You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Rohit Chauhan <mo...@yahoo.com> on 2006/07/18 15:09:21 UTC
Re: AW: Verification failed for URI "#id-31386432" - Update-resolved
All,
I got this issue resolved.Here is the problem and the
solution.
Problem:
I am sending an xml document as part of soap message
body.The input xml tags didn't have namespace prefixes
pointing to namespaces.
My incorrect input xml embedded in soap body was
something like this :
<?xml version="1.0" encoding="UTF-8"?>
<IFX xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://www.ifxforum.org/IFX_150">
<SignonRq>
<SessKey>{0}</SessKey>
<ClientDt>0000-00-00T00:00:00.000000-00:00</ClientDt>
<CustLangPref>en_US</CustLangPref>
<ClientApp>
<Org>com.webster</Org>
<Name>Webster Bank</Name>
<Version>1.0</Version>
</ClientApp>
</SignonRq>
</IFX>
Solution:
The correct xml needed by Axis/WSS4J is with namespace
prefixes added to the tags.
<?xml version="1.0" encoding="UTF-8"?>
<ifx:IFX xmlns:ifx="http://www.ifxforum.org/IFX_150"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ifx:SignonRq Id="ID000000">
<ifx:SessKey>{0}</ifx:SessKey>
<ifx:ClientDt>0000-00-00T00:00:00.000000-00:00</ifx:ClientDt>
<ifx:CustLangPref>en_US</ifx:CustLangPref>
<ifx:ClientApp>
<ifx:Org>com.webster</ifx:Org>
<ifx:Name>Webster
Bank</ifx:Name>
<ifx:Version>1.0</ifx:Version>
</ifx:ClientApp>
</ifx:SignonRq>
</ifx:IFX>
That's the reason I was getting two verification
messages:
I Verification successful for URI
"#STRSAMLId-11930515"
W Verification failed for URI "#id-28036099"
It seems Signature verification went through fine for
SAML but it threw an error when it tried to verify the
soap body part.
If any one has a better understanding on this issue
can correct me or add to this.
Thanks,
-Rohit
--- Montebove Luciano <L....@finsiel.it> wrote:
> My working configuration for the StockQuoteService
> sample is:
>
> Server-config.wsdd:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
>
>
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <globalConfiguration>
> <parameter name="adminPassword" value="admin"/>
> <parameter
> name="enableNamespacePrefixOptimization"
> value="true"/>
> <parameter name="disablePrettyXML" value="true"/>
> <parameter name="sendXsiTypes" value="true"/>
> <parameter name="sendMultiRefs" value="true"/>
> <parameter name="sendXMLDeclaration"
> value="true"/>
> </globalConfiguration>
> <handler name="LocalResponder"
>
>
type="java:org.apache.axis.transport.local.LocalResponder"/>
> <handler name="URLMapper"
>
type="java:org.apache.axis.handlers.http.URLMapper"/>
> <handler name="Authenticate"
>
>
type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
> <service name="stock-wss-01" provider="java:RPC"
> style="document" use="literal">
> <requestFlow>
> <handler
>
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="action" value="Timestamp
> Signature SAMLTokenUnsigned"/>
> <parameter name="signaturePropFile"
> value="pa-crypto.properties" />
> </handler>
> </requestFlow>
> <parameter name="className"
> value="samples.stock.StockQuoteService"/>
> <parameter name="allowedMethods"
> value="getQuote"/>
> <parameter name="scope" value="application"/>
> </service>
> .....
> Client_deploy.wsdd:
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
>
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <globalConfiguration >
> <parameter
> name="enableNamespacePrefixOptimization"
> value="false"/>
> <requestFlow >
> <handler
>
type="java:org.apache.ws.axis.security.WSDoAllSender"
> >
> <parameter
> name="enableNamespacePrefixOptimization"
> value="false"/>
> <parameter name="action"
> value="Timestamp SAMLTokenSigned"/>
> <parameter name="samlPropFile"
> value="saml3.properties"/>
> <parameter
> name="signatureKeyIdentifier"
>
> value="DirectReference"/>
> </handler>
> </requestFlow >
> </globalConfiguration >
> <transport name="java"
>
pivot="java:org.apache.axis.transport.java.JavaSender"/>
> <transport name="http"
>
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <transport name="local"
>
pivot="java:org.apache.axis.transport.local.LocalSender"/>
> </deployment>
>
> Saml3.properties:
>
>
org.apache.ws.security.saml.issuerClass=org.apache.ws.security.saml.SAMLIssuerImpl
>
org.apache.ws.security.saml.issuer.cryptoProp.file=pd-crypto.properties
> org.apache.ws.security.saml.issuer.key.name=user
>
org.apache.ws.security.saml.issuer.key.password=password
> org.apache.ws.security.saml.issuer=user
>
org.apache.ws.security.saml.subjectNameId.name=uid=joe,ou=people,ou=saml-demo,o=example.com
>
org.apache.ws.security.saml.subjectNameId.qualifier=www.example.com
>
org.apache.ws.security.saml.authenticationMethod=password
>
org.apache.ws.security.saml.confirmationMethod=senderVouches
>
> Hope this help
>
> Luciano
>
>
> -----Messaggio originale-----
> Da: Rohit Chauhan [mailto:mohitscyberhome@yahoo.com]
>
> Inviato: lunedì 17 luglio 2006 14.20
> A: Dittmann, Werner; Montebove Luciano;
> wss4j-dev@ws.apache.org; soumadeep@infravio.com
> Oggetto: Re: AW: Verification failed for URI
> "#id-31386432"
>
> I tried it with :
>
> <parameter name="enableNamespacePrefixOptimization"
> value="true"/>
>
> I am still getting the same error.
>
> Soumadeep,
>
> I saw your postings back in April on the mailing
> list and you seem to be getting the similar error
> message.
>
> Were you able to resolve the problem?Can you share
> the information please?
>
> Thanks,
>
> -Rohit
>
>
>
>
> --- "Dittmann, Werner" <we...@siemens.com>
> wrote:
>
> > Can you please copy this information also the the
> Axis lists as this
> > seems to bee a problem of the Axis SOAP engine and
> XML serializer -
> > WSS4J cannot influence the way Axis serializes the
> XML data.
> >
> > TIA,
> > Werner
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Montebove Luciano
> > [mailto:L.Montebove@finsiel.it]
> > > Gesendet: Montag, 17. Juli 2006 09:01
> > > An: rohithome@hotmail.com;
> wss4j-dev@ws.apache.org
> > > Betreff: R: Verification failed for URI
> > "#id-31386432"
> > >
> > > Rohit,
> > >
> > > i don't know why (see my previous posts), but
> for "senderVouches" to
> > > work on the server wsdd you
> > need to set
> > > "enableNamespacePrefixOptimization" to "true".
> > >
> > > Luciano
> > >
> > > -----Messaggio originale-----
> > > Da: Rohit Chauhan
> > [mailto:mohitscyberhome@yahoo.com]
> > > Inviato: lunedì 17 luglio 2006 2.22
> > > A: wss4j-dev@ws.apache.org
> > > Oggetto: Verification failed for URI
> > "#id-31386432"
> > >
> > > Hi,
> > >
> > > I am getting Verification failed for URI
> > "id-31386432"
> > > error on the server.
> > >
> > >
> > > Here are the wsdd settings:
> > >
> > > Client wsdd:
> > >
> > > <handler
> > >
> >
>
type="java:org.apache.ws.axis.security.WSDoAllSender"
> > > >
> > > <parameter name="action" value="Timestamp
> > SAMLTokenSigned"/>
> > > <parameter name="samlPropFile"
> > > value="saml.properties"/>
> > > <parameter name="signatureKeyIdentifier"
> > > value="DirectReference" />
> > > <parameter name="signaturePropFile"
> > > value="crypto.client.properties" />
> > > <parameter
> > > name="enableNamespacePrefixOptimization"
> > value="false"
> > > />
> > > <parameter name="disablePrettyXML"
> > > value="true"/>
> > > <parameter name="user"
> > >
> value="2721845cfa40e36c8dee088db9a4fbfbd6c70436"/>
> > > </handler>
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org