You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Christian Mielke (JIRA)" <ji...@apache.org> on 2008/02/08 08:47:08 UTC
[jira] Created: (RAMPART-138) Created response of
SymmetricBindingBuilder WITHOUT timestamp is incorrect
Created response of SymmetricBindingBuilder WITHOUT timestamp is incorrect
--------------------------------------------------------------------------
Key: RAMPART-138
URL: https://issues.apache.org/jira/browse/RAMPART-138
Project: Rampart
Issue Type: Bug
Components: rampart-core
Affects Versions: 1.3
Reporter: Christian Mielke
Fix For: 1.3
When using the policy below, the RAMPART SymmetricBindingBuilder creates a server-response that has not the correct order of elements for the protection-order EncryptBeforeSigning. A client which recieves the response (I tested it with a WCF 3.0 client) says that the response has not the correct protection order.
If the policy gets extended with a timestamp, the error doesn't appear.
<wsp:Policy wsu:Id="token" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:EncryptBeforeSigning/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<Address xmlns="http://www.w3.org/2005/08/addressing">
http://localhost:8080/axis2/services/SecurityToken
</Address>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
urn:oasis:names:tc:SAML:1.0:assertion
</t:TokenType>
<t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
</t:KeyType>
<t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
256
</t:KeySize>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireExternalReference />
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefThumbprint/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPART-138) Created response of
SymmetricBindingBuilder WITHOUT timestamp is incorrect
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-138.
------------------------------------------------
Resolution: Fixed
Fixed in revision 619883.
> Created response of SymmetricBindingBuilder WITHOUT timestamp is incorrect
> --------------------------------------------------------------------------
>
> Key: RAMPART-138
> URL: https://issues.apache.org/jira/browse/RAMPART-138
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Christian Mielke
> Assignee: Nandana Mihindukulasooriya
> Fix For: 1.3
>
>
> When using the policy below, the RAMPART SymmetricBindingBuilder creates a server-response that has not the correct order of elements for the protection-order EncryptBeforeSigning. A client which recieves the response (I tested it with a WCF 3.0 client) says that the response has not the correct protection order.
> If the policy gets extended with a timestamp, the error doesn't appear.
> <wsp:Policy wsu:Id="token" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference/>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:EncryptBeforeSigning/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <Address xmlns="http://www.w3.org/2005/08/addressing">
> http://localhost:8080/axis2/services/SecurityToken
> </Address>
> </Issuer>
> <sp:RequestSecurityTokenTemplate>
> <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
> urn:oasis:names:tc:SAML:1.0:assertion
> </t:TokenType>
> <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
> http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
> </t:KeyType>
> <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
> 256
> </t:KeySize>
> </sp:RequestSecurityTokenTemplate>
> <wsp:Policy>
> <sp:RequireExternalReference />
> </wsp:Policy>
> </sp:IssuedToken>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefThumbprint/>
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (RAMPART-138) Created response of
SymmetricBindingBuilder WITHOUT timestamp is incorrect
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-138:
--------------------------------------------------
Assignee: Nandana Mihindukulasooriya
> Created response of SymmetricBindingBuilder WITHOUT timestamp is incorrect
> --------------------------------------------------------------------------
>
> Key: RAMPART-138
> URL: https://issues.apache.org/jira/browse/RAMPART-138
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Christian Mielke
> Assignee: Nandana Mihindukulasooriya
> Fix For: 1.3
>
>
> When using the policy below, the RAMPART SymmetricBindingBuilder creates a server-response that has not the correct order of elements for the protection-order EncryptBeforeSigning. A client which recieves the response (I tested it with a WCF 3.0 client) says that the response has not the correct protection order.
> If the policy gets extended with a timestamp, the error doesn't appear.
> <wsp:Policy wsu:Id="token" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference/>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:EncryptBeforeSigning/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <Address xmlns="http://www.w3.org/2005/08/addressing">
> http://localhost:8080/axis2/services/SecurityToken
> </Address>
> </Issuer>
> <sp:RequestSecurityTokenTemplate>
> <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
> urn:oasis:names:tc:SAML:1.0:assertion
> </t:TokenType>
> <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
> http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
> </t:KeyType>
> <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
> 256
> </t:KeySize>
> </sp:RequestSecurityTokenTemplate>
> <wsp:Policy>
> <sp:RequireExternalReference />
> </wsp:Policy>
> </sp:IssuedToken>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefThumbprint/>
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-138) Created response of
SymmetricBindingBuilder WITHOUT timestamp is incorrect
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya updated RAMPART-138:
-----------------------------------------------
Fix Version/s: (was: 1.3)
1.4
Set Fix version to 1.4.
> Created response of SymmetricBindingBuilder WITHOUT timestamp is incorrect
> --------------------------------------------------------------------------
>
> Key: RAMPART-138
> URL: https://issues.apache.org/jira/browse/RAMPART-138
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Christian Mielke
> Assignee: Nandana Mihindukulasooriya
> Fix For: 1.4
>
>
> When using the policy below, the RAMPART SymmetricBindingBuilder creates a server-response that has not the correct order of elements for the protection-order EncryptBeforeSigning. A client which recieves the response (I tested it with a WCF 3.0 client) says that the response has not the correct protection order.
> If the policy gets extended with a timestamp, the error doesn't appear.
> <wsp:Policy wsu:Id="token" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference/>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:EncryptBeforeSigning/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <Address xmlns="http://www.w3.org/2005/08/addressing">
> http://localhost:8080/axis2/services/SecurityToken
> </Address>
> </Issuer>
> <sp:RequestSecurityTokenTemplate>
> <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
> urn:oasis:names:tc:SAML:1.0:assertion
> </t:TokenType>
> <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
> http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
> </t:KeyType>
> <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
> 256
> </t:KeySize>
> </sp:RequestSecurityTokenTemplate>
> <wsp:Policy>
> <sp:RequireExternalReference />
> </wsp:Policy>
> </sp:IssuedToken>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefThumbprint/>
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.