You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Kaushalye Kapuruge <ka...@wso2.com> on 2007/09/14 14:17:21 UTC
Re: [wsf-php-user] Re: [RAMPART / WSF PHP ] [ Files Included ]
Hi Shams,
We tried your sample with your keys. There is a failure in the client
side. According to the log, the client's private key is not valid. May
be it's corrupted during the conversion.
Also I tried a simple openssl command to sign.
openssl dgst -sha1 -sign clientkey.pem -out mytextfile.sha1 mytextfile
Again your key failed, where this worked for other private keys I have.
So there is no point of worrying about security policies. Can you try to
use the sample key/certificate pairs[1] available in the samples. You
can easily import them into the java key store using the keytool[2].
Cheers,
Kaushalye
[1]wsf-php-1.0.0/samples/security/keys
[2]http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
shams jawaid wrote:
> Hi guys,
>
> here are all the files, i had to reduce the size so its under 1mb, but
> if you need anything else, let me know. Once agian, thanks for all
> your help! its is greatly appreciated! :D
>
>
>> From: Kaushalye Kapuruge <ka...@wso2.com>
>> Reply-To: wsf-php-user@wso2.org
>> To: rampart-dev@ws.apache.org
>> CC: wsf-php-user@wso2.org
>> Subject: [wsf-php-user] Re: [RAMPART / WSF PHP ]
>> Date: Fri, 14 Sep 2007 10:14:52 +0530
>>
>> Hi Shams,
>> Could you please send us followings, we will try to run it in our end
>> see if there are errors. 'Coz sometimes the information you are
>> giving is not sufficient to locate the error.
>> 1. PHP Client
>> 2. Client's private key and the certificate
>> 3. Server's keystore+aliases+passwords, certificate(exported)
>> 4. Client's policy file
>> 5. Server's service.xml file
>> 6. Log files and the SOAP message trace of your last attempt(when you
>> enable encryption and signing).
>> Cheers,
>> Kaushalye
>>
>>
>> shams jawaid wrote:
>>> Hi ,
>>>
>>> i am curenlty trying to encrypt and sign messages from my php client
>>> using WSF PHP extension and the rampart policy assertion, but get no
>>> output at all .. if anyone can identify flaws in my policy.xml
>>> linked into my php client and the services.xml file in my axis2/java
>>> webservice META-INF folder please let me know:
>>>
>>> services.xml:
>>>
>>> <service name="HealthCareServiceTest1" scope="application">
>>> <description>
>>> Health Care Service test
>>> </description>
>>>
>>>
>>>
>>> <messageReceivers>
>>> <messageReceiver
>>> mep="http://www.w3.org/2004/08/wsdl/in-out"
>>> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>>>
>>>
>>> <messageReceiver
>>> mep="http://www.w3.org/2004/08/wsdl/in-only"
>>> class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
>>>
>>>
>>>
>>> <messageReceiver
>>> mep="http://www.w3.org/2004/08/wsdl/in-out"
>>> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>>> </messageReceivers>
>>>
>>> <parameter name="ServiceClass" locked="false">org.health</parameter>
>>>
>>>
>>> <module ref="rampart" />
>>> <module ref="addressing" />
>>> <wsp:Policy wsu:Id="SigEncr"
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:AsymmetricBinding
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <wsp:Policy>
>>> <sp:InitiatorToken>
>>> <wsp:Policy>
>>> <sp:X509Token
>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
>>>
>>>
>>> <wsp:Policy>
>>> <sp:WssX509V3Token10 />
>>> </wsp:Policy>
>>> </sp:X509Token>
>>> </wsp:Policy>
>>> </sp:InitiatorToken>
>>> <sp:RecipientToken>
>>> <wsp:Policy>
>>> <sp:X509Token
>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
>>>
>>>
>>> <wsp:Policy>
>>> <sp:WssX509V3Token10 />
>>> </wsp:Policy>
>>> </sp:X509Token>
>>> </wsp:Policy>
>>> </sp:RecipientToken>
>>> <sp:AlgorithmSuite>
>>> <wsp:Policy>
>>> <sp:TripleDesRsa15 />
>>> </wsp:Policy>
>>> </sp:AlgorithmSuite>
>>> <sp:Layout>
>>> <wsp:Policy>
>>> <sp:Strict />
>>> </wsp:Policy>
>>> </sp:Layout>
>>> <sp:IncludeTimestamp />
>>> <sp:EncryptBeforeSigning/>
>>> <sp:OnlySignEntireHeadersAndBody />
>>> </wsp:Policy>
>>> </sp:AsymmetricBinding>
>>> <sp:Wss10
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <wsp:Policy>
>>> <sp:MustSupportRefKeyIdentifier />
>>> <sp:MustSupportRefIssuerSerial />
>>> </wsp:Policy>
>>> </sp:Wss10>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body/>
>>> </sp:EncryptedParts>
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body/>
>>> </sp:SignedParts>
>>> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
>>> <ramp:user>service</ramp:user>
>>>
>>> <ramp:encryptionUser>client</ramp:encryptionUser>
>>> <ramp:passwordCallbackClass>org.PWCBHandler</ramp:passwordCallbackClass>
>>>
>>> <ramp:signatureCrypto>
>>> <ramp:crypto
>>> provider="org.apache.ws.security.components.crypto.Merlin">
>>> <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>>
>>>
>>> <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
>>>
>>>
>>> <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
>>>
>>>
>>> </ramp:crypto>
>>> </ramp:signatureCrypto>
>>> <ramp:encryptionCypto>
>>> <ramp:crypto
>>> provider="org.apache.ws.security.components.crypto.Merlin">
>>> <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>>
>>>
>>> <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
>>>
>>>
>>> <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
>>>
>>>
>>> </ramp:crypto>
>>> </ramp:encryptionCypto>
>>> </ramp:RampartConfig>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>> </service>
>>>
>>> policy.xml:
>>>
>>> <wsp:Policy xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:AsymmetricBinding
>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>> <wsp:Policy>
>>> <sp:InitiatorToken>
>>> <wsp:Policy>
>>> <sp:X509Token
>>> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
>>>
>>>
>>> <wsp:Policy>
>>> <sp:WssX509V3Token10 />
>>> </wsp:Policy>
>>> </sp:X509Token>
>>> </wsp:Policy>
>>> </sp:InitiatorToken>
>>> <sp:RecipientToken>
>>> <wsp:Policy>
>>> <sp:X509Token
>>> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
>>>
>>>
>>> <wsp:Policy>
>>> <sp:WssX509V3Token10 />
>>> </wsp:Policy>
>>> </sp:X509Token>
>>> </wsp:Policy>
>>> </sp:RecipientToken>
>>> <sp:AlgorithmSuite>
>>> <wsp:Policy>
>>> <sp:Basic256Rsa15 />
>>> </wsp:Policy>
>>> </sp:AlgorithmSuite>
>>> <sp:Layout>
>>> <wsp:Policy>
>>> <sp:Strict />
>>> </wsp:Policy>
>>> </sp:Layout>
>>> <sp:IncludeTimestamp />
>>> <sp:EncryptBeforeSigning />
>>> <sp:OnlySignEntireHeadersAndBody />
>>> </wsp:Policy>
>>> </sp:AsymmetricBinding>
>>> <sp:Wss10
>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>> <wsp:Policy>
>>> <sp:MustSupportRefIssuerSerial />
>>> </wsp:Policy>
>>> </sp:Wss10>
>>> <sp:EncryptedParts
>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>> <sp:Body/>
>>> </sp:EncryptedParts>
>>> <sp:SignedParts
>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>> <sp:Body/>
>>> </sp:SignedParts>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>>
>>>
>>>
>>> with this setting i get no output at all..
>>> however, if i remove the
>>>
>>> <sp:EncryptedParts
>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>> <sp:Body/>
>>> </sp:EncryptedParts>
>>> <sp:SignedParts
>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>> <sp:Body/>
>>> </sp:SignedParts>
>>>
>>> part in the policy.xml, i get output, with a timestamp but no
>>> encryption or signature..
>>> and the timestamp has the error:
>>>
>>> WSSecurityEngine: Invalid timestamp The security semantics of
>>> message have expired
>>>
>>> <wsu:Created>2007-09-14T03:16:30.046Z</wsu:Created>
>>> <wsu:Expires>2007-09-14T03:16:30.046Z</wsu:Expires>
>>>
>>> WSSecurityEngine: Invalid timestamp The security semantics of
>>> message have expired
>>>
>>> the time 3:16 is the same as my windows clock, although i had to
>>> uncheck the "autoamcically adjust the clock for daylight saving
>>> changes" setting in the windows time settings. if that was on, my
>>> windows time would always be one hour ahead of the timestamp
>>> created. i am using a php client, so just thought id mention that,
>>> if i use the php date and time functions,
>>>
>>> echo date();
>>>
>>> it always gives me the time one hour ahead.. i know a mismatch in
>>> time in the client and server can cause an invalid timestamp error,
>>> but for now my windows time does match the time stated in the
>>> timestamp soap messages. is there any idea why im getting this
>>> error? or is there any faults in my services/policy.xml files?
>>>
>>> please help!
>>>
>>> thanks alot!
>>>
>>> _________________________________________________________________
>>> Can you see your house from the sky? Try Live Search Maps
>>> http://maps.live.com
>>>
>>>
>>
>>
>> --
>> http://kaushalye.blogspot.com/
>> http://wso2.org/
>>
>>
>> _______________________________________________
>> Wsf-php-user mailing list
>> Wsf-php-user@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>
> _________________________________________________________________
> The next generation of Hotmail is here! http://www.newhotmail.co.uk
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wsf-php-user mailing list
> Wsf-php-user@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>
--
http://kaushalye.blogspot.com/
http://wso2.org/
Re: [wsf-php-user] Re: [RAMPART / WSF PHP ] [ Files Included ]
Posted by Ruchith Fernando <ru...@apache.org>.
Hi folks,
You can try the following as a solution for your private key to be used
with the php client (assuming that you are trying to extract the private
key from a java keystore).
We have a small app hosted here : [1] to explore a given keystore.
You can upload a java keystore and then extract the required private key.
Thanks,
Ruchith
[1] http://ww2.wso2.org:12080/kse/
Kaushalye Kapuruge wrote:
> Hi Shams,
> We tried your sample with your keys. There is a failure in the client
> side. According to the log, the client's private key is not valid. May
> be it's corrupted during the conversion.
> Also I tried a simple openssl command to sign.
>
> openssl dgst -sha1 -sign clientkey.pem -out mytextfile.sha1 mytextfile
>
> Again your key failed, where this worked for other private keys I have.
> So there is no point of worrying about security policies. Can you try to
> use the sample key/certificate pairs[1] available in the samples. You
> can easily import them into the java key store using the keytool[2].
> Cheers,
> Kaushalye
> [1]wsf-php-1.0.0/samples/security/keys
> [2]http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
>
>
> shams jawaid wrote:
>> Hi guys,
>>
>> here are all the files, i had to reduce the size so its under 1mb, but
>> if you need anything else, let me know. Once agian, thanks for all
>> your help! its is greatly appreciated! :D
>>
>>
>>> From: Kaushalye Kapuruge <ka...@wso2.com>
>>> Reply-To: wsf-php-user@wso2.org
>>> To: rampart-dev@ws.apache.org
>>> CC: wsf-php-user@wso2.org
>>> Subject: [wsf-php-user] Re: [RAMPART / WSF PHP ]
>>> Date: Fri, 14 Sep 2007 10:14:52 +0530
>>>
>>> Hi Shams,
>>> Could you please send us followings, we will try to run it in our end
>>> see if there are errors. 'Coz sometimes the information you are
>>> giving is not sufficient to locate the error.
>>> 1. PHP Client
>>> 2. Client's private key and the certificate
>>> 3. Server's keystore+aliases+passwords, certificate(exported)
>>> 4. Client's policy file
>>> 5. Server's service.xml file
>>> 6. Log files and the SOAP message trace of your last attempt(when you
>>> enable encryption and signing).
>>> Cheers,
>>> Kaushalye
>>>
>>>
>>> shams jawaid wrote:
>>>> Hi ,
>>>>
>>>> i am curenlty trying to encrypt and sign messages from my php client
>>>> using WSF PHP extension and the rampart policy assertion, but get no
>>>> output at all .. if anyone can identify flaws in my policy.xml
>>>> linked into my php client and the services.xml file in my axis2/java
>>>> webservice META-INF folder please let me know:
>>>>
>>>> services.xml:
>>>>
>>>> <service name="HealthCareServiceTest1" scope="application">
>>>> <description>
>>>> Health Care Service test
>>>> </description>
>>>>
>>>>
>>>>
>>>> <messageReceivers>
>>>> <messageReceiver
>>>> mep="http://www.w3.org/2004/08/wsdl/in-out"
>>>> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>>>>
>>>>
>>>> <messageReceiver
>>>> mep="http://www.w3.org/2004/08/wsdl/in-only"
>>>> class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
>>>>
>>>>
>>>>
>>>> <messageReceiver
>>>> mep="http://www.w3.org/2004/08/wsdl/in-out"
>>>> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>>>> </messageReceivers>
>>>>
>>>> <parameter name="ServiceClass" locked="false">org.health</parameter>
>>>>
>>>>
>>>> <module ref="rampart" />
>>>> <module ref="addressing" />
>>>> <wsp:Policy wsu:Id="SigEncr"
>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>>>> <wsp:ExactlyOne>
>>>> <wsp:All>
>>>> <sp:AsymmetricBinding
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>>> <wsp:Policy>
>>>> <sp:InitiatorToken>
>>>> <wsp:Policy>
>>>> <sp:X509Token
>>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
>>>>
>>>>
>>>> <wsp:Policy>
>>>> <sp:WssX509V3Token10 />
>>>> </wsp:Policy>
>>>> </sp:X509Token>
>>>> </wsp:Policy>
>>>> </sp:InitiatorToken>
>>>> <sp:RecipientToken>
>>>> <wsp:Policy>
>>>> <sp:X509Token
>>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
>>>>
>>>>
>>>> <wsp:Policy>
>>>> <sp:WssX509V3Token10 />
>>>> </wsp:Policy>
>>>> </sp:X509Token>
>>>> </wsp:Policy>
>>>> </sp:RecipientToken>
>>>> <sp:AlgorithmSuite>
>>>> <wsp:Policy>
>>>> <sp:TripleDesRsa15 />
>>>> </wsp:Policy>
>>>> </sp:AlgorithmSuite>
>>>> <sp:Layout>
>>>> <wsp:Policy>
>>>> <sp:Strict />
>>>> </wsp:Policy>
>>>> </sp:Layout>
>>>> <sp:IncludeTimestamp />
>>>> <sp:EncryptBeforeSigning/>
>>>> <sp:OnlySignEntireHeadersAndBody />
>>>> </wsp:Policy>
>>>> </sp:AsymmetricBinding>
>>>> <sp:Wss10
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>>> <wsp:Policy>
>>>> <sp:MustSupportRefKeyIdentifier />
>>>> <sp:MustSupportRefIssuerSerial />
>>>> </wsp:Policy>
>>>> </sp:Wss10>
>>>> <sp:EncryptedParts
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>>> <sp:Body/>
>>>> </sp:EncryptedParts>
>>>> <sp:SignedParts
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>>> <sp:Body/>
>>>> </sp:SignedParts>
>>>> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
>>>> <ramp:user>service</ramp:user>
>>>>
>>>> <ramp:encryptionUser>client</ramp:encryptionUser>
>>>> <ramp:passwordCallbackClass>org.PWCBHandler</ramp:passwordCallbackClass>
>>>>
>>>> <ramp:signatureCrypto>
>>>> <ramp:crypto
>>>> provider="org.apache.ws.security.components.crypto.Merlin">
>>>> <ramp:property
>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>>>
>>>>
>>>> <ramp:property
>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
>>>>
>>>>
>>>> <ramp:property
>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
>>>>
>>>>
>>>> </ramp:crypto>
>>>> </ramp:signatureCrypto>
>>>> <ramp:encryptionCypto>
>>>> <ramp:crypto
>>>> provider="org.apache.ws.security.components.crypto.Merlin">
>>>> <ramp:property
>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>>>
>>>>
>>>> <ramp:property
>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
>>>>
>>>>
>>>> <ramp:property
>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
>>>>
>>>>
>>>> </ramp:crypto>
>>>> </ramp:encryptionCypto>
>>>> </ramp:RampartConfig>
>>>> </wsp:All>
>>>> </wsp:ExactlyOne>
>>>> </wsp:Policy>
>>>> </service>
>>>>
>>>> policy.xml:
>>>>
>>>> <wsp:Policy xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
>>>> <wsp:ExactlyOne>
>>>> <wsp:All>
>>>> <sp:AsymmetricBinding
>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>>> <wsp:Policy>
>>>> <sp:InitiatorToken>
>>>> <wsp:Policy>
>>>> <sp:X509Token
>>>> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
>>>>
>>>>
>>>> <wsp:Policy>
>>>> <sp:WssX509V3Token10 />
>>>> </wsp:Policy>
>>>> </sp:X509Token>
>>>> </wsp:Policy>
>>>> </sp:InitiatorToken>
>>>> <sp:RecipientToken>
>>>> <wsp:Policy>
>>>> <sp:X509Token
>>>> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
>>>>
>>>>
>>>> <wsp:Policy>
>>>> <sp:WssX509V3Token10 />
>>>> </wsp:Policy>
>>>> </sp:X509Token>
>>>> </wsp:Policy>
>>>> </sp:RecipientToken>
>>>> <sp:AlgorithmSuite>
>>>> <wsp:Policy>
>>>> <sp:Basic256Rsa15 />
>>>> </wsp:Policy>
>>>> </sp:AlgorithmSuite>
>>>> <sp:Layout>
>>>> <wsp:Policy>
>>>> <sp:Strict />
>>>> </wsp:Policy>
>>>> </sp:Layout>
>>>> <sp:IncludeTimestamp />
>>>> <sp:EncryptBeforeSigning />
>>>> <sp:OnlySignEntireHeadersAndBody />
>>>> </wsp:Policy>
>>>> </sp:AsymmetricBinding>
>>>> <sp:Wss10
>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>>> <wsp:Policy>
>>>> <sp:MustSupportRefIssuerSerial />
>>>> </wsp:Policy>
>>>> </sp:Wss10>
>>>> <sp:EncryptedParts
>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>>> <sp:Body/>
>>>> </sp:EncryptedParts>
>>>> <sp:SignedParts
>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>>> <sp:Body/>
>>>> </sp:SignedParts>
>>>> </wsp:All>
>>>> </wsp:ExactlyOne>
>>>> </wsp:Policy>
>>>>
>>>>
>>>>
>>>> with this setting i get no output at all..
>>>> however, if i remove the
>>>>
>>>> <sp:EncryptedParts
>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>>> <sp:Body/>
>>>> </sp:EncryptedParts>
>>>> <sp:SignedParts
>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
>>>> <sp:Body/>
>>>> </sp:SignedParts>
>>>>
>>>> part in the policy.xml, i get output, with a timestamp but no
>>>> encryption or signature..
>>>> and the timestamp has the error:
>>>>
>>>> WSSecurityEngine: Invalid timestamp The security semantics of
>>>> message have expired
>>>>
>>>> <wsu:Created>2007-09-14T03:16:30.046Z</wsu:Created>
>>>> <wsu:Expires>2007-09-14T03:16:30.046Z</wsu:Expires>
>>>>
>>>> WSSecurityEngine: Invalid timestamp The security semantics of
>>>> message have expired
>>>>
>>>> the time 3:16 is the same as my windows clock, although i had to
>>>> uncheck the "autoamcically adjust the clock for daylight saving
>>>> changes" setting in the windows time settings. if that was on, my
>>>> windows time would always be one hour ahead of the timestamp
>>>> created. i am using a php client, so just thought id mention that,
>>>> if i use the php date and time functions,
>>>>
>>>> echo date();
>>>>
>>>> it always gives me the time one hour ahead.. i know a mismatch in
>>>> time in the client and server can cause an invalid timestamp error,
>>>> but for now my windows time does match the time stated in the
>>>> timestamp soap messages. is there any idea why im getting this
>>>> error? or is there any faults in my services/policy.xml files?
>>>>
>>>> please help!
>>>>
>>>> thanks alot!
>>>>
>>>> _________________________________________________________________
>>>> Can you see your house from the sky? Try Live Search Maps
>>>> http://maps.live.com
>>>>
>>>>
>>>
>>>
>>> --
>>> http://kaushalye.blogspot.com/
>>> http://wso2.org/
>>>
>>>
>>> _______________________________________________
>>> Wsf-php-user mailing list
>>> Wsf-php-user@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>>
>> _________________________________________________________________
>> The next generation of Hotmail is here! http://www.newhotmail.co.uk
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Wsf-php-user mailing list
>> Wsf-php-user@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>>
>
>