You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Liu, Xiao-Tao (Allen, HPIT-GADSC)" <xi...@hp.com> on 2007/05/01 05:15:51 UTC
RE: The signature verification failed in Axis2 with Rampart
Hi Ruchtih,
Do you have any updates on this issue?
Thanks,
Allen
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: 2007年4月24日 17:18
To: rampart-dev@ws.apache.org
Subject: Re: The signature verification failed in Axis2 with Rampart
Hi Allen,
Sometimes we monitor the messages using tools such as tcpmon[1] and they have an option to xml format the message (so the xml parts are properly indented) for clarity.
I want you to capture the message without any such formatting and send it to me. This will help me in trying to use my code to verify the message since it is not modified.
Thanks,
Ruchtih
[1] http://ws.apache.org/commons/tcpmon/
On 4/24/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <xi...@hp.com> wrote:
>
> Hi Ruchith,
>
> Can you please tell me what's particular message in it original form (without any xml formatting)? I am afraid I have no idea of what's that.
>
> Thanks,
> Allen
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: 2007年4月23日 13:34
> To: rampart-dev@ws.apache.org
> Subject: Re: The signature verification failed in Axis2 with Rampart
>
> Hi Allen,
>
> Since its the response from the .NET server that causes the signature failure I need that particular message in it original form (without any xml formatting).
>
> Thanks,
> Ruchith
>
> On 4/19/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <xi...@hp.com> wrote:
> >
> >
> > Hi Ruchith,
> >
> > Do you have any update on this issue? I have searched all the
> > document I could find, but all didn't work. Hope you can help me.
> >
> > Thanks,
> > Allen
> >
> >
> > ________________________________
> > From: Liu, Xiao-Tao (Allen, HPIT-GADSC)
> > Sent: 2007年4月18日 19:19
> > To: 'rampart-dev@ws.apache.org'
> > Subject: RE: The signature verification failed in Axis2 with Rampart
> >
> >
> >
> >
> > Hi Ruchith,
> >
> > I send out my client source code with all necessary configurations/keystore.
> > I created the request message inside the client, using AXIOM. The
> > web service is written in .net and running on IIS.
> >
> > Thanks,
> > Allen
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: 2007年4月18日 19:08
> > To: rampart-dev@ws.apache.org
> > Subject: Re: The signature verification failed in Axis2 with Rampart
> >
> > Hi Allen,
> >
> > Can you please send the message that caused the exception (with out
> > xml
> > formatting) and also send the public key cert of the key that was
> > used to sign the message. I'll try to recreate your issue.
> >
> > Thanks,
> > Ruchith
> >
> > On 4/18/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <xi...@hp.com> wrote:
> > > Hi,
> > >
> > > I am taking use of Axis2 to build a client to access a .net ws
> > > with
> > > X509 certificate signature. All the steps are fine except when I
> > > receive the response from .net, the signature verification always failed.
> > >
> > > Warning: Verification failed for URI
> > > "#Id-c59b2f2c-9d10-4107-bea9-e8eb690dd67d"
> > > Exception in thread "main" org.apache.axis2.AxisFault: WSDoAllReceiver:
> > > security processing failed; nested exception is:
> > > org.apache.ws.security.WSSecurityException: The
> > signature
> > > verification failed
> > > at
> > >
> > org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.
> > > java:259)
> > > at
> > >
> > org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllRec
> > ei
> > > ve
> > > r.java:91)
> > > at
> > >
> > org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java
> > :7
> > 4)
> > > at
> > org.apache.axis2.engine.Phase.invoke(Phase.java:382)
> > > at
> > >
> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
> > > at
> > >
> > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:487)
> > > at
> > >
> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxis
> > Op
> > > er
> > > ation.java:276)
> > > at
> > >
> > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInA
> > xi
> > > sO
> > > peration.java:202)
> > > at
> > >
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java
> > :5
> > > 79
> > > )
> > > at
> > >
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java
> > :5
> > > 08
> > > )
> > > at ws.axis2.DotNetWSRClient.main(DotNetWSRClient.java:45)
> > > Caused by: org.apache.ws.security.WSSecurityException:
> > The signature
> > > verification failed
> > > at
> > >
> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignatu
> > re
> > > (S
> > > ignatureProcessor.java:332)
> > > at
> > >
> > org.apache.ws.security.processor.SignatureProcessor.handleToken(Sign
> > at
> > > ur
> > > eProcessor.java:79)
> > > at
> > >
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecu
> > ri
> > > ty
> > > Engine.java:279)
> > > at
> > >
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecu
> > ri
> > > ty
> > > Engine.java:201)
> > > at
> > >
> > org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.
> > > java:256)
> > > ... 10 more
> > >
> > > I am suspecting that's probably caused by some PrettyXML or
> > > NamespacePrefixOptimization mechanism when Axis modified the
> > > response body with new lines/breaks/spaces to let it looks better.
> > > And I found there was some specific parameter in Axis configuration for Axis1:
> > >
> > > <globalConfiguration>
> > > <!-- MUST turn off pretty printing otherwise signature
> > > verification fails -->
> > > <parameter name="enableNamespacePrefixOptimization"
> > value="false"/>
> > > <parameter name="disablePrettyXML" value="true"/>
> > >
> > > </globalConfiguration>
> > >
> > >
> > > But I didn't find there is corresponding parameters in Axis2. Has
> > > somebody faced the same problem? I have been struggling with it
> > > for over
> > > 2 days...
> > >
> > > Thanks,
> > > Allen
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
--
www.ruchith.org
www.wso2.org