Return-Path: Delivered-To: apmail-axis-java-dev-archive@www.apache.org Received: (qmail 63967 invoked from network); 25 Jan 2011 17:46:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 25 Jan 2011 17:46:50 -0000 Received: (qmail 3088 invoked by uid 500); 25 Jan 2011 17:46:49 -0000 Delivered-To: apmail-axis-java-dev-archive@axis.apache.org Received: (qmail 2889 invoked by uid 500); 25 Jan 2011 17:46:49 -0000 Mailing-List: contact java-dev-help@axis.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: java-dev@axis.apache.org Delivered-To: mailing list java-dev@axis.apache.org Received: (qmail 2879 invoked by uid 99); 25 Jan 2011 17:46:48 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Jan 2011 17:46:48 +0000 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of abzno1@gmail.com designates 209.85.216.45 as permitted sender) Received: from [209.85.216.45] (HELO mail-qw0-f45.google.com) (209.85.216.45) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Jan 2011 17:46:43 +0000 Received: by qwk4 with SMTP id 4so20071qwk.32 for ; Tue, 25 Jan 2011 09:46:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type:content-transfer-encoding; bh=Q92dSqHm8qrt6FbEvz+ACtwPaHDSABGkwKHkLFBPzjM=; b=Pr5FWv0kAdrBsCTbl3MVdO+2QjIDtooQiEJG6Kv55i0E3mezdSjFgK3IM04FWNde2N YhOvWPtY0aKPEiTI9sZcxUj3pQosO0VPwTH+ZvxT39mXqSBX69e8otzXrkUnEyIBBt5r pix8JOmY83zHPvXWT56L8dd0vq9fVE8nuBHpo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=lx3J5oCCsBcwCncwDknfLG4NvYsT0C2hmojvM2It1bsbg7sfpgNv0w8OdAVrXJr5l7 LVRM8FAYa/M2lm/5nyYo5GaXLIFfXSYtPZXwEVol+8D/Hjo3JVyPJKeFH+qLKv+qLMav MgSPSgNV8AnGByDfCOQ2Kp2Zzn1ILYHl8HZ54= Received: by 10.224.74.21 with SMTP id s21mr5614136qaj.141.1295977577120; Tue, 25 Jan 2011 09:46:17 -0800 (PST) MIME-Version: 1.0 Received: by 10.224.2.213 with HTTP; Tue, 25 Jan 2011 09:45:37 -0800 (PST) In-Reply-To: References: From: "Abid K." Date: Tue, 25 Jan 2011 17:45:37 +0000 Message-ID: Subject: Re: .net and axis2/rampart To: java-dev@axis.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Hi all, A little more information. My client has said they do the following in .net to setup the client: ----------- proxyClient.ClientCredentials.ClientCertificate.SetCertificate(System.Secur= ity.Cryptography.X509Certificates.StoreLocation.CurrentUser, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjec= tName, "John Doe"); ----------- Does anyone know how I can mimic this in Rampart configuration? or how I can change the request to contain the John Doe subject name? Thanks On 25 January 2011 14:37, Abid K. wrote: > Hi, > > It seems the client cannot find the key with the value > 'a7e24d986ef9fdef06efd76fb33825d502279e95'. Is it possible to specify > the key name to something else? I think the client has given it a > proper name. > > Thanks > > On 24 January 2011 14:11, Thilina Mahesh Buddhika w= rote: >> It looks like the certificate used by client for signing/encrypting the >> message is not available in the key store of the service''s end. >> Also check the key store configurations of the service's end whether the= y >> are referring to the correct key store, etc. >> Thanks, >> Thilina >> Thilina Mahesh Buddhika >> http://blog.thilinamb.com >> >> >> On Mon, Jan 24, 2011 at 4:46 PM, Abid K. wrote: >>> >>> Sorry for not replying sooner. The client receives the following error.= .. >>> >>> ----------- >>> Cannot find the X.509 certificate using the following search criteria: >>> StoreName 'My', StoreLocation 'LocalMachine', FindType >>> 'FindByThumbprint', FindValue >>> 'a7e24d986ef9fdef06efd76fb33825d502279e95'.. ---&gt; >>> System.InvalidOperationException: Cannot find the X.509 certificate >>> using the following search criteria: StoreName 'My', StoreLocation >>> 'LocalMachine', FindType 'FindByThumbprint', FindValue >>> 'a7e24d986ef9fdef06efd76fb33825d502279e95'. >>> ----------- >>> >>> The value 'a7e24d986ef9fdef06efd76fb33825d502279e95' is the SHA1 value >>> for the certificate that seems to be used for signing the message on >>> the client side and I assume this is then being passed to the service >>> for verification. >>> >>> It seems the key cannot be found on the service side, but do you think >>> I need to change something on the client side? >>> >>> Thanks >>> >>> On 20 January 2011 04:14, Thilina Mahesh Buddhika >>> wrote: >>> > Hi, >>> > >>> > It seems like the service has thrown an error when trying to process = the >>> > secured request. The message being logged at RampartReceiver has the >>> > fault >>> > message 'An error occurred when verifying security for the >>> > message'. >>> > >>> > If you can check the logs at service end, it would provide the actual >>> > reason >>> > for the error. >>> > >>> > Thanks, >>> > Thilina >>> > >>> > Thilina Mahesh Buddhika >>> > http://blog.thilinamb.com >>> > >>> > >>> > On Wed, Jan 19, 2011 at 10:12 PM, Abid K. wrote: >>> >> >>> >> Hi, I have created a client app using Axis2/Rampart and I'm having >>> >> difficulties getting it to work with .net/WCF(I think). >>> >> >>> >> My axis2.xml config contains (Also tried policy with same results): >>> >> ... >>> >> =A0 >>> >> =A0 =A0 =A0 >>> >> =A0 =A0 =A0 =A0Signature >>> >> =A0 =A0 =A0 =A0user >>> >> =A0 =A0 =A0 =A0PWCBHandler >>> >> =A0 =A0 =A0 =A0client.properties >>> >> =A0 =A0 =A0 =A0DirectReference >>> >> =A0 =A0 =A0 >>> >> =A0 =A0 >>> >> ... etc. >>> >> >>> >> client.properties: >>> >> >>> >> >>> >> org.apache.ws.security.crypto.provider=3Dorg.apache.ws.security.comp= onents.crypto.Merlin >>> >> org.apache.ws.security.crypto.merlin.keystore.type=3Dpkcs12 >>> >> org.apache.ws.security.crypto.merlin.file=3Dkey.pfx >>> >> org.apache.ws.security.crypto.merlin.keystore.password=3Dpassword >>> >> >>> >> >>> >> I get the follow error: >>> >> org.apache.axis2.AxisFault: An error occurred when verifying securit= y >>> >> for the message. >>> >> =A0 =A0 =A0 =A0at >>> >> >>> >> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.= java:512) >>> >> =A0 =A0 =A0 =A0at >>> >> >>> >> org.apache.axis2.description.OutInAxisOperationClient.handleResponse= (OutInAxisOperation.java:370) >>> >> =A0 =A0 =A0 =A0at >>> >> >>> >> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxis= Operation.java:416) >>> >> >>> >> Also get the following in the log: >>> >> 2011-01-19 16:02:38 [main] [DEBUG] Request body sent >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "HTTP/1.1 500 Internal Server >>> >> Error[\r][\n]" >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "HTTP/1.1 500 Internal Server >>> >> Error[\r][\n]" >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Date: Wed, 19 Jan 2011 16:02:= 39 >>> >> GMT[\r][\n]" >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Server: >>> >> Microsoft-IIS/6.0[\r][\n]" >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "X-Powered-By: ASP.NET[\r][\n]= " >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "X-AspNet-Version: >>> >> 2.0.50727[\r][\n]" >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Connection: close[\r][\n]" >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Cache-Control: private[\r][\n= ]" >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Content-Type: >>> >> application/soap+xml; charset=3Dutf-8[\r][\n]" >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "Content-Length: 643[\r][\n]" >>> >> 2011-01-19 16:02:38 [main] [DEBUG] << "[\r][\n]" >>> >> ... >>> >> 2011-01-19 16:02:38 [main] [DEBUG] *********************** >>> >> RampartReceiver received >>> >> >> >> xmlns:s=3D"http://www.w3.org/2003/05/soap-envelope" >>> >> xmlns:a=3D"http://www.w3.org/2005/08/addressing">>> >> >>> >> >>> >> s:mustUnderstand=3D"1">http://www.w3.org/2005/08/addressing/soap/fau= lturn:uuid:C18F4C3E6ACADFD1F31295452955592s:Sender>> >> >>> >> >>> >> xmlns:a=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w= ssecurity-secext-1.0.xsd">a:InvalidSecurity<= s:Reason>>> >> xml:lang=3D"en-GB">An error occurred when verifying security for the >>> >> message. >>> >> >>> >> >>> >> I've carried out an internet search but get no definitive answer and >>> >> I'm hoping someone here can help. >>> >> >>> >> --------------------------------------------------------------------= - >>> >> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org >>> >> For additional commands, e-mail: java-dev-help@axis.apache.org >>> >> >>> > >>> > >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org >>> For additional commands, e-mail: java-dev-help@axis.apache.org >>> >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org For additional commands, e-mail: java-dev-help@axis.apache.org