You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Martin Fernau <m....@cps-net.de> on 2009/01/30 19:41:04 UTC

Problems calling WS with signed Request - Server returns echo of the whole request

Hello,

I've a problem calling a WS with a digital signed request using axis2 and 
rampart. As far as I know the serverside is using jboss with tomcat.

I've got a reference implementation from the service-hoster how to consume 
their service. If I use this reference implementation the server response 
correctly. The reference implementation uses jboss with java 1.5. They use 
one key file and one certificate as regular files.

However - after I wrote my own client using rampart with axis2 I wasn't able 
to get a correct answer from the server. The server just respond with my own 
request insted. No error or fault message which tells me what is wrong.
After reading the network traffic I can't see much differences in both request 
(from the reference implementation and from mine). To show you what I mean 
please have a look on both network snips [0] and [1].
[0] show you the traffic produced from the reference implementation while
[1] show you the traffic from my own client.

[0] http://www.martin-fernau.de/files/lager/20090130/referenz_impl.txt
[1] http://www.martin-fernau.de/files/lager/20090130/axis2rampart_impl.txt

I've no clue what is wrong. The only difference I can see is that the 
reference implementation is 
sending "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
for the wsse:BinarySecurityToken while my own client is 
sending "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1". 
I don't know if this is from relevance or if I can change this in any way. 
Maybe it is useful to know that the reference implementation use the key files 
directly while for rampart I need to import them into a keystore with some 
tricky ways. I have no clue if this had some impact on the keys itself.

Any help would be really appreciated! I'm in a blind alley as I don't know 
where to search for the problem.

With kind Regards,
Martin Fernau

Re: Problems calling WS with signed Request - Server returns echo of the whole request

Posted by Martin Fernau <m....@cps-net.de>.
Hello Dietmar,

thank you for your reply.
I have the keys (the reference implementation use) as files on my harddrive. 
Is there a way to discover the information about this keys with openssl?
And is there a way to use these key files directly without importing them into 
a keystore? Maybe there is the problem or maybe the keystore isn't able to 
handle X509v3 correctly.

With kind regards,
Martin

Am Samstag, 31. Januar 2009 schrieb Dietmar:
> Martin,
>
> I guess the problem is related to the certificate your client is using
> for the request signature.
> It seems to be a X509 version 1 certificate The service is obviously
> expecting a X509 version 3
> certificate.
>
> With kind regards,
> Dietmar
>
>
> On 30.01.2009, at 19:41, Martin Fernau wrote:
>
> Hello,
>
> I've a problem calling a WS with a digital signed request using axis2
> and
> rampart. As far as I know the serverside is using jboss with tomcat.
>
> I've got a reference implementation from the service-hoster how to
> consume
> their service. If I use this reference implementation the server
> response
> correctly. The reference implementation uses jboss with java 1.5. They
> use
> one key file and one certificate as regular files.
>
> However - after I wrote my own client using rampart with axis2 I
> wasn't able
> to get a correct answer from the server. The server just respond with
> my own
> request insted. No error or fault message which tells me what is wrong.
> After reading the network traffic I can't see much differences in both
> request
> (from the reference implementation and from mine). To show you what I
> mean
> please have a look on both network snips [0] and [1].
> [0] show you the traffic produced from the reference implementation
> while
> [1] show you the traffic from my own client.
>
> [0] http://www.martin-fernau.de/files/lager/20090130/referenz_impl.txt
> [1] http://www.martin-fernau.de/files/lager/20090130/axis2rampart_impl.txt
>
> I've no clue what is wrong. The only difference I can see is that the
> reference implementation is
> sending
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile
>-1.0#X509v3 "
> for the wsse:BinarySecurityToken while my own client is
> sending
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile
>-1.0#X509v1 ".
> I don't know if this is from relevance or if I can change this in any
> way.
> Maybe it is useful to know that the reference implementation use the
> key files
> directly while for rampart I need to import them into a keystore with
> some
> tricky ways. I have no clue if this had some impact on the keys itself.
>
> Any help would be really appreciated! I'm in a blind alley as I don't
> know
> where to search for the problem.
>
> With kind Regards,
> Martin Fernau

Re: Problems calling WS with signed Request - Server returns echo of the whole request

Posted by Dietmar <di...@bluehash.de>.
Martin,

I guess the problem is related to the certificate your client is using  
for the request signature.
It seems to be a X509 version 1 certificate The service is obviously  
expecting a X509 version 3
certificate.

With kind regards,
Dietmar


On 30.01.2009, at 19:41, Martin Fernau wrote:

Hello,

I've a problem calling a WS with a digital signed request using axis2  
and
rampart. As far as I know the serverside is using jboss with tomcat.

I've got a reference implementation from the service-hoster how to  
consume
their service. If I use this reference implementation the server  
response
correctly. The reference implementation uses jboss with java 1.5. They  
use
one key file and one certificate as regular files.

However - after I wrote my own client using rampart with axis2 I  
wasn't able
to get a correct answer from the server. The server just respond with  
my own
request insted. No error or fault message which tells me what is wrong.
After reading the network traffic I can't see much differences in both  
request
(from the reference implementation and from mine). To show you what I  
mean
please have a look on both network snips [0] and [1].
[0] show you the traffic produced from the reference implementation  
while
[1] show you the traffic from my own client.

[0] http://www.martin-fernau.de/files/lager/20090130/referenz_impl.txt
[1] http://www.martin-fernau.de/files/lager/20090130/axis2rampart_impl.txt

I've no clue what is wrong. The only difference I can see is that the
reference implementation is
sending "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 
"
for the wsse:BinarySecurityToken while my own client is
sending "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1 
".
I don't know if this is from relevance or if I can change this in any  
way.
Maybe it is useful to know that the reference implementation use the  
key files
directly while for rampart I need to import them into a keystore with  
some
tricky ways. I have no clue if this had some impact on the keys itself.

Any help would be really appreciated! I'm in a blind alley as I don't  
know
where to search for the problem.

With kind Regards,
Martin Fernau