You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Martin Fernau <m....@cps-net.de> on 2009/01/30 19:41:04 UTC
Problems calling WS with signed Request - Server returns echo of the whole request
Hello,
I've a problem calling a WS with a digital signed request using axis2 and
rampart. As far as I know the serverside is using jboss with tomcat.
I've got a reference implementation from the service-hoster how to consume
their service. If I use this reference implementation the server response
correctly. The reference implementation uses jboss with java 1.5. They use
one key file and one certificate as regular files.
However - after I wrote my own client using rampart with axis2 I wasn't able
to get a correct answer from the server. The server just respond with my own
request insted. No error or fault message which tells me what is wrong.
After reading the network traffic I can't see much differences in both request
(from the reference implementation and from mine). To show you what I mean
please have a look on both network snips [0] and [1].
[0] show you the traffic produced from the reference implementation while
[1] show you the traffic from my own client.
[0] http://www.martin-fernau.de/files/lager/20090130/referenz_impl.txt
[1] http://www.martin-fernau.de/files/lager/20090130/axis2rampart_impl.txt
I've no clue what is wrong. The only difference I can see is that the
reference implementation is
sending "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
for the wsse:BinarySecurityToken while my own client is
sending "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1".
I don't know if this is from relevance or if I can change this in any way.
Maybe it is useful to know that the reference implementation use the key files
directly while for rampart I need to import them into a keystore with some
tricky ways. I have no clue if this had some impact on the keys itself.
Any help would be really appreciated! I'm in a blind alley as I don't know
where to search for the problem.
With kind Regards,
Martin Fernau
Re: Problems calling WS with signed Request - Server returns echo of the whole request
Posted by Martin Fernau <m....@cps-net.de>.
Hello Dietmar,
thank you for your reply.
I have the keys (the reference implementation use) as files on my harddrive.
Is there a way to discover the information about this keys with openssl?
And is there a way to use these key files directly without importing them into
a keystore? Maybe there is the problem or maybe the keystore isn't able to
handle X509v3 correctly.
With kind regards,
Martin
Am Samstag, 31. Januar 2009 schrieb Dietmar:
> Martin,
>
> I guess the problem is related to the certificate your client is using
> for the request signature.
> It seems to be a X509 version 1 certificate The service is obviously
> expecting a X509 version 3
> certificate.
>
> With kind regards,
> Dietmar
>
>
> On 30.01.2009, at 19:41, Martin Fernau wrote:
>
> Hello,
>
> I've a problem calling a WS with a digital signed request using axis2
> and
> rampart. As far as I know the serverside is using jboss with tomcat.
>
> I've got a reference implementation from the service-hoster how to
> consume
> their service. If I use this reference implementation the server
> response
> correctly. The reference implementation uses jboss with java 1.5. They
> use
> one key file and one certificate as regular files.
>
> However - after I wrote my own client using rampart with axis2 I
> wasn't able
> to get a correct answer from the server. The server just respond with
> my own
> request insted. No error or fault message which tells me what is wrong.
> After reading the network traffic I can't see much differences in both
> request
> (from the reference implementation and from mine). To show you what I
> mean
> please have a look on both network snips [0] and [1].
> [0] show you the traffic produced from the reference implementation
> while
> [1] show you the traffic from my own client.
>
> [0] http://www.martin-fernau.de/files/lager/20090130/referenz_impl.txt
> [1] http://www.martin-fernau.de/files/lager/20090130/axis2rampart_impl.txt
>
> I've no clue what is wrong. The only difference I can see is that the
> reference implementation is
> sending
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile
>-1.0#X509v3 "
> for the wsse:BinarySecurityToken while my own client is
> sending
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile
>-1.0#X509v1 ".
> I don't know if this is from relevance or if I can change this in any
> way.
> Maybe it is useful to know that the reference implementation use the
> key files
> directly while for rampart I need to import them into a keystore with
> some
> tricky ways. I have no clue if this had some impact on the keys itself.
>
> Any help would be really appreciated! I'm in a blind alley as I don't
> know
> where to search for the problem.
>
> With kind Regards,
> Martin Fernau
Re: Problems calling WS with signed Request - Server returns echo of the whole request
Posted by Dietmar <di...@bluehash.de>.
Martin,
I guess the problem is related to the certificate your client is using
for the request signature.
It seems to be a X509 version 1 certificate The service is obviously
expecting a X509 version 3
certificate.
With kind regards,
Dietmar
On 30.01.2009, at 19:41, Martin Fernau wrote:
Hello,
I've a problem calling a WS with a digital signed request using axis2
and
rampart. As far as I know the serverside is using jboss with tomcat.
I've got a reference implementation from the service-hoster how to
consume
their service. If I use this reference implementation the server
response
correctly. The reference implementation uses jboss with java 1.5. They
use
one key file and one certificate as regular files.
However - after I wrote my own client using rampart with axis2 I
wasn't able
to get a correct answer from the server. The server just respond with
my own
request insted. No error or fault message which tells me what is wrong.
After reading the network traffic I can't see much differences in both
request
(from the reference implementation and from mine). To show you what I
mean
please have a look on both network snips [0] and [1].
[0] show you the traffic produced from the reference implementation
while
[1] show you the traffic from my own client.
[0] http://www.martin-fernau.de/files/lager/20090130/referenz_impl.txt
[1] http://www.martin-fernau.de/files/lager/20090130/axis2rampart_impl.txt
I've no clue what is wrong. The only difference I can see is that the
reference implementation is
sending "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
"
for the wsse:BinarySecurityToken while my own client is
sending "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1
".
I don't know if this is from relevance or if I can change this in any
way.
Maybe it is useful to know that the reference implementation use the
key files
directly while for rampart I need to import them into a keystore with
some
tricky ways. I have no clue if this had some impact on the keys itself.
Any help would be really appreciated! I'm in a blind alley as I don't
know
where to search for the problem.
With kind Regards,
Martin Fernau