Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 16702 invoked from network); 10 Jul 2007 15:08:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Jul 2007 15:08:39 -0000 Received: (qmail 93698 invoked by uid 500); 10 Jul 2007 15:08:32 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 93512 invoked by uid 500); 10 Jul 2007 15:08:31 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 93501 invoked by uid 99); 10 Jul 2007 15:08:31 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Jul 2007 08:08:31 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of Tony.Dean@sas.com designates 149.173.6.148 as permitted sender) Received: from [149.173.6.148] (HELO mercav05.na.sas.com) (149.173.6.148) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Jul 2007 08:08:26 -0700 Received: from MERCMBX07.na.sas.com ([10.16.9.157]) by mercav05.na.sas.com with InterScan Message Security Suite; Tue, 10 Jul 2007 11:08:04 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: [Rampart] Ignore Timestamp and Addressing from client Date: Tue, 10 Jul 2007 11:08:03 -0400 Message-ID: In-Reply-To: <559c463d0707100758t2c4abac3jecf338bbce977eba@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Rampart] Ignore Timestamp and Addressing from client Thread-Index: AcfDAty3iTgoVN1WTuqHK642MaJd6wAANMeg From: "Tony Dean" To: X-Virus-Checked: Checked by ClamAV on apache.org Rampart does not do any processing with the Timestamp information, does = it? However, you do make a valid point. The client should not send a = Timestamp if service is not expecting it. Unfortunately, WSSE 3.0 sends = one by default with a UsernameToken. ;-( > -----Original Message----- > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]=20 > Sent: Tuesday, July 10, 2007 10:59 AM > To: axis-user@ws.apache.org > Subject: Re: [Rampart] Ignore Timestamp and Addressing from client >=20 > Hmm ... this is not possible with Rampart-1.0 style configuration! > (Using configuration parameters). IMHO we must validate all=20 > elements in the wsse:Security header of the incoming message=20 > and I don't think it is correct to let random unknown=20 > elements in. We express exactly what we expect in the=20 > security header in the security policy of the service and the=20 > client MUST send exactly as expected by the service. > Otherwise it is the client's problem. >=20 > Thanks, > Ruchith >=20 > On 7/10/07, stlecho wrote: > > > > I completely agree with you Tony. If the client sends on top of the=20 > > required UsernameToken some additional and unwanted information=20 > > (timestamp, addressing, ...), Rampart should still be happy that it=20 > > finds the UsernameToken information. > > > > Regards, Stefan. > > > > > > Tony Dean wrote: > > > > > > As an example suppose you want Rampart to expect and=20 > always process=20 > > > a UsernameToken. You would set=20 > > > UsernameToken. However,=20 > by default=20 > > > .net clients always send a Timestamp. So even though the .net=20 > > > client sends a UsernameToken, a mismatch occurs because=20 > it sends a=20 > > > Timestamp as well. Is there a way to configure Rampart to just=20 > > > ignore a Timestamp since it is not expected? I think=20 > this is what=20 > > > Stefan is saying also. Maybe this is against ws-security=20 > guidelines. I don't know. Thanks. > > > > > >> -----Original Message----- > > >> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com] > > >> Sent: Tuesday, July 10, 2007 5:37 AM > > >> To: axis-user@ws.apache.org > > >> Subject: Re: [Rampart] Ignore Timestamp and Addressing=20 > from client > > >> > > >> The actions mismatch error occurs when you configure rampart to=20 > > >> expect security actions different to what the incoming message=20 > > >> contains. When you configure Rampart to process all security=20 > > >> operations performed on the message you will able to get rid of=20 > > >> this error. > > >> > > >> Thanks, > > >> Ruchith > > >> > > >> On 7/2/07, stlecho wrote: > > >> > > > >> > All, > > >> > > > >> > Is there a solution or workaround for this issue ? > > >> > > > >> > Regards, Stefan Lecho. > > >> > > > >> > > > >> > stlecho wrote: > > >> > > > > >> > > Hi, > > >> > > > > >> > > I have configured the InflowSecurity parameter (extracted=20 > > >> > > included > > >> > > underneath) on the server side with the "Signature" item. > > >> > > > > >> > > One of our clients is using a C# client. The SOAP=20 > request that=20 > > >> > > is received from this client contains Timestamp and > > >> Addressing related > > >> > > elements. This results in an "WSDoAllReceiver: security > > >> processing > > >> > > failed (actions mismatch)" AxisFault. > > >> > > > > >> > > Is there a way to "ignore" the Timestamp and=20 > Addressing related=20 > > >> > > elements on the server ? > > >> > > > > >> > > Extract axis2.xml: > > >> > > > > >> > > > > >> > > Signature > > >> > > =20 > interopin.properties > > >> > > > > >> DirectReference > > >> > > > > >> > > > > >> {Element}{http://schemas.xmlsoap.org/soap/enve > > >> lope/}Body > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > Regards, Stefan Lecho. > > >> > > > > >> > > > >> > -- > > >> > View this message in context: > > >> > > > >>=20 > http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-fro > > >> m-c > > >> > lient-tf3882252.html#a11392800 Sent from the Axis - User > > >> mailing list > > >> > archive at Nabble.com. > > >> > > > >> > > > >> > > > >>=20 > ------------------------------------------------------------------- > > >> -- > > >> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org > > >> > For additional commands, e-mail: axis-user-help@ws.apache.org > > >> > > > >> > > > >> > > >> > > >> -- > > >> www.ruchith.org > > >> www.wso2.org > > >> > > >>=20 > ------------------------------------------------------------------- > > >> -- To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org > > >> For additional commands, e-mail: axis-user-help@ws.apache.org > > >> > > >> > > > > > >=20 > -------------------------------------------------------------------- > > > - To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org > > > For additional commands, e-mail: axis-user-help@ws.apache.org > > > > > > > > > > > > > -- > > View this message in context:=20 > >=20 > http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-c > > lient-tf3882252.html#a11521124 Sent from the Axis - User=20 > mailing list=20 > > archive at Nabble.com. > > > > > >=20 > --------------------------------------------------------------------- > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org > > For additional commands, e-mail: axis-user-help@ws.apache.org > > > > >=20 >=20 > -- > www.ruchith.org > www.wso2.org >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org > For additional commands, e-mail: axis-user-help@ws.apache.org >=20 >=20 --------------------------------------------------------------------- To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org For additional commands, e-mail: axis-user-help@ws.apache.org