should manually add the missing addressing headers in the
>client:
>
> AddressingHeaders headers = new AddressingHeaders();
> Action a = new Action(new URI("urn:action"));
> headers.setAction(a);
> EndpointReference epr = new EndpointReference("http://www.apache.org");
> headers.setFaultTo(epr);
> [..]
>
>then you add it in a property field before to make the call:
>
> call.setProperty(Constants.ENV_ADDRESSING_REQUEST_HEADERS, headers);
>
>Then you should be able to sign the headers WSE expects.
>
>I don't know if there's a way to set these fields in the wsdd, in my
>experience I have only used the default headers.
>
>Refer to the ShortTutorial.txt in CVS:
>http://cvs.apache.org/viewcvs.cgi/ws-addressing/ShortTutorial.txt?rev=1.2&view=markup
>
>Bye,
>Davide Romanini
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
>
>
Re: WSS4J and DOTNET
Posted by Laurent COLLET <la...@predict.fr>.
I made different changes since my last mail and here is the result.
There are 2 files dotnet.xml and java.xml. For me there are nearly the
same.. but dotnet.xml works and the other no...
If someone courageous could check a little bit and help me, I will be
very grateful. My idea box is empty! ;)
regards,
Laurent
Davide Romanini a �crit :
>Il giorno mar, 06/09/2005 alle 15.38 +0200, Laurent COLLET ha scritto:
>
>
>
>>as you can see. some elements are missing: ReplyTo, RelatesTo and
>>FaultTo. This elements are missing in the default configuration of the
>>AddressingHandler. So, for instance, I try to found a good tutorial on
>>Apache WS-Addressing...
>>
>>
>>
>
>I think you should manually add the missing addressing headers in the
>client:
>
> AddressingHeaders headers = new AddressingHeaders();
> Action a = new Action(new URI("urn:action"));
> headers.setAction(a);
> EndpointReference epr = new EndpointReference("http://www.apache.org");
> headers.setFaultTo(epr);
> [..]
>
>then you add it in a property field before to make the call:
>
> call.setProperty(Constants.ENV_ADDRESSING_REQUEST_HEADERS, headers);
>
>Then you should be able to sign the headers WSE expects.
>
>I don't know if there's a way to set these fields in the wsdd, in my
>experience I have only used the default headers.
>
>Refer to the ShortTutorial.txt in CVS:
>http://cvs.apache.org/viewcvs.cgi/ws-addressing/ShortTutorial.txt?rev=1.2&view=markup
>
>Bye,
>Davide Romanini
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
>
>
Re: WSS4J and DOTNET
Posted by Davide Romanini <d....@cineca.it>.
Il giorno mar, 06/09/2005 alle 15.38 +0200, Laurent COLLET ha scritto:
> as you can see. some elements are missing: ReplyTo, RelatesTo and
> FaultTo. This elements are missing in the default configuration of the
> AddressingHandler. So, for instance, I try to found a good tutorial on
> Apache WS-Addressing...
>
I think you should manually add the missing addressing headers in the
client:
AddressingHeaders headers = new AddressingHeaders();
Action a = new Action(new URI("urn:action"));
headers.setAction(a);
EndpointReference epr = new EndpointReference("http://www.apache.org");
headers.setFaultTo(epr);
[..]
then you add it in a property field before to make the call:
call.setProperty(Constants.ENV_ADDRESSING_REQUEST_HEADERS, headers);
Then you should be able to sign the headers WSE expects.
I don't know if there's a way to set these fields in the wsdd, in my
experience I have only used the default headers.
Refer to the ShortTutorial.txt in CVS:
http://cvs.apache.org/viewcvs.cgi/ws-addressing/ShortTutorial.txt?rev=1.2&view=markup
Bye,
Davide Romanini
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J and DOTNET
Posted by Davide Romanini <d....@cineca.it>.
Il giorno mar, 06/09/2005 alle 15.38 +0200, Laurent COLLET ha scritto:
> as you can see. some elements are missing: ReplyTo, RelatesTo and
> FaultTo. This elements are missing in the default configuration of the
> AddressingHandler. So, for instance, I try to found a good tutorial on
> Apache WS-Addressing...
>
I think you should manually add the missing addressing headers in the
client:
AddressingHeaders headers = new AddressingHeaders();
Action a = new Action(new URI("urn:action"));
headers.setAction(a);
EndpointReference epr = new EndpointReference("http://www.apache.org");
headers.setFaultTo(epr);
[..]
then you add it in a property field before to make the call:
call.setProperty(Constants.ENV_ADDRESSING_REQUEST_HEADERS, headers);
Then you should be able to sign the headers WSE expects.
I don't know if there's a way to set these fields in the wsdd, in my
experience I have only used the default headers.
Refer to the ShortTutorial.txt in CVS:
http://cvs.apache.org/viewcvs.cgi/ws-addressing/ShortTutorial.txt?rev=1.2&view=markup
Bye,
Davide Romanini
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J and DOTNET
Posted by Laurent COLLET <la...@predict.fr>.
I search for information signed in the policy.config file on .Net server
and I found this list:
wsp:Body()
wsp:Header(wsa:Action)
wsp:Header(wsa:FaultTo)
wsp:Header(wsa:From)
wsp:Header(wsa:MessageID)
wsp:Header(wsa:RelatesTo)
wsp:Header(wsa:ReplyTo)
wsp:Header(wsa:To)
wse:Timestamp
so I changed my wsdd client file to
...
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Timestamp Signature" />
<parameter name="user"
value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
/>
<parameter name="passwordCallbackClass"
value="ws.PWCallback" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="signatureParts" value="
{Element}{}Body;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}From;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"
/>
<parameter name="signatureKeyIdentifier"
value="DirectReference" />
</handler>
...
the result is:
6 sept. 2005 15:35:05
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
Erreur: L'en-tête SOAP Security n'a pas été reconnu. (SOAP Security
Header was not recognized)
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}MustUnderstand
faultSubcode:
faultString: L'en-tête SOAP Security n'a pas été reconnu.
faultActor:
faultNode:
faultDetail:
as you can see. some elements are missing: ReplyTo, RelatesTo and
FaultTo. This elements are missing in the default configuration of the
AddressingHandler. So, for instance, I try to found a good tutorial on
Apache WS-Addressing...
regards,
Laurent
Werner Dittmann a écrit :
>Sorry - small typo:
>IMO this is _not_ a wrong Signature or similar. ...
>
>Werner
>
>Werner Dittmann wrote:
>
>
>>Laurent,
>>
>>IMO this is a wrong SIgnature or similar. The .Net client
>>uses the WS-Address specfication to set up its request. Also
>>the .Net server expects a request with WS-Address elements.
>>
>>There is a WS-Address implementation for Apache. Maybe you
>>can use this. Also some people on this list use it to
>>work with .Net servers / .Net clients.
>>
>>Regards,
>>Werner
>>
>>Laurent COLLET wrote:
>>
>>
>>
>>>Hi,
>>>
>>>I work on testing interoperability between Java and .net WebServices. At
>>>present, my main problem is to sign request.
>>>
>>>My client can send a signed request to the server, but the server
>>>response with a soap error:
>>>:
>>>(snippet of the result on the client side)
>>>Erreur: WSE402: The message does not conform to the policy it was mapped to.
>>>AxisFault
>>>faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
>>>faultSubcode:
>>>faultString: WSE402: The message does not conform to the policy it was
>>>mapped to.
>>>faultActor: http://server04/ServiceSecurise/Service1.asmx
>>>faultNode:
>>>faultDetail:
>>> {http://xml.apache.org/axis/}stackTrace:WSE402: The message does not
>>>conform to the policy it was mapped to.
>>> at
>>>org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
>>> at
>>>org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
>>> at
>>>org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
>>> at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
>>>Source)
>>> at
>>>org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
>>>Source)
>>> at
>>>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
>>>Source)
>>> at
>>>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
>>>Source)
>>> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>>> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>>> at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>>> at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
>>> at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
>>>Source)
>>> at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
>>> at
>>>org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
>>> at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
>>> at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
>>> at
>>>org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse(AddressingHandler.java:300)
>>> at
>>>org.apache.axis.message.addressing.handler.AddressingHandler.invoke(AddressingHandler.java:110)
>>> at
>>>org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
>>> at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
>>> at org.apache.axis.client.Call.invoke(Call.java:2748)
>>> at org.apache.axis.client.Call.invoke(Call.java:2424)
>>> at org.apache.axis.client.Call.invoke(Call.java:2347)
>>> at org.apache.axis.client.Call.invoke(Call.java:1804)
>>> at
>>>wss.Service1Soap_BindingStub.helloWorld(Service1Soap_BindingStub.java:115)
>>> at ws.Main.main(Main.java:102)
>>>
>>>I checked all the certificate and the policy on the server is correct:
>>>I catch the xml message from the Java Client and from the .net Client.
>>>Here is the main difference between the 2 files:
>>>
>>>
>>>WSS4J CLIENT:
>>>...
>>>- <#> <ds:Signature xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*">
>>><ds:SignedInfo>
>>> <ds:CanonicalizationMethod
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> <ds:SignatureMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>>>- <#> <ds:Reference URI="*#id-20259687*">
>>>- <#> <ds:Transforms>
>>> <ds:Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </ds:Transforms>
>>> <ds:DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <ds:DigestValue>V9LIVl8g9d9u1dvhWrcUwXHJu/8=</ds:DigestValue>
>>> </ds:Reference>
>>> </ds:SignedInfo>
>>>
>>><ds:SignatureValue>VDg9rKbO2cGkoMvmaHNxL5bnLki+A41AsiPd3PZakFtic3XLmrQ42jiwFufqkJXkZDubzPzQCyTM
>>>OBI5De6Ub+mK81c6BsO6qrKiJjLP+tZuSPMjqwwFjxE06qnCoLlqhgewJ7MIaO+EvertTffiFgSl
>>>xMAZNsL9XoMWGX7bSbU=</ds:SignatureValue>
>>>- <#> <ds:KeyInfo Id="*KeyId-14625088*">
>>>- <#> <wsse:SecurityTokenReference
>>>xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*"
>>>wsu:Id="*STRId-22908277*">
>>> <wsse:Reference URI="*#CertId-14080341*"
>>>ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*"
>>>/>
>>> </wsse:SecurityTokenReference>
>>> </ds:KeyInfo>
>>> </ds:Signature>
>>></wsse:Security>
>>>...
>>>
>>>
>>>.NET CLIENT
>>>...
>>><<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*">
>>>- <#> <SignedInfo>
>>> <ds:CanonicalizationMethod
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"
>>>xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*" />
>>> <SignatureMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>>>- <#> <Reference URI="*#Id-8c11c53d-dd74-44c3-9cec-e76163be1c44*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>v4Te1liHeznwsXqfYThWz4/oGY8=</DigestValue>
>>> </Reference>
>>>- <#> <Reference URI="*#Id-d5c91450-9be5-4c20-a11e-ad4dbfa9b6df*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>t9W3z0PflXfGh/dhTekRC/32PqM=</DigestValue>
>>> </Reference>
>>>- <#> <Reference URI="*#Id-86fd872f-fcf8-4874-9649-c424546078f1*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>bX3Xibb7JA1TAAZFLjxwwWAxJus=</DigestValue>
>>> </Reference>
>>>- <#> <Reference URI="*#Id-d2416533-130a-48f0-99d7-9d93acd664f9*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>xApDHcXdNXowrCxORsCYZbIKiLs=</DigestValue>
>>> </Reference>
>>>- <#> <Reference
>>>URI="*#Timestamp-7d5835ff-7a51-4fab-9cd9-a5f4edcf4496*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>w22vEmgmXpdiNBkZXtZRj1Yp2Zk=</DigestValue>
>>> </Reference>
>>>- <#> <Reference URI="*#Id-59bb037e-d745-4d0d-90f3-9414e74d7954*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>WghIsez5aKicT4HXUSDFq+YkTUA=</DigestValue>
>>> </Reference>
>>></SignedInfo>
>>> ...
>>>
>>>
>>>As you can see there is much more reference on the .NET CLIENT.
>>>
>>>My questions:
>>>- Do you think that the error message come from this lack of reference?
>>>- How is it possible to change the configuration of my Java Client to
>>>make possible the interop?
>>>
>>>
>>>Here is my WSDD file:
>>><?xml version="1.0" encoding="UTF-8"?>
>>><deployment xmlns="http://xml.apache.org/axis/wsdd/"
>>>xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>>> <transport name="http"
>>>pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>>> <globalConfiguration>
>>> <requestFlow>
>>><!-- ADDRESSING -->
>>> <handler
>>>type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
>>><!-- SECURITY -->
>>> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
>>> <parameter name="action" value="Signature" />
>>> <parameter name="user"
>>>value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
>>>/>
>>> <parameter name="passwordCallbackClass"
>>>value="ws.PWCallback" />
>>> <parameter name="signaturePropFile"
>>>value="crypto.properties" />
>>> <parameter name="signatureKeyIdentifier"
>>>value="DirectReference" />
>>> </handler>
>>> <handler
>>>type="java:org.apache.ws.axis.security.WSDoAllSender"><!-- OK -->
>>> <parameter name="action" value="UsernameToken Timestamp" />
>>> <parameter name="user" value="login" />
>>> <parameter name="passwordCallbackClass"
>>>value="ws.PWCallback" />
>>> <parameter name="passwordType" value="PasswordText"
>>>/><!-- PasswordDigest -->
>>> <parameter name="addUTElements" value="Nonce Created" />
>>> </handler>
>>> </requestFlow>
>>> <responseFlow>
>>> <handler
>>>type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
>>> </responseFlow>
>>> </globalConfiguration>
>>></deployment>
>>>
>>>Thanks for your help.
>>>
>>>Regards,
>>>Laurent
>>>
>>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J and DOTNET
Posted by Laurent COLLET <la...@predict.fr>.
I search for information signed in the policy.config file on .Net server
and I found this list:
wsp:Body()
wsp:Header(wsa:Action)
wsp:Header(wsa:FaultTo)
wsp:Header(wsa:From)
wsp:Header(wsa:MessageID)
wsp:Header(wsa:RelatesTo)
wsp:Header(wsa:ReplyTo)
wsp:Header(wsa:To)
wse:Timestamp
so I changed my wsdd client file to
...
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Timestamp Signature" />
<parameter name="user"
value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
/>
<parameter name="passwordCallbackClass"
value="ws.PWCallback" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="signatureParts" value="
{Element}{}Body;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}From;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"
/>
<parameter name="signatureKeyIdentifier"
value="DirectReference" />
</handler>
...
the result is:
6 sept. 2005 15:35:05
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
Erreur: L'en-tête SOAP Security n'a pas été reconnu. (SOAP Security
Header was not recognized)
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}MustUnderstand
faultSubcode:
faultString: L'en-tête SOAP Security n'a pas été reconnu.
faultActor:
faultNode:
faultDetail:
as you can see. some elements are missing: ReplyTo, RelatesTo and
FaultTo. This elements are missing in the default configuration of the
AddressingHandler. So, for instance, I try to found a good tutorial on
Apache WS-Addressing...
regards,
Laurent
Werner Dittmann a écrit :
>Sorry - small typo:
>IMO this is _not_ a wrong Signature or similar. ...
>
>Werner
>
>Werner Dittmann wrote:
>
>
>>Laurent,
>>
>>IMO this is a wrong SIgnature or similar. The .Net client
>>uses the WS-Address specfication to set up its request. Also
>>the .Net server expects a request with WS-Address elements.
>>
>>There is a WS-Address implementation for Apache. Maybe you
>>can use this. Also some people on this list use it to
>>work with .Net servers / .Net clients.
>>
>>Regards,
>>Werner
>>
>>Laurent COLLET wrote:
>>
>>
>>
>>>Hi,
>>>
>>>I work on testing interoperability between Java and .net WebServices. At
>>>present, my main problem is to sign request.
>>>
>>>My client can send a signed request to the server, but the server
>>>response with a soap error:
>>>:
>>>(snippet of the result on the client side)
>>>Erreur: WSE402: The message does not conform to the policy it was mapped to.
>>>AxisFault
>>>faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
>>>faultSubcode:
>>>faultString: WSE402: The message does not conform to the policy it was
>>>mapped to.
>>>faultActor: http://server04/ServiceSecurise/Service1.asmx
>>>faultNode:
>>>faultDetail:
>>> {http://xml.apache.org/axis/}stackTrace:WSE402: The message does not
>>>conform to the policy it was mapped to.
>>> at
>>>org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
>>> at
>>>org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
>>> at
>>>org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
>>> at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
>>>Source)
>>> at
>>>org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
>>>Source)
>>> at
>>>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
>>>Source)
>>> at
>>>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
>>>Source)
>>> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>>> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>>> at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>>> at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
>>> at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
>>>Source)
>>> at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
>>> at
>>>org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
>>> at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
>>> at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
>>> at
>>>org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse(AddressingHandler.java:300)
>>> at
>>>org.apache.axis.message.addressing.handler.AddressingHandler.invoke(AddressingHandler.java:110)
>>> at
>>>org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
>>> at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
>>> at org.apache.axis.client.Call.invoke(Call.java:2748)
>>> at org.apache.axis.client.Call.invoke(Call.java:2424)
>>> at org.apache.axis.client.Call.invoke(Call.java:2347)
>>> at org.apache.axis.client.Call.invoke(Call.java:1804)
>>> at
>>>wss.Service1Soap_BindingStub.helloWorld(Service1Soap_BindingStub.java:115)
>>> at ws.Main.main(Main.java:102)
>>>
>>>I checked all the certificate and the policy on the server is correct:
>>>I catch the xml message from the Java Client and from the .net Client.
>>>Here is the main difference between the 2 files:
>>>
>>>
>>>WSS4J CLIENT:
>>>...
>>>- <#> <ds:Signature xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*">
>>><ds:SignedInfo>
>>> <ds:CanonicalizationMethod
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> <ds:SignatureMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>>>- <#> <ds:Reference URI="*#id-20259687*">
>>>- <#> <ds:Transforms>
>>> <ds:Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </ds:Transforms>
>>> <ds:DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <ds:DigestValue>V9LIVl8g9d9u1dvhWrcUwXHJu/8=</ds:DigestValue>
>>> </ds:Reference>
>>> </ds:SignedInfo>
>>>
>>><ds:SignatureValue>VDg9rKbO2cGkoMvmaHNxL5bnLki+A41AsiPd3PZakFtic3XLmrQ42jiwFufqkJXkZDubzPzQCyTM
>>>OBI5De6Ub+mK81c6BsO6qrKiJjLP+tZuSPMjqwwFjxE06qnCoLlqhgewJ7MIaO+EvertTffiFgSl
>>>xMAZNsL9XoMWGX7bSbU=</ds:SignatureValue>
>>>- <#> <ds:KeyInfo Id="*KeyId-14625088*">
>>>- <#> <wsse:SecurityTokenReference
>>>xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*"
>>>wsu:Id="*STRId-22908277*">
>>> <wsse:Reference URI="*#CertId-14080341*"
>>>ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*"
>>>/>
>>> </wsse:SecurityTokenReference>
>>> </ds:KeyInfo>
>>> </ds:Signature>
>>></wsse:Security>
>>>...
>>>
>>>
>>>.NET CLIENT
>>>...
>>><<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*">
>>>- <#> <SignedInfo>
>>> <ds:CanonicalizationMethod
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"
>>>xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*" />
>>> <SignatureMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>>>- <#> <Reference URI="*#Id-8c11c53d-dd74-44c3-9cec-e76163be1c44*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>v4Te1liHeznwsXqfYThWz4/oGY8=</DigestValue>
>>> </Reference>
>>>- <#> <Reference URI="*#Id-d5c91450-9be5-4c20-a11e-ad4dbfa9b6df*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>t9W3z0PflXfGh/dhTekRC/32PqM=</DigestValue>
>>> </Reference>
>>>- <#> <Reference URI="*#Id-86fd872f-fcf8-4874-9649-c424546078f1*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>bX3Xibb7JA1TAAZFLjxwwWAxJus=</DigestValue>
>>> </Reference>
>>>- <#> <Reference URI="*#Id-d2416533-130a-48f0-99d7-9d93acd664f9*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>xApDHcXdNXowrCxORsCYZbIKiLs=</DigestValue>
>>> </Reference>
>>>- <#> <Reference
>>>URI="*#Timestamp-7d5835ff-7a51-4fab-9cd9-a5f4edcf4496*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>w22vEmgmXpdiNBkZXtZRj1Yp2Zk=</DigestValue>
>>> </Reference>
>>>- <#> <Reference URI="*#Id-59bb037e-d745-4d0d-90f3-9414e74d7954*">
>>>- <#> <Transforms>
>>> <Transform
>>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>>> </Transforms>
>>> <DigestMethod
>>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>>> <DigestValue>WghIsez5aKicT4HXUSDFq+YkTUA=</DigestValue>
>>> </Reference>
>>></SignedInfo>
>>> ...
>>>
>>>
>>>As you can see there is much more reference on the .NET CLIENT.
>>>
>>>My questions:
>>>- Do you think that the error message come from this lack of reference?
>>>- How is it possible to change the configuration of my Java Client to
>>>make possible the interop?
>>>
>>>
>>>Here is my WSDD file:
>>><?xml version="1.0" encoding="UTF-8"?>
>>><deployment xmlns="http://xml.apache.org/axis/wsdd/"
>>>xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>>> <transport name="http"
>>>pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>>> <globalConfiguration>
>>> <requestFlow>
>>><!-- ADDRESSING -->
>>> <handler
>>>type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
>>><!-- SECURITY -->
>>> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
>>> <parameter name="action" value="Signature" />
>>> <parameter name="user"
>>>value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
>>>/>
>>> <parameter name="passwordCallbackClass"
>>>value="ws.PWCallback" />
>>> <parameter name="signaturePropFile"
>>>value="crypto.properties" />
>>> <parameter name="signatureKeyIdentifier"
>>>value="DirectReference" />
>>> </handler>
>>> <handler
>>>type="java:org.apache.ws.axis.security.WSDoAllSender"><!-- OK -->
>>> <parameter name="action" value="UsernameToken Timestamp" />
>>> <parameter name="user" value="login" />
>>> <parameter name="passwordCallbackClass"
>>>value="ws.PWCallback" />
>>> <parameter name="passwordType" value="PasswordText"
>>>/><!-- PasswordDigest -->
>>> <parameter name="addUTElements" value="Nonce Created" />
>>> </handler>
>>> </requestFlow>
>>> <responseFlow>
>>> <handler
>>>type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
>>> </responseFlow>
>>> </globalConfiguration>
>>></deployment>
>>>
>>>Thanks for your help.
>>>
>>>Regards,
>>>Laurent
>>>
>>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J and DOTNET
Posted by Werner Dittmann <We...@t-online.de>.
Sorry - small typo:
IMO this is _not_ a wrong Signature or similar. ...
Werner
Werner Dittmann wrote:
> Laurent,
>
> IMO this is a wrong SIgnature or similar. The .Net client
> uses the WS-Address specfication to set up its request. Also
> the .Net server expects a request with WS-Address elements.
>
> There is a WS-Address implementation for Apache. Maybe you
> can use this. Also some people on this list use it to
> work with .Net servers / .Net clients.
>
> Regards,
> Werner
>
> Laurent COLLET wrote:
>
>>Hi,
>>
>>I work on testing interoperability between Java and .net WebServices. At
>>present, my main problem is to sign request.
>>
>>My client can send a signed request to the server, but the server
>>response with a soap error:
>>:
>>(snippet of the result on the client side)
>>Erreur: WSE402: The message does not conform to the policy it was mapped to.
>>AxisFault
>> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
>> faultSubcode:
>> faultString: WSE402: The message does not conform to the policy it was
>>mapped to.
>> faultActor: http://server04/ServiceSecurise/Service1.asmx
>> faultNode:
>> faultDetail:
>> {http://xml.apache.org/axis/}stackTrace:WSE402: The message does not
>>conform to the policy it was mapped to.
>> at
>>org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
>> at
>>org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
>> at
>>org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
>> at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
>>Source)
>> at
>>org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
>>Source)
>> at
>>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
>>Source)
>> at
>>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
>>Source)
>> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>> at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>> at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
>> at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
>>Source)
>> at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
>> at
>>org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
>> at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
>> at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
>> at
>>org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse(AddressingHandler.java:300)
>> at
>>org.apache.axis.message.addressing.handler.AddressingHandler.invoke(AddressingHandler.java:110)
>> at
>>org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
>> at org.apache.axis.client.Call.invoke(Call.java:2748)
>> at org.apache.axis.client.Call.invoke(Call.java:2424)
>> at org.apache.axis.client.Call.invoke(Call.java:2347)
>> at org.apache.axis.client.Call.invoke(Call.java:1804)
>> at
>>wss.Service1Soap_BindingStub.helloWorld(Service1Soap_BindingStub.java:115)
>> at ws.Main.main(Main.java:102)
>>
>>I checked all the certificate and the policy on the server is correct:
>>I catch the xml message from the Java Client and from the .net Client.
>>Here is the main difference between the 2 files:
>>
>>
>>WSS4J CLIENT:
>>...
>>- <#> <ds:Signature xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*">
>><ds:SignedInfo>
>> <ds:CanonicalizationMethod
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> <ds:SignatureMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>>- <#> <ds:Reference URI="*#id-20259687*">
>>- <#> <ds:Transforms>
>> <ds:Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </ds:Transforms>
>> <ds:DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <ds:DigestValue>V9LIVl8g9d9u1dvhWrcUwXHJu/8=</ds:DigestValue>
>> </ds:Reference>
>> </ds:SignedInfo>
>>
>><ds:SignatureValue>VDg9rKbO2cGkoMvmaHNxL5bnLki+A41AsiPd3PZakFtic3XLmrQ42jiwFufqkJXkZDubzPzQCyTM
>>OBI5De6Ub+mK81c6BsO6qrKiJjLP+tZuSPMjqwwFjxE06qnCoLlqhgewJ7MIaO+EvertTffiFgSl
>>xMAZNsL9XoMWGX7bSbU=</ds:SignatureValue>
>>- <#> <ds:KeyInfo Id="*KeyId-14625088*">
>>- <#> <wsse:SecurityTokenReference
>>xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*"
>>wsu:Id="*STRId-22908277*">
>> <wsse:Reference URI="*#CertId-14080341*"
>>ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*"
>>/>
>> </wsse:SecurityTokenReference>
>> </ds:KeyInfo>
>> </ds:Signature>
>></wsse:Security>
>>...
>>
>>
>>.NET CLIENT
>>...
>><<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*">
>>- <#> <SignedInfo>
>> <ds:CanonicalizationMethod
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"
>>xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*" />
>> <SignatureMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>>- <#> <Reference URI="*#Id-8c11c53d-dd74-44c3-9cec-e76163be1c44*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>v4Te1liHeznwsXqfYThWz4/oGY8=</DigestValue>
>> </Reference>
>>- <#> <Reference URI="*#Id-d5c91450-9be5-4c20-a11e-ad4dbfa9b6df*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>t9W3z0PflXfGh/dhTekRC/32PqM=</DigestValue>
>> </Reference>
>>- <#> <Reference URI="*#Id-86fd872f-fcf8-4874-9649-c424546078f1*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>bX3Xibb7JA1TAAZFLjxwwWAxJus=</DigestValue>
>> </Reference>
>>- <#> <Reference URI="*#Id-d2416533-130a-48f0-99d7-9d93acd664f9*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>xApDHcXdNXowrCxORsCYZbIKiLs=</DigestValue>
>> </Reference>
>>- <#> <Reference
>>URI="*#Timestamp-7d5835ff-7a51-4fab-9cd9-a5f4edcf4496*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>w22vEmgmXpdiNBkZXtZRj1Yp2Zk=</DigestValue>
>> </Reference>
>>- <#> <Reference URI="*#Id-59bb037e-d745-4d0d-90f3-9414e74d7954*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>WghIsez5aKicT4HXUSDFq+YkTUA=</DigestValue>
>> </Reference>
>></SignedInfo>
>> ...
>>
>>
>>As you can see there is much more reference on the .NET CLIENT.
>>
>>My questions:
>>- Do you think that the error message come from this lack of reference?
>>- How is it possible to change the configuration of my Java Client to
>>make possible the interop?
>>
>>
>>Here is my WSDD file:
>><?xml version="1.0" encoding="UTF-8"?>
>><deployment xmlns="http://xml.apache.org/axis/wsdd/"
>>xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>> <transport name="http"
>>pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>> <globalConfiguration>
>> <requestFlow>
>><!-- ADDRESSING -->
>> <handler
>>type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
>><!-- SECURITY -->
>> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
>> <parameter name="action" value="Signature" />
>> <parameter name="user"
>>value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
>>/>
>> <parameter name="passwordCallbackClass"
>>value="ws.PWCallback" />
>> <parameter name="signaturePropFile"
>>value="crypto.properties" />
>> <parameter name="signatureKeyIdentifier"
>>value="DirectReference" />
>> </handler>
>> <handler
>>type="java:org.apache.ws.axis.security.WSDoAllSender"><!-- OK -->
>> <parameter name="action" value="UsernameToken Timestamp" />
>> <parameter name="user" value="login" />
>> <parameter name="passwordCallbackClass"
>>value="ws.PWCallback" />
>> <parameter name="passwordType" value="PasswordText"
>>/><!-- PasswordDigest -->
>> <parameter name="addUTElements" value="Nonce Created" />
>> </handler>
>> </requestFlow>
>> <responseFlow>
>> <handler
>>type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
>> </responseFlow>
>> </globalConfiguration>
>></deployment>
>>
>>Thanks for your help.
>>
>>Regards,
>>Laurent
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J and DOTNET
Posted by Werner Dittmann <We...@t-online.de>.
Sorry - small typo:
IMO this is _not_ a wrong Signature or similar. ...
Werner
Werner Dittmann wrote:
> Laurent,
>
> IMO this is a wrong SIgnature or similar. The .Net client
> uses the WS-Address specfication to set up its request. Also
> the .Net server expects a request with WS-Address elements.
>
> There is a WS-Address implementation for Apache. Maybe you
> can use this. Also some people on this list use it to
> work with .Net servers / .Net clients.
>
> Regards,
> Werner
>
> Laurent COLLET wrote:
>
>>Hi,
>>
>>I work on testing interoperability between Java and .net WebServices. At
>>present, my main problem is to sign request.
>>
>>My client can send a signed request to the server, but the server
>>response with a soap error:
>>:
>>(snippet of the result on the client side)
>>Erreur: WSE402: The message does not conform to the policy it was mapped to.
>>AxisFault
>> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
>> faultSubcode:
>> faultString: WSE402: The message does not conform to the policy it was
>>mapped to.
>> faultActor: http://server04/ServiceSecurise/Service1.asmx
>> faultNode:
>> faultDetail:
>> {http://xml.apache.org/axis/}stackTrace:WSE402: The message does not
>>conform to the policy it was mapped to.
>> at
>>org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
>> at
>>org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
>> at
>>org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
>> at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
>>Source)
>> at
>>org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
>>Source)
>> at
>>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
>>Source)
>> at
>>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
>>Source)
>> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>> at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>> at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
>> at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
>>Source)
>> at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
>> at
>>org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
>> at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
>> at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
>> at
>>org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse(AddressingHandler.java:300)
>> at
>>org.apache.axis.message.addressing.handler.AddressingHandler.invoke(AddressingHandler.java:110)
>> at
>>org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
>> at org.apache.axis.client.Call.invoke(Call.java:2748)
>> at org.apache.axis.client.Call.invoke(Call.java:2424)
>> at org.apache.axis.client.Call.invoke(Call.java:2347)
>> at org.apache.axis.client.Call.invoke(Call.java:1804)
>> at
>>wss.Service1Soap_BindingStub.helloWorld(Service1Soap_BindingStub.java:115)
>> at ws.Main.main(Main.java:102)
>>
>>I checked all the certificate and the policy on the server is correct:
>>I catch the xml message from the Java Client and from the .net Client.
>>Here is the main difference between the 2 files:
>>
>>
>>WSS4J CLIENT:
>>...
>>- <#> <ds:Signature xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*">
>><ds:SignedInfo>
>> <ds:CanonicalizationMethod
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> <ds:SignatureMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>>- <#> <ds:Reference URI="*#id-20259687*">
>>- <#> <ds:Transforms>
>> <ds:Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </ds:Transforms>
>> <ds:DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <ds:DigestValue>V9LIVl8g9d9u1dvhWrcUwXHJu/8=</ds:DigestValue>
>> </ds:Reference>
>> </ds:SignedInfo>
>>
>><ds:SignatureValue>VDg9rKbO2cGkoMvmaHNxL5bnLki+A41AsiPd3PZakFtic3XLmrQ42jiwFufqkJXkZDubzPzQCyTM
>>OBI5De6Ub+mK81c6BsO6qrKiJjLP+tZuSPMjqwwFjxE06qnCoLlqhgewJ7MIaO+EvertTffiFgSl
>>xMAZNsL9XoMWGX7bSbU=</ds:SignatureValue>
>>- <#> <ds:KeyInfo Id="*KeyId-14625088*">
>>- <#> <wsse:SecurityTokenReference
>>xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*"
>>wsu:Id="*STRId-22908277*">
>> <wsse:Reference URI="*#CertId-14080341*"
>>ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*"
>>/>
>> </wsse:SecurityTokenReference>
>> </ds:KeyInfo>
>> </ds:Signature>
>></wsse:Security>
>>...
>>
>>
>>.NET CLIENT
>>...
>><<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*">
>>- <#> <SignedInfo>
>> <ds:CanonicalizationMethod
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"
>>xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*" />
>> <SignatureMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>>- <#> <Reference URI="*#Id-8c11c53d-dd74-44c3-9cec-e76163be1c44*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>v4Te1liHeznwsXqfYThWz4/oGY8=</DigestValue>
>> </Reference>
>>- <#> <Reference URI="*#Id-d5c91450-9be5-4c20-a11e-ad4dbfa9b6df*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>t9W3z0PflXfGh/dhTekRC/32PqM=</DigestValue>
>> </Reference>
>>- <#> <Reference URI="*#Id-86fd872f-fcf8-4874-9649-c424546078f1*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>bX3Xibb7JA1TAAZFLjxwwWAxJus=</DigestValue>
>> </Reference>
>>- <#> <Reference URI="*#Id-d2416533-130a-48f0-99d7-9d93acd664f9*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>xApDHcXdNXowrCxORsCYZbIKiLs=</DigestValue>
>> </Reference>
>>- <#> <Reference
>>URI="*#Timestamp-7d5835ff-7a51-4fab-9cd9-a5f4edcf4496*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>w22vEmgmXpdiNBkZXtZRj1Yp2Zk=</DigestValue>
>> </Reference>
>>- <#> <Reference URI="*#Id-59bb037e-d745-4d0d-90f3-9414e74d7954*">
>>- <#> <Transforms>
>> <Transform
>>Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
>> </Transforms>
>> <DigestMethod
>>Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
>> <DigestValue>WghIsez5aKicT4HXUSDFq+YkTUA=</DigestValue>
>> </Reference>
>></SignedInfo>
>> ...
>>
>>
>>As you can see there is much more reference on the .NET CLIENT.
>>
>>My questions:
>>- Do you think that the error message come from this lack of reference?
>>- How is it possible to change the configuration of my Java Client to
>>make possible the interop?
>>
>>
>>Here is my WSDD file:
>><?xml version="1.0" encoding="UTF-8"?>
>><deployment xmlns="http://xml.apache.org/axis/wsdd/"
>>xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>> <transport name="http"
>>pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>> <globalConfiguration>
>> <requestFlow>
>><!-- ADDRESSING -->
>> <handler
>>type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
>><!-- SECURITY -->
>> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
>> <parameter name="action" value="Signature" />
>> <parameter name="user"
>>value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
>>/>
>> <parameter name="passwordCallbackClass"
>>value="ws.PWCallback" />
>> <parameter name="signaturePropFile"
>>value="crypto.properties" />
>> <parameter name="signatureKeyIdentifier"
>>value="DirectReference" />
>> </handler>
>> <handler
>>type="java:org.apache.ws.axis.security.WSDoAllSender"><!-- OK -->
>> <parameter name="action" value="UsernameToken Timestamp" />
>> <parameter name="user" value="login" />
>> <parameter name="passwordCallbackClass"
>>value="ws.PWCallback" />
>> <parameter name="passwordType" value="PasswordText"
>>/><!-- PasswordDigest -->
>> <parameter name="addUTElements" value="Nonce Created" />
>> </handler>
>> </requestFlow>
>> <responseFlow>
>> <handler
>>type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
>> </responseFlow>
>> </globalConfiguration>
>></deployment>
>>
>>Thanks for your help.
>>
>>Regards,
>>Laurent
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J and DOTNET
Posted by Werner Dittmann <We...@t-online.de>.
Laurent,
IMO this is a wrong SIgnature or similar. The .Net client
uses the WS-Address specfication to set up its request. Also
the .Net server expects a request with WS-Address elements.
There is a WS-Address implementation for Apache. Maybe you
can use this. Also some people on this list use it to
work with .Net servers / .Net clients.
Regards,
Werner
Laurent COLLET wrote:
> Hi,
>
> I work on testing interoperability between Java and .net WebServices. At
> present, my main problem is to sign request.
>
> My client can send a signed request to the server, but the server
> response with a soap error:
> :
> (snippet of the result on the client side)
> Erreur: WSE402: The message does not conform to the policy it was mapped to.
> AxisFault
> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
> faultSubcode:
> faultString: WSE402: The message does not conform to the policy it was
> mapped to.
> faultActor: http://server04/ServiceSecurise/Service1.asmx
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:WSE402: The message does not
> conform to the policy it was mapped to.
> at
> org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
> at
> org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
> at
> org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
> at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
> Source)
> at
> org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
> Source)
> at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
> Source)
> at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
> Source)
> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
> at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
> at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
> at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
> Source)
> at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
> at
> org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
> at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
> at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
> at
> org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse(AddressingHandler.java:300)
> at
> org.apache.axis.message.addressing.handler.AddressingHandler.invoke(AddressingHandler.java:110)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
> at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> at org.apache.axis.client.Call.invoke(Call.java:2748)
> at org.apache.axis.client.Call.invoke(Call.java:2424)
> at org.apache.axis.client.Call.invoke(Call.java:2347)
> at org.apache.axis.client.Call.invoke(Call.java:1804)
> at
> wss.Service1Soap_BindingStub.helloWorld(Service1Soap_BindingStub.java:115)
> at ws.Main.main(Main.java:102)
>
> I checked all the certificate and the policy on the server is correct:
> I catch the xml message from the Java Client and from the .net Client.
> Here is the main difference between the 2 files:
>
>
> WSS4J CLIENT:
> ...
> - <#> <ds:Signature xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> <ds:SignatureMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
> - <#> <ds:Reference URI="*#id-20259687*">
> - <#> <ds:Transforms>
> <ds:Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <ds:DigestValue>V9LIVl8g9d9u1dvhWrcUwXHJu/8=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
> <ds:SignatureValue>VDg9rKbO2cGkoMvmaHNxL5bnLki+A41AsiPd3PZakFtic3XLmrQ42jiwFufqkJXkZDubzPzQCyTM
> OBI5De6Ub+mK81c6BsO6qrKiJjLP+tZuSPMjqwwFjxE06qnCoLlqhgewJ7MIaO+EvertTffiFgSl
> xMAZNsL9XoMWGX7bSbU=</ds:SignatureValue>
> - <#> <ds:KeyInfo Id="*KeyId-14625088*">
> - <#> <wsse:SecurityTokenReference
> xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*"
> wsu:Id="*STRId-22908277*">
> <wsse:Reference URI="*#CertId-14080341*"
> ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*"
> />
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> </wsse:Security>
> ...
>
>
> .NET CLIENT
> ...
> <<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*">
> - <#> <SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"
> xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*" />
> <SignatureMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
> - <#> <Reference URI="*#Id-8c11c53d-dd74-44c3-9cec-e76163be1c44*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>v4Te1liHeznwsXqfYThWz4/oGY8=</DigestValue>
> </Reference>
> - <#> <Reference URI="*#Id-d5c91450-9be5-4c20-a11e-ad4dbfa9b6df*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>t9W3z0PflXfGh/dhTekRC/32PqM=</DigestValue>
> </Reference>
> - <#> <Reference URI="*#Id-86fd872f-fcf8-4874-9649-c424546078f1*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>bX3Xibb7JA1TAAZFLjxwwWAxJus=</DigestValue>
> </Reference>
> - <#> <Reference URI="*#Id-d2416533-130a-48f0-99d7-9d93acd664f9*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>xApDHcXdNXowrCxORsCYZbIKiLs=</DigestValue>
> </Reference>
> - <#> <Reference
> URI="*#Timestamp-7d5835ff-7a51-4fab-9cd9-a5f4edcf4496*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>w22vEmgmXpdiNBkZXtZRj1Yp2Zk=</DigestValue>
> </Reference>
> - <#> <Reference URI="*#Id-59bb037e-d745-4d0d-90f3-9414e74d7954*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>WghIsez5aKicT4HXUSDFq+YkTUA=</DigestValue>
> </Reference>
> </SignedInfo>
> ...
>
>
> As you can see there is much more reference on the .NET CLIENT.
>
> My questions:
> - Do you think that the error message come from this lack of reference?
> - How is it possible to change the configuration of my Java Client to
> make possible the interop?
>
>
> Here is my WSDD file:
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration>
> <requestFlow>
> <!-- ADDRESSING -->
> <handler
> type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
> <!-- SECURITY -->
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Signature" />
> <parameter name="user"
> value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
> />
> <parameter name="passwordCallbackClass"
> value="ws.PWCallback" />
> <parameter name="signaturePropFile"
> value="crypto.properties" />
> <parameter name="signatureKeyIdentifier"
> value="DirectReference" />
> </handler>
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllSender"><!-- OK -->
> <parameter name="action" value="UsernameToken Timestamp" />
> <parameter name="user" value="login" />
> <parameter name="passwordCallbackClass"
> value="ws.PWCallback" />
> <parameter name="passwordType" value="PasswordText"
> /><!-- PasswordDigest -->
> <parameter name="addUTElements" value="Nonce Created" />
> </handler>
> </requestFlow>
> <responseFlow>
> <handler
> type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
> </responseFlow>
> </globalConfiguration>
> </deployment>
>
> Thanks for your help.
>
> Regards,
> Laurent
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J and DOTNET
Posted by Werner Dittmann <We...@t-online.de>.
Laurent,
IMO this is a wrong SIgnature or similar. The .Net client
uses the WS-Address specfication to set up its request. Also
the .Net server expects a request with WS-Address elements.
There is a WS-Address implementation for Apache. Maybe you
can use this. Also some people on this list use it to
work with .Net servers / .Net clients.
Regards,
Werner
Laurent COLLET wrote:
> Hi,
>
> I work on testing interoperability between Java and .net WebServices. At
> present, my main problem is to sign request.
>
> My client can send a signed request to the server, but the server
> response with a soap error:
> :
> (snippet of the result on the client side)
> Erreur: WSE402: The message does not conform to the policy it was mapped to.
> AxisFault
> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
> faultSubcode:
> faultString: WSE402: The message does not conform to the policy it was
> mapped to.
> faultActor: http://server04/ServiceSecurise/Service1.asmx
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:WSE402: The message does not
> conform to the policy it was mapped to.
> at
> org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
> at
> org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
> at
> org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
> at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
> Source)
> at
> org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
> Source)
> at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
> Source)
> at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
> Source)
> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
> at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
> at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
> at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
> Source)
> at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
> at
> org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
> at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
> at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
> at
> org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse(AddressingHandler.java:300)
> at
> org.apache.axis.message.addressing.handler.AddressingHandler.invoke(AddressingHandler.java:110)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
> at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> at org.apache.axis.client.Call.invoke(Call.java:2748)
> at org.apache.axis.client.Call.invoke(Call.java:2424)
> at org.apache.axis.client.Call.invoke(Call.java:2347)
> at org.apache.axis.client.Call.invoke(Call.java:1804)
> at
> wss.Service1Soap_BindingStub.helloWorld(Service1Soap_BindingStub.java:115)
> at ws.Main.main(Main.java:102)
>
> I checked all the certificate and the policy on the server is correct:
> I catch the xml message from the Java Client and from the .net Client.
> Here is the main difference between the 2 files:
>
>
> WSS4J CLIENT:
> ...
> - <#> <ds:Signature xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> <ds:SignatureMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
> - <#> <ds:Reference URI="*#id-20259687*">
> - <#> <ds:Transforms>
> <ds:Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <ds:DigestValue>V9LIVl8g9d9u1dvhWrcUwXHJu/8=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
> <ds:SignatureValue>VDg9rKbO2cGkoMvmaHNxL5bnLki+A41AsiPd3PZakFtic3XLmrQ42jiwFufqkJXkZDubzPzQCyTM
> OBI5De6Ub+mK81c6BsO6qrKiJjLP+tZuSPMjqwwFjxE06qnCoLlqhgewJ7MIaO+EvertTffiFgSl
> xMAZNsL9XoMWGX7bSbU=</ds:SignatureValue>
> - <#> <ds:KeyInfo Id="*KeyId-14625088*">
> - <#> <wsse:SecurityTokenReference
> xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*"
> wsu:Id="*STRId-22908277*">
> <wsse:Reference URI="*#CertId-14080341*"
> ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*"
> />
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> </wsse:Security>
> ...
>
>
> .NET CLIENT
> ...
> <<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*">
> - <#> <SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"
> xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*" />
> <SignatureMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
> - <#> <Reference URI="*#Id-8c11c53d-dd74-44c3-9cec-e76163be1c44*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>v4Te1liHeznwsXqfYThWz4/oGY8=</DigestValue>
> </Reference>
> - <#> <Reference URI="*#Id-d5c91450-9be5-4c20-a11e-ad4dbfa9b6df*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>t9W3z0PflXfGh/dhTekRC/32PqM=</DigestValue>
> </Reference>
> - <#> <Reference URI="*#Id-86fd872f-fcf8-4874-9649-c424546078f1*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>bX3Xibb7JA1TAAZFLjxwwWAxJus=</DigestValue>
> </Reference>
> - <#> <Reference URI="*#Id-d2416533-130a-48f0-99d7-9d93acd664f9*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>xApDHcXdNXowrCxORsCYZbIKiLs=</DigestValue>
> </Reference>
> - <#> <Reference
> URI="*#Timestamp-7d5835ff-7a51-4fab-9cd9-a5f4edcf4496*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>w22vEmgmXpdiNBkZXtZRj1Yp2Zk=</DigestValue>
> </Reference>
> - <#> <Reference URI="*#Id-59bb037e-d745-4d0d-90f3-9414e74d7954*">
> - <#> <Transforms>
> <Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*" />
> </Transforms>
> <DigestMethod
> Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
> <DigestValue>WghIsez5aKicT4HXUSDFq+YkTUA=</DigestValue>
> </Reference>
> </SignedInfo>
> ...
>
>
> As you can see there is much more reference on the .NET CLIENT.
>
> My questions:
> - Do you think that the error message come from this lack of reference?
> - How is it possible to change the configuration of my Java Client to
> make possible the interop?
>
>
> Here is my WSDD file:
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration>
> <requestFlow>
> <!-- ADDRESSING -->
> <handler
> type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
> <!-- SECURITY -->
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Signature" />
> <parameter name="user"
> value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
> />
> <parameter name="passwordCallbackClass"
> value="ws.PWCallback" />
> <parameter name="signaturePropFile"
> value="crypto.properties" />
> <parameter name="signatureKeyIdentifier"
> value="DirectReference" />
> </handler>
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllSender"><!-- OK -->
> <parameter name="action" value="UsernameToken Timestamp" />
> <parameter name="user" value="login" />
> <parameter name="passwordCallbackClass"
> value="ws.PWCallback" />
> <parameter name="passwordType" value="PasswordText"
> /><!-- PasswordDigest -->
> <parameter name="addUTElements" value="Nonce Created" />
> </handler>
> </requestFlow>
> <responseFlow>
> <handler
> type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
> </responseFlow>
> </globalConfiguration>
> </deployment>
>
> Thanks for your help.
>
> Regards,
> Laurent
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org