You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Christian Mielke <cm...@nc-ag.de> on 2007/10/01 08:41:35 UTC

Rampart 1.1 Signing Timestamp

Hello, I use Rampart 1.1 and I want to sign a timestamp. I use folowing configuration inmy services.xml: 

<parameter name="OutflowSecurity"> 
   <action> 
      <items>Timestamp Signature Encrypt</items> 
      <signaturePropFile>server.properties</signaturePropFile> 
      <user>username</user> 
      <signatureparts> 
         {Element}{http://www.w3.org/2005/08/addressing}To; 
         {Element}{http://www.w3.org/2005/08/addressing}ReplyTo; 
         {Element}{http://www.w3.org/2005/08/addressing}MessageID; 
         {Element}{http://www.w3.org/2005/08/addressing}Action; 
         {Element}{http://www.w3.org/2005/08/addressing}RelatesTo; 
         {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp; 
         {}{}Body; 
      </signatureparts> 
      <enableSignatureConfirmation>false</enableSignatureConfirmation> 
      <encryptionUser>clientusername</encryptionUser> 
      <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</encryptionSymAlgorithm> 
      <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier> 
      <passwordCallbackClass>handler</passwordCallbackClass> 
   </action> 
</parameter> 

I call the service with a .NET WCF client and I always get the error that the timestamp with ID xxx must be signed. Why? Timestamp is part of signatureparts? It would be very nice if someone could give me a hint. 

Greetings 
Chris

Re: Rampart 1.1 Signing Timestamp

Posted by Dimuthu <mu...@apache.org>.

Hi Chris,

As I understand you are using .NET client to talk to a service hosted in
Axis2. You have configured security for the service using Rampart.

Axis2 and Rampart give this error message because they want the
Timestamp of the incoming message to be signed (at the server side).

When you send out the message from .NET client do you sign the
Timestamp?

Thank you,
Dimuthu


On Mon, 2007-10-01 at 08:41 +0200, Christian Mielke wrote:
> Hello, I use Rampart 1.1 and I want to sign a timestamp. I use folowing configuration inmy services.xml: 
> 
> <parameter name="OutflowSecurity"> 
>    <action> 
>       <items>Timestamp Signature Encrypt</items> 
>       <signaturePropFile>server.properties</signaturePropFile> 
>       <user>username</user> 
>       <signatureparts> 
>          {Element}{http://www.w3.org/2005/08/addressing}To; 
>          {Element}{http://www.w3.org/2005/08/addressing}ReplyTo; 
>          {Element}{http://www.w3.org/2005/08/addressing}MessageID; 
>          {Element}{http://www.w3.org/2005/08/addressing}Action; 
>          {Element}{http://www.w3.org/2005/08/addressing}RelatesTo; 
>          {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp; 
>          {}{}Body; 
>       </signatureparts> 
>       <enableSignatureConfirmation>false</enableSignatureConfirmation> 
>       <encryptionUser>clientusername</encryptionUser> 
>       <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</encryptionSymAlgorithm> 
>       <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier> 
>       <passwordCallbackClass>handler</passwordCallbackClass> 
>    </action> 
> </parameter> 
> 
> I call the service with a .NET WCF client and I always get the error that the timestamp with ID xxx must be signed. Why? Timestamp is part of signatureparts? It would be very nice if someone could give me a hint. 
> 
> Greetings 
> Chris
-- 
http://wso2.org