You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by balaji21 <br...@gmail.com> on 2020/01/02 14:56:47 UTC
AsymmetricBinding: Received Timestamp does not match the
requirements
HiWe are working on upgrading cxf from 2.6.1 to 3.1.18 along with Spring
upgrade from 3.x to 4.x. After the upgrade we have started facing issues in
making webservice calls.Initially, we got this error:A SignedParts policy on
its own is not enoughinformation, we need a security binding
(Symmetric/Asymmetric) to set upthe Signature properly.When I checked WSDL,
I found that we already have policy defined already along with these tags
in the policyWe have the following configuration in spring xml.
.. ** After adding the action property, started getting below
error.javax.xml.ws.soap.SOAPFaultException: These policy alternatives can
not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding:
Received Timestamp does not match the
requirements{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token:
The received token does not match the token inclusion
requirement{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp:
Received Timestamp does not match the
requirements{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken:
The received token does not match the token inclusion requirement:Could some
one guide me out here ?thanksBalaji
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: AsymmetricBinding: Received Timestamp does not match the requirements
Posted by Colm O hEigeartaigh <co...@apache.org>.
I also need to see a sample request that's failing that uses that policy.
Is the client and service both CXF?
Colm.
On Tue, Jan 7, 2020 at 6:42 AM balaji21 <br...@gmail.com> wrote:
>
> <wsp:All>
> <sp:AsymmetricBinding>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> *<sp:IncludeTimestamp />*
> <sp:OnlySignEntireHeadersAndBody />
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic128 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10>
> <wsp:Policy>
> <sp:MustSupportRefIssuerSerial />
> </wsp:Policy>
> </sp:Wss10>
> </wsp:All>
>
> Please find the wsdl secuurity policy above. My understanding is that
> timestamp would be included by cxf library before posting the request using
> jaxws. This is happening in websphere 8.5.5.1.
>
> Code was working fine with 2.6.1.version of cxf. Please let me know of any
> cxf library conflicts w.r.to deploying it in websphere 8.5.5.1 for cxf
> version 3.1.18.
>
> Here is complete list of jars that are deployed to websphere server.
> antlr-2.7.7.jar
> aopalliance-1.0.jar
> archaius-core-0.4.1.jar
> asm-5.0.4.jar
> aspectjrt-1.8.14.jar
> aspectjweaver-1.8.14.jar
> aws-java-sdk-core-1.11.310.jar
> aws-java-sdk-dynamodb-1.11.310.jar
> aws-java-sdk-kms-1.11.310.jar
> aws-java-sdk-s3-1.11.310.jar
> bcprov-jdk15on-1.64.jar
> cglib-2.2.jar
> classgraph-4.8.47.jar
> commons-beanutils-1.8.3.jar
> commons-codec-1.11.jar
> commons-collections-3.2.1.jar
> commons-collections4-4.1.jar
> commons-configuration-1.8.jar
> commons-digester-1.8.1.jar
> commons-email-1.3.1.jar
> commons-fileupload-1.3.1.jar
> commons-httpclient-3.1.jar
> commons-io-2.2.jar
> commons-lang-2.6.jar
> commons-lang3-3.8.jar
> commons-pool-1.6.jar
> commons-pool2-2.4.2.jar
> commons-validator-1.6.jar
> cryptacular-1.0.jar
> cxf-core-3.1.18.jar
> cxf-rt-bindings-soap-3.1.18.jar
> cxf-rt-bindings-xml-3.1.18.jar
> cxf-rt-databinding-jaxb-3.1.18.jar
> cxf-rt-features-logging-3.1.18.jar
> cxf-rt-frontend-jaxrs-3.1.18.jar
> cxf-rt-frontend-jaxws-3.1.18.jar
> cxf-rt-frontend-simple-3.1.18.jar
> cxf-rt-rs-client-3.1.18.jar
> cxf-rt-security-3.1.18.jar
> cxf-rt-security-saml-3.1.18.jar
> cxf-rt-transports-http-3.1.18.jar
> cxf-rt-ws-addr-3.1.18.jar
> cxf-rt-ws-policy-3.1.18.jar
> cxf-rt-ws-security-3.1.18.jar
> cxf-rt-wsdl-3.1.18.jar
> cxf-tools-common-3.1.18.jar
> dom4j-1.6.1.jar
> dozer-5.3.2.jar
> ehcache-2.10.5.jar
> ehcache-core-2.5.1.jar
> gson-2.2.4.jar
> guava-20.0.jar
> hamcrest-all-1.3.jar
> hibernate-commons-annotations-4.0.1.Final.jar
> hibernate-core-4.0.1.Final.jar
> hibernate-entitymanager-4.0.1.Final.jar
> httpclient-4.5.10.jar
> httpcore-4.4.12.jar
> hystrix-core-1.5.12.jar
> ion-java-1.0.2.jar
> jackson-annotations-2.10.0.jar
> jackson-core-2.10.0.jar
> jackson-core-asl-1.9.13.jar
> jackson-databind-2.10.0.jar
> jackson-dataformat-cbor-2.6.7.jar
> jackson-jaxrs-1.9.13.jar
> jackson-mapper-asl-1.9.13.jar
> jasypt-1.9.2.jar
> java-support-7.1.1.jar
> javassist-3.26.0-GA.jar
> javax.annotation-api-1.2.jar
> javax.ws.rs-api-2.0.1.jar
> javers-core-5.7.6.jar
> jaxb-core-2.2.11.jar
> jaxb-xjc-2.3.2.jar
> jboss-logging-3.1.0.CR2.jar
> jedis-2.8.1.jar
> jmespath-java-1.11.310.jar
> joda-time-1.6.2.jar
> libphonenumber-5.4.jar
> log4j-1.2.16.jar
> lz4-1.3.0.jar
> opensaml-core-3.1.1.jar
> opensaml-profile-api-3.1.1.jar
> opensaml-saml-api-3.1.1.jar
> opensaml-saml-impl-3.1.1.jar
> opensaml-security-api-3.1.1.jar
> opensaml-security-impl-3.1.1.jar
> opensaml-soap-api-3.1.1.jar
> opensaml-xacml-api-3.1.1.jar
> opensaml-xacml-impl-3.1.1.jar
> opensaml-xacml-saml-api-3.1.1.jar
> opensaml-xacml-saml-impl-3.1.1.jar
> opensaml-xmlsec-api-3.1.1.jar
> opensaml-xmlsec-impl-3.1.1.jar
> oro-2.0.8.jar
> picocontainer-2.15.jar
> pmcore-6.0.3.4.0.jar
> rxjava-1.2.0.jar
> slf4j-api-1.7.25.jar
> slf4j-log4j12-1.6.4.jar
> snappy-java-1.1.2.6.jar
> spring-aop-4.3.25.RELEASE.jar
> spring-aspects-4.3.25.RELEASE.jar
> spring-beans-4.3.25.RELEASE.jar
> spring-boot-1.5.16.RELEASE.jar
> spring-boot-autoconfigure-1.5.16.RELEASE.jar
> spring-context-4.3.25.RELEASE.jar
> spring-context-support-4.3.25.RELEASE.jar
> spring-core-4.3.25.RELEASE.jar
> spring-expression-4.3.25.RELEASE.jar
> spring-jdbc-4.3.25.RELEASE.jar
> spring-kafka-1.3.9.RELEASE.jar
> spring-ldap-core-2.3.2.RELEASE.jar
> spring-messaging-4.3.19.RELEASE.jar
> spring-orm-4.3.25.RELEASE.jar
> spring-oxm-4.3.25.RELEASE.jar
> spring-retry-1.2.2.RELEASE.jar
> spring-security-acl-4.2.13.RELEASE.jar
> spring-security-config-4.2.13.RELEASE.jar
> spring-security-core-4.2.13.RELEASE.jar
> spring-security-ldap-4.2.13.RELEASE.jar
> spring-security-taglibs-4.2.13.RELEASE.jar
> spring-security-web-4.2.13.RELEASE.jar
> spring-tx-4.3.25.RELEASE.jar
> spring-web-4.3.25.RELEASE.jar
> spring-webmvc-4.3.25.RELEASE.jar
> spring-ws-core-3.0.7.RELEASE.jar
> spring-xml-3.0.7.RELEASE.jar
> stax2-api-3.0.2.jar
> velocity-1.7.jar
> wsdl4j-1.6.3.jar
> wss4j-bindings-2.1.12.jar
> wss4j-policy-2.1.12.jar
> wss4j-ws-security-common-2.1.12.jar
> wss4j-ws-security-dom-2.1.12.jar
> wss4j-ws-security-policy-stax-2.1.12.jar
> wss4j-ws-security-stax-2.1.12.jar
> xml-resolver-1.2.jar
>
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>
Re: AsymmetricBinding: Received Timestamp does not match the
requirements
Posted by balaji21 <br...@gmail.com>.
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
*<sp:IncludeTimestamp />*
<sp:OnlySignEntireHeadersAndBody />
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10>
<wsp:Policy>
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
</wsp:All>
Please find the wsdl secuurity policy above. My understanding is that
timestamp would be included by cxf library before posting the request using
jaxws. This is happening in websphere 8.5.5.1.
Code was working fine with 2.6.1.version of cxf. Please let me know of any
cxf library conflicts w.r.to deploying it in websphere 8.5.5.1 for cxf
version 3.1.18.
Here is complete list of jars that are deployed to websphere server.
antlr-2.7.7.jar
aopalliance-1.0.jar
archaius-core-0.4.1.jar
asm-5.0.4.jar
aspectjrt-1.8.14.jar
aspectjweaver-1.8.14.jar
aws-java-sdk-core-1.11.310.jar
aws-java-sdk-dynamodb-1.11.310.jar
aws-java-sdk-kms-1.11.310.jar
aws-java-sdk-s3-1.11.310.jar
bcprov-jdk15on-1.64.jar
cglib-2.2.jar
classgraph-4.8.47.jar
commons-beanutils-1.8.3.jar
commons-codec-1.11.jar
commons-collections-3.2.1.jar
commons-collections4-4.1.jar
commons-configuration-1.8.jar
commons-digester-1.8.1.jar
commons-email-1.3.1.jar
commons-fileupload-1.3.1.jar
commons-httpclient-3.1.jar
commons-io-2.2.jar
commons-lang-2.6.jar
commons-lang3-3.8.jar
commons-pool-1.6.jar
commons-pool2-2.4.2.jar
commons-validator-1.6.jar
cryptacular-1.0.jar
cxf-core-3.1.18.jar
cxf-rt-bindings-soap-3.1.18.jar
cxf-rt-bindings-xml-3.1.18.jar
cxf-rt-databinding-jaxb-3.1.18.jar
cxf-rt-features-logging-3.1.18.jar
cxf-rt-frontend-jaxrs-3.1.18.jar
cxf-rt-frontend-jaxws-3.1.18.jar
cxf-rt-frontend-simple-3.1.18.jar
cxf-rt-rs-client-3.1.18.jar
cxf-rt-security-3.1.18.jar
cxf-rt-security-saml-3.1.18.jar
cxf-rt-transports-http-3.1.18.jar
cxf-rt-ws-addr-3.1.18.jar
cxf-rt-ws-policy-3.1.18.jar
cxf-rt-ws-security-3.1.18.jar
cxf-rt-wsdl-3.1.18.jar
cxf-tools-common-3.1.18.jar
dom4j-1.6.1.jar
dozer-5.3.2.jar
ehcache-2.10.5.jar
ehcache-core-2.5.1.jar
gson-2.2.4.jar
guava-20.0.jar
hamcrest-all-1.3.jar
hibernate-commons-annotations-4.0.1.Final.jar
hibernate-core-4.0.1.Final.jar
hibernate-entitymanager-4.0.1.Final.jar
httpclient-4.5.10.jar
httpcore-4.4.12.jar
hystrix-core-1.5.12.jar
ion-java-1.0.2.jar
jackson-annotations-2.10.0.jar
jackson-core-2.10.0.jar
jackson-core-asl-1.9.13.jar
jackson-databind-2.10.0.jar
jackson-dataformat-cbor-2.6.7.jar
jackson-jaxrs-1.9.13.jar
jackson-mapper-asl-1.9.13.jar
jasypt-1.9.2.jar
java-support-7.1.1.jar
javassist-3.26.0-GA.jar
javax.annotation-api-1.2.jar
javax.ws.rs-api-2.0.1.jar
javers-core-5.7.6.jar
jaxb-core-2.2.11.jar
jaxb-xjc-2.3.2.jar
jboss-logging-3.1.0.CR2.jar
jedis-2.8.1.jar
jmespath-java-1.11.310.jar
joda-time-1.6.2.jar
libphonenumber-5.4.jar
log4j-1.2.16.jar
lz4-1.3.0.jar
opensaml-core-3.1.1.jar
opensaml-profile-api-3.1.1.jar
opensaml-saml-api-3.1.1.jar
opensaml-saml-impl-3.1.1.jar
opensaml-security-api-3.1.1.jar
opensaml-security-impl-3.1.1.jar
opensaml-soap-api-3.1.1.jar
opensaml-xacml-api-3.1.1.jar
opensaml-xacml-impl-3.1.1.jar
opensaml-xacml-saml-api-3.1.1.jar
opensaml-xacml-saml-impl-3.1.1.jar
opensaml-xmlsec-api-3.1.1.jar
opensaml-xmlsec-impl-3.1.1.jar
oro-2.0.8.jar
picocontainer-2.15.jar
pmcore-6.0.3.4.0.jar
rxjava-1.2.0.jar
slf4j-api-1.7.25.jar
slf4j-log4j12-1.6.4.jar
snappy-java-1.1.2.6.jar
spring-aop-4.3.25.RELEASE.jar
spring-aspects-4.3.25.RELEASE.jar
spring-beans-4.3.25.RELEASE.jar
spring-boot-1.5.16.RELEASE.jar
spring-boot-autoconfigure-1.5.16.RELEASE.jar
spring-context-4.3.25.RELEASE.jar
spring-context-support-4.3.25.RELEASE.jar
spring-core-4.3.25.RELEASE.jar
spring-expression-4.3.25.RELEASE.jar
spring-jdbc-4.3.25.RELEASE.jar
spring-kafka-1.3.9.RELEASE.jar
spring-ldap-core-2.3.2.RELEASE.jar
spring-messaging-4.3.19.RELEASE.jar
spring-orm-4.3.25.RELEASE.jar
spring-oxm-4.3.25.RELEASE.jar
spring-retry-1.2.2.RELEASE.jar
spring-security-acl-4.2.13.RELEASE.jar
spring-security-config-4.2.13.RELEASE.jar
spring-security-core-4.2.13.RELEASE.jar
spring-security-ldap-4.2.13.RELEASE.jar
spring-security-taglibs-4.2.13.RELEASE.jar
spring-security-web-4.2.13.RELEASE.jar
spring-tx-4.3.25.RELEASE.jar
spring-web-4.3.25.RELEASE.jar
spring-webmvc-4.3.25.RELEASE.jar
spring-ws-core-3.0.7.RELEASE.jar
spring-xml-3.0.7.RELEASE.jar
stax2-api-3.0.2.jar
velocity-1.7.jar
wsdl4j-1.6.3.jar
wss4j-bindings-2.1.12.jar
wss4j-policy-2.1.12.jar
wss4j-ws-security-common-2.1.12.jar
wss4j-ws-security-dom-2.1.12.jar
wss4j-ws-security-policy-stax-2.1.12.jar
wss4j-ws-security-stax-2.1.12.jar
xml-resolver-1.2.jar
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: AsymmetricBinding: Received Timestamp does not match the requirements
Posted by Colm O hEigeartaigh <co...@apache.org>.
It looks like the requests might either be missing Timestamps, or else they
are including Timestamps and the IncludeTimestamp policy is not present in
the AsymmetricBinding. It's harder to tell for the other cases without
seeing both the policy and the requests.
Colm.
On Fri, Jan 3, 2020 at 8:26 PM balaji21 <br...@gmail.com> wrote:
> HiWe are working on upgrading cxf from 2.6.1 to 3.1.18 along with Spring
> upgrade from 3.x to 4.x. After the upgrade we have started facing issues in
> making webservice calls.Initially, we got this error:A SignedParts policy
> on
> its own is not enoughinformation, we need a security binding
> (Symmetric/Asymmetric) to set upthe Signature properly.When I checked WSDL,
> I found that we already have policy defined already along with these tags
> in the policyWe have the following configuration in spring xml.
>
>
> ..
> ** After adding the action property,
> started getting below
> error.javax.xml.ws.soap.SOAPFaultException: These policy alternatives can
> not be satisfied:
> {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding
> :
> Received Timestamp does not match the
> requirements{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token:
> The received token does not match the token inclusion
> requirement{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
> :
> Received Timestamp does not match the
> requirements{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken:
> The received token does not match the token inclusion requirement:Could
> some
> one guide me out here ?thanksBalaji
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>