axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Hendrikx" <>
Subject Configuring rampart's policy.xml to use hmac-sha1
Date Thu, 15 Mar 2007 13:05:44 GMT
I'm writing a client in Java to connect to a server using WebServices. 
Axis and Rampart looks like what I need to do this.  The server enforces a
clear text UsernameToken, Password, Nonce and Creation time plus integrity
checks for each header.

For the past few days I've been trying to configure Rampart using a
policy.xml to communicate in the correct way with this server, but so far
I've only had limited success.  The documentation provided for these
protocols is extensive but also very abstract (and the examples provided I
could not get to work with Rampart).

For this reason the way the configuration works is still very much a
mystery to me.  I've managed to get a few of samples that came with
Rampart to work (mainly the ones using TransportBinding and
AsymetricBindings) but none produce the output I need to communicate with
the server correctly.  What baffles me is that I can make large
modifications to these files without much of anything changing in the
communication (for example, in the AsymetricBinding examples, I can change
the AlgorithmSuite to some random garbage, and it still will happily
produce messages signed with rsa-sha1 -- there seems to be no way I can
get these bindings to produce hmac-sha1 which I need).

I'm also having trouble getting Rampart to include a UsernameToken with an
AsymetricBinding.  It seems to default to a BinaryUserToken, and no matter
what I do I cannot convince it to use a different one.

I'm not even sure if I need a Transport, Asymetric or Symetric binding at
this point.  From what I can see the TransportBinding does not support
header signing, so I've focused much of my efforts on the Asymetric and
Symetric bindings.  I haven't gotten a single SymetricBinding to work
though, mainly because it seems to require a server to provide keys which
we don't have.

If anyone can help, I've got a working example message and part of the
server's policy file here:

Working example:

Server policy:

Thanks for any help,

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message