You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Ben Mckenzie <bm...@highlineFI.com> on 2009/06/01 20:16:52 UTC

security token problem

Hello, all.  I have tried searching google, various mailing lists, and other sources, but cannot seem to find any good answers to the problem that I am having.  If someone here has any ideas, I would be very grateful.

I am using axis2 (1.4.1 build) and rampart (1.4) to try to access what I can only guess is a .NET based SOAP server on a government website.

I am using a policy.xml file which looks like this:


<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <wsp:Policy>
                    <sp:TransportToken>
                        <wsp:Policy>
                            <sp:HttpsToken RequireClientCertificate="false"/>
                        </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic256/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Lax/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                </wsp:Policy>
            </sp:TransportBinding>
            <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:HashPassword/>
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SignedSupportingTokens>
            <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                <ramp:user>xxxx</ramp:user>
                              <ramp:passwordCallbackClass>com.highlinedata.database.download.fdicweb.PWHandler</ramp:passwordCallbackClass>
            </ramp:RampartConfig>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

And I am getting the following error back:
org.apache.axis2.AxisFault: The security token could not be authenticated or authorized ---> WSE563: The computed password digest doesn't match
that of the incoming username token.


It looks like the error is being generated from the remote server.  Any ideas?

Thank you very much,
Ben McKenzie