axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mauro Brasil <>
Subject Re: Problems with rampartc token reference...
Date Wed, 09 Mar 2011 12:25:27 GMT
Hello there!

After some tests I identified that keyIdentifier is not working because my
certificates don't have this information.
I've created just self signed certificates for my solution and I couldn't
found a way to add keyIdentifier information to it what seems to be a normal
information on CA provided certificates.

This lets me with just one choice considering the 3 first pointed options:
"directReference", "keyIdentifier" and "x509IssuerSerial".
Does anyone used "directReference" on any scenario and can share a
"policy.xml" configuration file ?

Thanks and best regards,

2011/3/2 Mauro Brasil <>

> Hello there!
> I'm trying to improve security on a application suite we have here by
> adding ws-security encryption. We were using just ws-security's Username
> Token for authentication, but now we need to encrypt message's content
> because some sensitive information will be added to it.
> We use JBossWS running on "JBoss-4.2.3.GA" at server side and
> axis2c/rampartc on clients side.
> First problems we detected was the absense of tokenReference configuration
> what led us to a clear message on server "Invalid message,
> SecurityTokenRefence is empty".
> Having a closer look at JBossWS configuration I've noticed that it accepts
> 3 types of token references, that are: directReference *(default*),
> keyIdentifier and x509IssuerSerial.
> I couldn't find a usable rampartc policy file configuration for first
> option "directReference" and I'm not sure if it's provided at all. I've
> found a reference for second option "keyIdentifier" but the addition on
> policy file (through "<sp:RequireKeyIdentifierReference/>" tag) resulted
> again on empty SecurityTokenReference, and the last option
> "x509IssuerSerial" works for rampartc but server refuses it.
> So, I would like to ask someone about the other two options
> "directReference" and "keyIdentifier" token references. Does anyone know how
> to config rampartc policy file to send those kind of token references?
> Note.: I'm using axis2c version 1.6.0 and rampartc version 1.3.0.
> Thanks a lot and best regards,
> Mauro.

View raw message