WSSJ/Rampart Question

["Ford, Jennifer M." <JE...@SOUTHERNCO.COM>]

Hello everyone,
I was referred here from the Axis2 user group.  I am currently trying to
add WS-Security to an existing web service (AsymmetricBinding/Signature
Only) using Apache AXIS2 with Rampart.   There's a sample in the rampart
distribution that theoretically illustrates how to do this, so I started
with the policy.xml and service.xml files from that and attempted to add
this to my service code, which was autogenerated using WSDL2Java.

I've been unable to get this working, and I have run out of ideas.  Has
anyone actually used Rampart policy files to successfully provide
certificate-based authentication, and if so, would you mind sharing your
policy.xml file?

Also:

I am seeing the following error in the logs:
2007-08-08 15:51:56,983 DEBUG org.apache.ws.security.WSSecurityEngine -
Unknown Element: BinarySecurityToken
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
t-1.0.xsd

That seems like probable cause for this to fail.  I looked up that error
on Google, and I see a lot of references to XML Pretty Printing (which I
now have disabled in my client axis2.xml, although it does not appear to
have made a difference in the output) and most of those messages were
using Axis 1.3, not Axis2 as I am using.

The other thing I am struggling with are the X509 token types and the
decryption algorithm.  Is it possible to find that information on the
certificate itself?  I was unable to find it, but I am thinking if I
were wrong that would be another reason why my signature validation
would fail.

Thanks so much for your time,

Jennifer Ford
Energy Management Systems

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: WSSJ/Rampart Question

[Ruchith Fernando <ru...@gmail.com>]

Now we have a new processor to process unreferenced
BinarySecurityToken elements in WSS4J. Therefore this exception cannot
occur. Next version of rampart will depend on the next release of
WSS4J which will contain this fix.

If you can provide a test case that simulate this issue we can run it
against the latest build and test it.

Thanks,
Ruchith

On 8/9/07, Ford, Jennifer M. <JE...@southernco.com> wrote:
> Is the Unknown Element: BinarySecurityToken fixed in the most recent
> build?  I have to vet packages that I use through our security team, and
> they're not quick about it, so I tend to stick to actual releases.  It's
> worth it if that's a known bug that has been fixed, but I would hate to
> introduce other errors since it's just a nightly build rather than an
> actual release of the product.
>
> Checking your other suggestions now as well.
>
> Thanks for your response,
> Jennifer
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Thursday, August 09, 2007 4:08 AM
> To: Ford, Jennifer M.
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSSJ/Rampart Question
>
> Hi,
>
>
> On 8/9/07, Ford, Jennifer M. <JE...@southernco.com> wrote:
> > Hello everyone,
> > I was referred here from the Axis2 user group.  I am currently trying
> > to add WS-Security to an existing web service
> (AsymmetricBinding/Signature
> > Only) using Apache AXIS2 with Rampart.   There's a sample in the
> rampart
> > distribution that theoretically illustrates how to do this, so I
> > started with the policy.xml and service.xml files from that and
> > attempted to add this to my service code, which was autogenerated
> using WSDL2Java.
> >
> > I've been unable to get this working, and I have run out of ideas.
> > Has anyone actually used Rampart policy files to successfully provide
> > certificate-based authentication, and if so, would you mind sharing
> > your policy.xml file?
>
> Were you able to get the sample in rampart working? And can you explain
> the problem that you ran into in trying to use this with the generated
> service?
>
> >
> > Also:
> >
> > I am seeing the following error in the logs:
> > 2007-08-08 15:51:56,983 DEBUG org.apache.ws.security.WSSecurityEngine
> > - Unknown Element: BinarySecurityToken
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-sec
> > ex
> > t-1.0.xsd
> >
> > That seems like probable cause for this to fail.  I looked up that
> > error on Google, and I see a lot of references to XML Pretty Printing
> > (which I now have disabled in my client axis2.xml, although it does
> > not appear to have made a difference in the output) and most of those
> > messages were using Axis 1.3, not Axis2 as I am using.
>
> Can you please try this with the latest Axis2 release candidate (RC3)
> [1] and Rampart nightlies [2].
>
> >
> > The other thing I am struggling with are the X509 token types and the
> > decryption algorithm.  Is it possible to find that information on the
> > certificate itself?  I was unable to find it, but I am thinking if I
> > were wrong that would be another reason why my signature validation
> > would fail.
>
> The decryption and the token types are not available in the the results
> after processing the "wsse:Security" header.
>
>
> Thanks,
> Ruchith
>
> 1. http://people.apache.org/~deepal/axis2/1.3-RC3/
> 2. http://people.apache.org/dist/rampart/nightly/
> >
> > Thanks so much for your time,
> >
> > Jennifer Ford
> > Energy Management Systems
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>


-- 
www.ruchith.org
www.wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: WSSJ/Rampart Question

[Ruchith Fernando <ru...@gmail.com>]

Hi,


On 8/9/07, Ford, Jennifer M. <JE...@southernco.com> wrote:
> Hello everyone,
> I was referred here from the Axis2 user group.  I am currently trying to
> add WS-Security to an existing web service (AsymmetricBinding/Signature
> Only) using Apache AXIS2 with Rampart.   There's a sample in the rampart
> distribution that theoretically illustrates how to do this, so I started
> with the policy.xml and service.xml files from that and attempted to add
> this to my service code, which was autogenerated using WSDL2Java.
>
> I've been unable to get this working, and I have run out of ideas.  Has
> anyone actually used Rampart policy files to successfully provide
> certificate-based authentication, and if so, would you mind sharing your
> policy.xml file?

Were you able to get the sample in rampart working? And can you
explain the problem that you ran into in trying to use this with the
generated service?

>
> Also:
>
> I am seeing the following error in the logs:
> 2007-08-08 15:51:56,983 DEBUG org.apache.ws.security.WSSecurityEngine -
> Unknown Element: BinarySecurityToken
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> t-1.0.xsd
>
> That seems like probable cause for this to fail.  I looked up that error
> on Google, and I see a lot of references to XML Pretty Printing (which I
> now have disabled in my client axis2.xml, although it does not appear to
> have made a difference in the output) and most of those messages were
> using Axis 1.3, not Axis2 as I am using.

Can you please try this with the latest Axis2 release candidate (RC3)
[1] and Rampart nightlies [2].

>
> The other thing I am struggling with are the X509 token types and the
> decryption algorithm.  Is it possible to find that information on the
> certificate itself?  I was unable to find it, but I am thinking if I
> were wrong that would be another reason why my signature validation
> would fail.

The decryption and the token types are not available in the the
results after processing the "wsse:Security" header.


Thanks,
Ruchith

1. http://people.apache.org/~deepal/axis2/1.3-RC3/
2. http://people.apache.org/dist/rampart/nightly/
>
> Thanks so much for your time,
>
> Jennifer Ford
> Energy Management Systems
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>


-- 
www.ruchith.org
www.wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org