You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by vivek srinivasan <sr...@hotmail.com> on 2006/09/11 14:57:17 UTC
X.509 authentication samples
Are there samples where a web services client creates a SOAP message for a
WS Call, including the WS_Security headers with an X509 certificate of the
user who should be the subject of this message?
_________________________________________________________________
Windows Live Spaces is here! ItÂ’s easy to create your own personal Web site.
http://spaces.live.com/signup.aspx
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: X.509 authentication samples
Posted by Ruchith Fernando <ru...@gmail.com>.
Basically we figure out the Principal based on the Signature using its
certs. We can extract the Principal similar to the way shown in the
code snippet here [1] (see line 23 and 24) and authenticate.
This [2] will also be a useful reference on extracting the security
results from the message context.
Thanks,
Ruchith
[1] http://rafb.net/paste/results/GoAELv28.html
[2] http://www.wso2.net/kb/169
On 9/13/06, vivek srinivasan <sr...@hotmail.com> wrote:
> Ok .that makes sense, but what should be the action name for X509 based
> authentication? In case of signature or encryption we use the action name of
> Signature and Encrypt respectiviely. I do not see any any action name
> exclusively for X509 authentication.
>
>
> >From: "Ruchith Fernando" <ru...@gmail.com>
> >To: "vivek srinivasan" <sr...@hotmail.com>
> >CC: wss4j-dev@ws.apache.org
> >Subject: Re: X.509 authentication samples
> >Date: Tue, 12 Sep 2006 13:41:51 +0530
> >
> >Hi,
> >
> >Here's one [1] on authenticating users with their X509 certs and then
> >sending as encrypted response back to them. Note that this is using
> >Rampart (which uses WSS4J) with Axis2.
> >
> >Thanks,
> >Ruchith
> >
> >[1] http://www.wso2.net/tutorials/rampart/java/2006/09/06/sec-msg-exchg
> >
> >On 9/11/06, vivek srinivasan <sr...@hotmail.com> wrote:
> >>Are there samples where a web services client creates a SOAP message for a
> >>WS Call, including the WS_Security headers with an X509 certificate of the
> >>user who should be the subject of this message?
> >>
> >>_________________________________________________________________
> >>Windows Live Spaces is here! It's easy to create your own personal Web
> >>site.
> >> http://spaces.live.com/signup.aspx
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
> >--
> >www.ruchith.org
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
>
> _________________________________________________________________
> Check the weather nationwide with MSN Search: Try it now!
> http://search.msn.com/results.aspx?q=weather&FORM=WLMTAG
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: X.509 authentication samples
Posted by Ruchith Fernando <ru...@gmail.com>.
Basically we figure out the Principal based on the Signature using its
certs. We can extract the Principal similar to the way shown in the
code snippet here [1] (see line 23 and 24) and authenticate.
This [2] will also be a useful reference on extracting the security
results from the message context.
Thanks,
Ruchith
[1] http://rafb.net/paste/results/GoAELv28.html
[2] http://www.wso2.net/kb/169
On 9/13/06, vivek srinivasan <sr...@hotmail.com> wrote:
> Ok .that makes sense, but what should be the action name for X509 based
> authentication? In case of signature or encryption we use the action name of
> Signature and Encrypt respectiviely. I do not see any any action name
> exclusively for X509 authentication.
>
>
> >From: "Ruchith Fernando" <ru...@gmail.com>
> >To: "vivek srinivasan" <sr...@hotmail.com>
> >CC: wss4j-dev@ws.apache.org
> >Subject: Re: X.509 authentication samples
> >Date: Tue, 12 Sep 2006 13:41:51 +0530
> >
> >Hi,
> >
> >Here's one [1] on authenticating users with their X509 certs and then
> >sending as encrypted response back to them. Note that this is using
> >Rampart (which uses WSS4J) with Axis2.
> >
> >Thanks,
> >Ruchith
> >
> >[1] http://www.wso2.net/tutorials/rampart/java/2006/09/06/sec-msg-exchg
> >
> >On 9/11/06, vivek srinivasan <sr...@hotmail.com> wrote:
> >>Are there samples where a web services client creates a SOAP message for a
> >>WS Call, including the WS_Security headers with an X509 certificate of the
> >>user who should be the subject of this message?
> >>
> >>_________________________________________________________________
> >>Windows Live Spaces is here! It's easy to create your own personal Web
> >>site.
> >> http://spaces.live.com/signup.aspx
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
> >--
> >www.ruchith.org
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
>
> _________________________________________________________________
> Check the weather nationwide with MSN Search: Try it now!
> http://search.msn.com/results.aspx?q=weather&FORM=WLMTAG
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: X.509 authentication samples
Posted by vivek srinivasan <sr...@hotmail.com>.
Ok .that makes sense, but what should be the action name for X509 based
authentication? In case of signature or encryption we use the action name of
Signature and Encrypt respectiviely. I do not see any any action name
exclusively for X509 authentication.
>From: "Ruchith Fernando" <ru...@gmail.com>
>To: "vivek srinivasan" <sr...@hotmail.com>
>CC: wss4j-dev@ws.apache.org
>Subject: Re: X.509 authentication samples
>Date: Tue, 12 Sep 2006 13:41:51 +0530
>
>Hi,
>
>Here's one [1] on authenticating users with their X509 certs and then
>sending as encrypted response back to them. Note that this is using
>Rampart (which uses WSS4J) with Axis2.
>
>Thanks,
>Ruchith
>
>[1] http://www.wso2.net/tutorials/rampart/java/2006/09/06/sec-msg-exchg
>
>On 9/11/06, vivek srinivasan <sr...@hotmail.com> wrote:
>>Are there samples where a web services client creates a SOAP message for a
>>WS Call, including the WS_Security headers with an X509 certificate of the
>>user who should be the subject of this message?
>>
>>_________________________________________________________________
>>Windows Live Spaces is here! It's easy to create your own personal Web
>>site.
>> http://spaces.live.com/signup.aspx
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>--
>www.ruchith.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
_________________________________________________________________
Check the weather nationwide with MSN Search: Try it now!
http://search.msn.com/results.aspx?q=weather&FORM=WLMTAG
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: X.509 authentication samples
Posted by vivek srinivasan <sr...@hotmail.com>.
Ok .that makes sense, but what should be the action name for X509 based
authentication? In case of signature or encryption we use the action name of
Signature and Encrypt respectiviely. I do not see any any action name
exclusively for X509 authentication.
>From: "Ruchith Fernando" <ru...@gmail.com>
>To: "vivek srinivasan" <sr...@hotmail.com>
>CC: wss4j-dev@ws.apache.org
>Subject: Re: X.509 authentication samples
>Date: Tue, 12 Sep 2006 13:41:51 +0530
>
>Hi,
>
>Here's one [1] on authenticating users with their X509 certs and then
>sending as encrypted response back to them. Note that this is using
>Rampart (which uses WSS4J) with Axis2.
>
>Thanks,
>Ruchith
>
>[1] http://www.wso2.net/tutorials/rampart/java/2006/09/06/sec-msg-exchg
>
>On 9/11/06, vivek srinivasan <sr...@hotmail.com> wrote:
>>Are there samples where a web services client creates a SOAP message for a
>>WS Call, including the WS_Security headers with an X509 certificate of the
>>user who should be the subject of this message?
>>
>>_________________________________________________________________
>>Windows Live Spaces is here! It's easy to create your own personal Web
>>site.
>> http://spaces.live.com/signup.aspx
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>--
>www.ruchith.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
_________________________________________________________________
Check the weather nationwide with MSN Search: Try it now!
http://search.msn.com/results.aspx?q=weather&FORM=WLMTAG
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: X.509 authentication samples
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Here's one [1] on authenticating users with their X509 certs and then
sending as encrypted response back to them. Note that this is using
Rampart (which uses WSS4J) with Axis2.
Thanks,
Ruchith
[1] http://www.wso2.net/tutorials/rampart/java/2006/09/06/sec-msg-exchg
On 9/11/06, vivek srinivasan <sr...@hotmail.com> wrote:
> Are there samples where a web services client creates a SOAP message for a
> WS Call, including the WS_Security headers with an X509 certificate of the
> user who should be the subject of this message?
>
> _________________________________________________________________
> Windows Live Spaces is here! It's easy to create your own personal Web site.
> http://spaces.live.com/signup.aspx
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: X.509 authentication samples
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Here's one [1] on authenticating users with their X509 certs and then
sending as encrypted response back to them. Note that this is using
Rampart (which uses WSS4J) with Axis2.
Thanks,
Ruchith
[1] http://www.wso2.net/tutorials/rampart/java/2006/09/06/sec-msg-exchg
On 9/11/06, vivek srinivasan <sr...@hotmail.com> wrote:
> Are there samples where a web services client creates a SOAP message for a
> WS Call, including the WS_Security headers with an X509 certificate of the
> user who should be the subject of this message?
>
> _________________________________________________________________
> Windows Live Spaces is here! It's easy to create your own personal Web site.
> http://spaces.live.com/signup.aspx
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org