You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "al-col@libero.it" <al...@libero.it> on 2007/08/22 19:55:24 UTC
axis1.4 with wss4j1.5.3 - Microsoft.NET WSE2.0 interoperability with usernametoken and signature
This is the correct configuration for a Microsoft.Net, WSE2.0Sp3 web services and an Axis1.4, wss4j v1.5.3 client with usernmametoken authentication with passworddigest and signature of the request:
Policy for the .NET server:
<wsp:Policy wsu:Id="Sign-Username">
<wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()</wsp:MessagePredicate>
<wssp:Integrity wsp:Usage="wsp:Required">
<wssp:TokenInfo>
<wssp:SecurityToken>
<wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType>
<wssp:Claims>
<wse:Parent>
<wssp:SecurityToken wse:IdentityToken="true">
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken</wssp:TokenType>
</wssp:SecurityToken>
</wse:Parent>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
</wssp:Integrity>
</wsp:Policy>
<wssp:MessageParts> tag include all the message parts that, if add at the request must be signed.
Axis client-deploy.wssd:
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<parameter name="addressing.namespace.URI" value="http://schemas.xmlsoap.org/ws/2004/03/addressing"/>
<requestFlow>
<handler type="java:org.apache.axis.message.addressing.handler.AddressingHandler" />
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp UsernameTokenSignature"/>
<parameter name="passwordCallbackClass" value="org.tempuri.testWs.Service1.PasswordCallBack"/>
<parameter name="user" value="Username"/>
<parameter name="passwordType" value="PasswordDigest" />
<parameter name="precisionInMilliseconds" value="0" />
<parameter name="signatureParts" value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}FaultTo"/>
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
Tip: If you have problems with the server verification of the signature, check that you are signing all the parts you are sending and that are listed in the <wssp:MessageParts> of the policy config.
if you want a detailed howto you can find it at:
http://digilander.libero.it/alblab/interop1.txt
Hope this can help,
Alberto Coletti
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: axis1.4 with wss4j1.5.3 - Microsoft.NET WSE2.0 interoperability with usernametoken and signature
Posted by José Ferreiro <jo...@gmail.com>.
Hello Alberto,
May I ask you if you also tried with Certificates, Signature and Timestamp?
May I kindly ask you if you have some tips for such a configuration.
Thank you!
José
On 8/22/07, al-col@libero.it <al...@libero.it> wrote:
>
> This is the correct configuration for a Microsoft.Net, WSE2.0Sp3 web
> services and an Axis1.4, wss4j v1.5.3 client with usernmametoken
> authentication with passworddigest and signature of the request:
>
> Policy for the .NET server:
>
> <wsp:Policy wsu:Id="Sign-Username">
> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="
> http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
> wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID)
> wse:Timestamp()</wsp:MessagePredicate>
> <wssp:Integrity wsp:Usage="wsp:Required">
> <wssp:TokenInfo>
> <wssp:SecurityToken>
> <wssp:TokenType>
> http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType>
> <wssp:Claims>
> <wse:Parent>
> <wssp:SecurityToken wse:IdentityToken="true">
> <wssp:TokenType>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
> </wssp:TokenType>
> </wssp:SecurityToken>
> </wse:Parent>
> </wssp:Claims>
> </wssp:SecurityToken>
> </wssp:TokenInfo>
> <wssp:MessageParts Dialect="
> http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
> wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From)
> wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo)
> wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
> </wssp:Integrity>
> </wsp:Policy>
>
> <wssp:MessageParts> tag include all the message parts that, if add at the
> request must be signed.
>
> Axis client-deploy.wssd:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="
> http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http" pivot="java:
> org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration >
> <parameter name="addressing.namespace.URI" value="
> http://schemas.xmlsoap.org/ws/2004/03/addressing"/>
> <requestFlow>
> <handler type="java:
> org.apache.axis.message.addressing.handler.AddressingHandler" />
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="Timestamp UsernameTokenSignature"/>
> <parameter name="passwordCallbackClass" value="
> org.tempuri.testWs.Service1.PasswordCallBack"/>
> <parameter name="user" value="Username"/>
> <parameter name="passwordType" value="PasswordDigest" />
> <parameter name="precisionInMilliseconds" value="0" />
> <parameter name="signatureParts" value="{Element}{
> http://schemas.xmlsoap.org/soap/envelope/}Body;
> {Element}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp
> ;
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}FaultTo"/>
> </handler>
> </requestFlow >
> </globalConfiguration >
> </deployment>
>
> Tip: If you have problems with the server verification of the signature,
> check that you are signing all the parts you are sending and that are listed
> in the <wssp:MessageParts> of the policy config.
>
> if you want a detailed howto you can find it at:
>
> http://digilander.libero.it/alblab/interop1.txt
>
> Hope this can help,
> Alberto Coletti
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>