Interop with RSA Secure-WS product

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Andreas Mertens - 24 Aug 2004 19:51 GMT

I am trying to get a very simple "Hello World" type web service to work with a client that uses the RSA WS-Secure SDK to implement the WS-Security portion of the message. I am signing and encrypting with X509v3 certificates, which I have tested with a regular .Net web service client app against the server.

The server is set up with WS-Policy to expect the specific signature and encryption.

The RSA-based client is returned the following soap fault:

Microsoft.Web.Services2.Policy.PolicyVerificationException: WSE402: The message does not conform to the policy it was mapped to.
at Microsoft.Web.Services2.Policy.SimplePolicyVerifier.VerifyMessageWithExpression(PolicyExpression expression, SoapEnvelope message, EndpointReference endpoint, String action, Uri requestEndpoint)
at Microsoft.Web.Services2.Policy.SimplePolicyVerifier.Verify(SoapEnvelope message)
at Microsoft.Web.Services2.Policy.PolicyVerificationInputFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message)

First off - where can I get documentation on WSE402? Anyone knows what that is???

I have the various traces set up on the server as well (with full details). The ReceivePolicy output is:
<log xmlns:wsp=http://schemas.xmlsoap.org/ws/2002/12/policy
xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
xmlns:wssp=http://schemas.xmlsoap.org/ws/2002/12/secext
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
xmlns:wse=http://schemas.microsoft.com/wse/2003/06/Policy
xmlns:wset="http://schemas.microsoft.com/wse/2003/09/PolicyTrace">
<wset:message to=http://localhost/server/Service1.asmx
from=http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous
action=http://tempuri.org/server/Service1/HelloWorld
messageId="uuid:946a71bb-3b4b-4937-b7d9-6e5cf1b89ed3"
appDomain="/LM/w3svc/1/root/server-23-127378684432468564"
time="2004-08-24T10:47:24.3405644-07:00">
<wset:verify qname="wsp:Policy" wsu:Id="#Sign-X.509-Encrypt-X.509" usage="Required" satisfied="false">
<wset:verify qname="wsp:MessagePredicate" usage="Required" satisfied="false" />
</wset:verify>
</wset:message>
</log>

It is clear that the policy failed, but no details on specifically what exactly failed. Is there a way to get more specific details on what part of the policy fails?

Finally, has anyone else worked with this RSA SDK and have had sucess in making it workk with a .Net-based web-service?

Thanks,

Andreas Mertens
andreasm@<remove - spam>nvisionideas.com

PS: below is the message intercepted at the server:

<?xml version="1.0" encoding="utf-8"?>
<log>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action wsu:Id="Id-8b02fff6-7838-4d27-8877-46e2013966be">http://tempuri.org/server/Service1/HelloWorld</wsa:Action>
<wsa:MessageID wsu:Id="Id-e5f22baf-6580-44d9-b2fa-5e0a03b16289">uuid:946a71bb-3b4b-4937-b7d9-6e5cf1b89ed3</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-45d19edb-16d5-4663-b0f7-c3e175a54026">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-6a29355b-b18f-4ab3-b8eb-52bcb48db3e6">http://localhost/server/Service1.asmx</wsa:To>
<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext">
<BinarySecurityToken xmlns="http://schemas.xmlsoap.org/ws/2003/06/secext" wsu:Id="signWithX509Tok" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary">
MIIHkTCCBzugAwIBAgIKMTQtRgAAAAAADDANBgkqhkiG9w0BAQUFADCBtzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRIwEAYDVQQHEwlWYW5jb3V2ZXIxIzAhBgNVBAoTGk5WSSBQYXltZW50IFNvbHV0aW9ucyBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMR4wHAYDVQQDExVEZWJpdHMtRGlyZWN0IFNlcnZpY2UxLTArBgkqhkiG9w0BCQEWHmFkbWluaXN0cmF0b3JAbnZpc2lvbmlkZWFzLmNvbTAeFw0wNDA4MTUxNjIwMThaFw0wNTA4MTUxNjIwMThaMIGtMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEjMCEGA1UEChMaTlZJIFBheW1lbnQgU29sdXRpb25zIEluYy4xDDAKBgNVBAsMA1ImRDEgMB4GA1UEAwwXTlZJIFRlc3QgVmVuZG9yIFNpdGUgIzExKDAmBgkqhkiG9w0BCQEWGWFuZHJlYXNtQG52aXNpb25pZGVhcy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOvmhwmzx9Vu0wqUELa3lE8Fj8l6Y1Q7R9KvGRnoi3WSjfJKORH7bxJjhGUBdSfTbUgCuR3C+hScRygEAiNN8YZ62MWnx/eT70jZOJKlWwM556udGc2R35iP8UVMXSxLacsw7WEZn4kGW0yfQE00N1cFzaI6vHTmn3GKbS+vqW4EII3APzQ4PAFvBeBSvD8N0U3EeBiona2AhI85Fm2LkGwsoAQr+tsajA/AfeO34nG+q1suLOxhkPYnW0Q4kccwlHWP4FVrZLHDx5ToLZeraG2lL6chnsx0BAbGOaKPfwY9aV3z1pv3vMhmBBP3NGe/BwQqGtEpPi2QmjZ8Z+CityXeet5BIXRKakFFiVALkTZw60spCkGzicXVIZ3xprlgZs/dyPeFqGSkPHWg9fP1oM1yPdFxaOPKXzG+vfQppQz6KF1D7G8VqEo/CYyrxj1UdDLplK/EAHwZARTjXCc3yiNVQrMHhIGtmMXLyVva8IuxTHnGradmjGDeQsrfDMpCh8xGwjh0F32ntGh/BY4R4IvM4hnR//Q2HT+vKNtdndZWr5NSZc5kwTblnqxrnVr8wADQww/P9r045pJNh3WqHcpaE1yjYD6nym/TkjLumv9pSi+M4G79FshVccZGpdgUtOceGSkv/OdwBCICmmLtE+HvWWS8jWuWJ1mNh9FneLBQIDAQABo4IDZzCCA2MwCwYDVR0PBAQDAgWgMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUbxqWrQATn6WCcx6USI85YJGWMf0wPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUI7ZBcgveVN4f5iRiHzY5T4MJPgWKHtIUBh/73PQIBZAIBAjAfBgNVHSMEGDAWgBSd2bCi9/WjyXq1zlyqUA/hpqDkYDCCARkGA1UdHwSCARAwggEMMIIBCKCCAQSgggEAhoG8bGRhcDovLy9DTj1EZWJpdHMtRGlyZWN0JTIwU2VydmljZSxDTj1zcWxfMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9TlZJLERDPW9mZmljZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGP2h0dHA6Ly9zcWxfMDEubnZpLm9mZmljZS9DZXJ0RW5yb2xsL0RlYml0cy1EaXJlY3QlMjBTZXJ2aWNlLmNybDCCASkGCCsGAQUFBwEBBIIBGzCCARcwgbUGCCsGAQUFBzAChoGobGRhcDovLy9DTj1EZWJpdHMtRGlyZWN0JTIwU2VydmljZSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1OVkksREM9b2ZmaWNlP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MF0GCCsGAQUFBzAChlFodHRwOi8vc3FsXzAxLm52aS5vZmZpY2UvQ2VydEVucm9sbC9zcWxfMDEuTlZJLm9mZmljZV9EZWJpdHMtRGlyZWN0JTIwU2VydmljZS5jcnQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADQQBP+VsAqxCz1RgF34ydsyudVnCEYNkGFw+g2aZZd8q6/X7P1SswRYZtlhnA2EeVd/uXXCy2wRM8zddFI12ZD+UU
</BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#MsgBody">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">
</DigestMethod>
<DigestValue>7TU8cy3JWxgtE0lXFH3v76GXtN0 </DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>mvXfc2oPm4WLk821+0RAHTOydLxmvrndO2GhYNO+Ieww9n8Lw5BLP8HWC+OGj5nw t/MHzFG2nyYLMxP6RYEJd7HyYemQvnhAIsvnhZQ1BBjQ5/FtNl1hkVhUL/jXXxFu ElcfN38e6Wm0WDF5o/zCyGuNci+5rK9UwSK/DpPErx4xwcZk2J3Lj0VZSXfGntsE +Qo+xELIxITcJSVUJ2PPmBL7PUQY20wPP5XfJV5Ekyrq4MOQtVDNz/uSja6WMeDi l45OdnCrIiXfOr2KDTM0pT8q4E1DWVWJ2BCPIjjHk/ypAt9VCNokq2tWlH+lX7P+ YG4Dl9MFb0p/Oo85oEC9C9p9Tr0p7y8+d6/yxBhAjPfe/WZoo1fEt8Awf+wfxpH8 r3XFn9abGnMB/kfeMzWx7DoeDsAirCusdCzNrJDaFRmvlYdlW/ooyXq4b4ET0/Up RkNozqHAiDKBl8qZltMTI0Q1g91i7U0dFx7cOBWq7Q6KDfzSOlR3eENaibXxLSAs TCzA4TqQwQuSaV0cn7rr/Qp8dUuD0vBo+SGiPOsmXJibJ+RGfZBBuMSH+hpa1K7q vSv6W9CT5qa+l8Lgt2EYlq8GwnmV5jvVtuiDD0Fs504K1l2OkfkE3JPpoh4ULHwu 80rIt2CWx7//v3lauz43nSOhO5bVbMVC2IXmfa4hGbo </SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<SecurityTokenReference>
<Reference URI="#signWithX509Tok">
</Reference>
</SecurityTokenReference>
</KeyInfo>
</Signature><wsse:BinarySecurityToken wsu:Id="x509token" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary">
MIIHjDCCBzagAwIBAgIKNeRgbwAAAAAADTANBgkqhkiG9w0BAQUFADCBtzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRIwEAYDVQQHEwlWYW5jb3V2ZXIxIzAhBgNVBAoTGk5WSSBQYXltZW50IFNvbHV0aW9ucyBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMR4wHAYDVQQDExVEZWJpdHMtRGlyZWN0IFNlcnZpY2UxLTArBgkqhkiG9w0BCQEWHmFkbWluaXN0cmF0b3JAbnZpc2lvbmlkZWFzLmNvbTAeFw0wNDA4MTYxNDEwNTVaFw0wNTA4MTYxNDEwNTVaMIGpMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEjMCEGA1UEChMaTlZJIFBheW1lbnQgU29sdXRpb25zIEluYy4xDDAKBgNVBAsMA1ImRDEcMBoGA1UEAwwTTlZJIFRlc3QgRkkgU2l0ZSAjMTEoMCYGCSqGSIb3DQEJARYZYW5kcmVhc21AbnZpc2lvbmlkZWFzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALULkB8SB+zg/rtSGGp+W4nX4fBRaR46ESoI8/2JUXOTQ4cnsrNf76h/CUsXe9LDdxRZsxcfcjc3C9ZwxMfc2L2KhvisHp0eKJIoV+J3Uk0YMRzbK/Jhk9bYDWCbKAKNxhJEH7oxCFvVha5VxccrMVNcrIrsNMook94qVr76syNfgwAtVwbdqtKIF3gt70OcgBHt4GzWrRftnflg/6nB717XIErS9zo20MRQvaCPc5d5uEUsexPku5nFajyhyuLcnmUF+xYJuLdRXkMKC1jC2xvHpJMJzddOr/dHFoQAiPiMAL2EIGA4kGLGmN1t9Un0+sCwyao5KqJvQlde9SXHdCfcJ564K6rMR8MQQpeL6E1N83VXY06v6Wglhqe7WDbwnb0dnfnr5fogNVyguIVXNH/zDZuRIBB7GIfWpaiXlUx357//DiDYLhyhYEx5siN8EF5vpWybNWTLtlMGfqUX6nNBB+Z6ndEr+wGDQ8kEwx+rm4nFGPWlzEssd83ZGnkQokcUIq/TAGhXjhTjsMkSwj5cnOscvFW6hAonIDio9AAEPIVRdWsWe1PHl5G99k59+VpTv+CxQYS8XeZVBxurn/+cQ882jYRYnRJIx+E3Ks8xfaXSKEwSgp375ZxGrphwgKw4k0wbRp1ZheJ+0y/hbL2j7HFo3Z5ANrkCw8eZQne5AgMBAAGjggNmMIIDYjALBgNVHQ8EBAMCBaAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBSEAjmUDb4VjLUfGzmVSww2aCTUtzA7BgkrBgEEAYI3FQcELjAsBiQrBgEEAYI3FQjtkFyC95U3h/mJGIfNjlPgwk+BYviwHYeClEkCAWQCAQMwHwYDVR0jBBgwFoAUndmwovf1o8l6tc5cqlAP4aag5GAwggEZBgNVHR8EggEQMIIBDDCCAQigggEEoIIBAIaBvGxkYXA6Ly8vQ049RGViaXRzLURpcmVjdCUyMFNlcnZpY2UsQ049c3FsXzAxLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPU5WSSxEQz1vZmZpY2U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vc3FsXzAxLm52aS5vZmZpY2UvQ2VydEVucm9sbC9EZWJpdHMtRGlyZWN0JTIwU2VydmljZS5jcmwwggEpBggrBgEFBQcBAQSCARswggEXMIG1BggrBgEFBQcwAoaBqGxkYXA6Ly8vQ049RGViaXRzLURpcmVjdCUyMFNlcnZpY2UsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9TlZJLERDPW9mZmljZT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTBdBggrBgEFBQcwAoZRaHR0cDovL3NxbF8wMS5udmkub2ZmaWNlL0NlcnRFbnJvbGwvc3FsXzAxLk5WSS5vZmZpY2VfRGViaXRzLURpcmVjdCUyMFNlcnZpY2UuY3J0MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA0EAJzBY0fPhbMHqKyRZb0ST9qs1O8W978O/PskcFHXTP+MVQQU4RVE3zE9J9GTYef4svUAXxFFsDMcaaYDwosv7HQ= </wsse:BinarySecurityToken><EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5">
</EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#x509token">
</wsse:Reference>
</wsse:SecurityTokenReference>
</KeyInfo>
<CipherData>
<CipherValue>
T7BGEB/MpUBC5BTcPoOCcJd8LbTEDL0eAd4s8Dsy2XlcvRvFmjX3pEX2o+OQdaKP
nYoLoJhZhReKmHLMafeBkNQfnQo8zkYq1XmXDN9ti2+8P/jeNeHkKrRoya1z3D7L
gxO7Q5t6rRylkM+dokM80s0q01MPaqB2C48TJ4eHn3ofYeoTsBaVINx5bb9MeJMF
URcwQEuiInJurFrr4H6vdZTHKwKHhuXUOlYIDwJUDBEMExBNsg6RZx5vUV1wUJ/W
5G0re8cnrz0g09h9yxn3f1c1pjCQxwVBc4UJZ+e4wV+z9he0jHGKNv5vtc6aa/0O
mN6xVyk549K00g1S+OCqoZCF7qinbkWNwWw7KXguAL/pe8TMR5kRE9dZNJdfM5jt
yvN8h8f18sSN1L+nc0zP3xQA2ch/c4Jjgya9vjVApbKC5v3iWRqLPSCcqyi3VJGW
OFw9InU5BXWmeHb1Ui9Fr/pY7TlQBdo5fJsX5TVjIOFkXqHkw6fy7pB7iQJodWSh
OXDz2MCJtnv08arEgjhqVarNCLdT1p93qiiJh2hF90/qoB5YSbwE/BAUqPHM3oj9
A4HmSrz+cBcCRsWwn7d/usQTxYNY1/+SAOlM+GnxYW57bDRD/KZm7U25maUf4oDQ
+rTrAf0jpELSdptiHb/U1ZlXs4gRtTwUIfr2ERJoYhE </CipherValue>
</CipherData>
<ReferenceList>
<DataReference URI="#-Encryption-Reference-URIs5Igv541LZqeu1XYJFnz3vkMMJQ=">
</DataReference>
</ReferenceList>
</EncryptedKey>

</wsse:Security></soap:Header>
<soap:Body Id="MsgBody"><EncryptedData Id="-Encryption-Reference-URIs5Igv541LZqeu1XYJFnz3vkMMJQ=" xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">
</EncryptionMethod>
<CipherData>
<CipherValue>f6jzT5qf+X3TuVcWxAKTF0i3TuxWR8b9O2hcWOa+Bl7Jf2YEWY/m2VyDuzyujTg4
8V2ysQVKfZ6FhHYy4J0HV+qU00bFLM5Ct8lTz3dNYc+Lh9/Q8mhhZws1Zq6rGR0E</CipherValue>
</CipherData>
</EncryptedData></soap:Body>
</soap:Envelope>
</log

Reply to this Message

HongMei Ge - 26 Aug 2004 21:31 GMT

Hi!

The error shows that your message didn't pass the policy verification on the server. More specifically, you MessagePredicate element in your policy file might be expecting the message to have all the addressing headers signed, such as the <To> header. However, the message only signed soap body.

Do you minding sharing your policy file on the server side? So we can be sure about this.

You can either loose your policy ( not recommended ) or make the RSA WS-Secure SDK to sign all the necessary parts ( recommended ).

Hope this helps!

hongmei
I am trying to get a very simple "Hello World" type web service to work with a client that uses the RSA WS-Secure SDK to implement the WS-Security portion of the message. I am signing and encrypting with X509v3 certificates, which I have tested with a regular .Net web service client app against the server.

The server is set up with WS-Policy to expect the specific signature and encryption.

The RSA-based client is returned the following soap fault:

Microsoft.Web.Services2.Policy.PolicyVerificationException: WSE402: The message does not conform to the policy it was mapped to.
at Microsoft.Web.Services2.Policy.SimplePolicyVerifier.VerifyMessageWithExpression(PolicyExpression expression, SoapEnvelope message, EndpointReference endpoint, String action, Uri requestEndpoint)
at Microsoft.Web.Services2.Policy.SimplePolicyVerifier.Verify(SoapEnvelope message)
at Microsoft.Web.Services2.Policy.PolicyVerificationInputFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message)

First off - where can I get documentation on WSE402? Anyone knows what that is???

I have the various traces set up on the server as well (with full details). The ReceivePolicy output is:
<log xmlns:wsp=http://schemas.xmlsoap.org/ws/2002/12/policy
xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
xmlns:wssp=http://schemas.xmlsoap.org/ws/2002/12/secext
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
xmlns:wse=http://schemas.microsoft.com/wse/2003/06/Policy
xmlns:wset="http://schemas.microsoft.com/wse/2003/09/PolicyTrace">
<wset:message to=http://localhost/server/Service1.asmx
from=http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous
action=http://tempuri.org/server/Service1/HelloWorld
messageId="uuid:946a71bb-3b4b-4937-b7d9-6e5cf1b89ed3"
appDomain="/LM/w3svc/1/root/server-23-127378684432468564"
time="2004-08-24T10:47:24.3405644-07:00">
<wset:verify qname="wsp:Policy" wsu:Id="#Sign-X.509-Encrypt-X.509" usage="Required" satisfied="false">
<wset:verify qname="wsp:MessagePredicate" usage="Required" satisfied="false" />
</wset:verify>
</wset:message>
</log>

It is clear that the policy failed, but no details on specifically what exactly failed. Is there a way to get more specific details on what part of the policy fails?

Finally, has anyone else worked with this RSA SDK and have had sucess in making it workk with a .Net-based web-service?

Thanks,

Andreas Mertens
andreasm@<remove - spam>nvisionideas.com

PS: below is the message intercepted at the server:

<?xml version="1.0" encoding="utf-8"?>
<log>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action wsu:Id="Id-8b02fff6-7838-4d27-8877-46e2013966be">http://tempuri.org/server/Service1/HelloWorld</wsa:Action>
<wsa:MessageID wsu:Id="Id-e5f22baf-6580-44d9-b2fa-5e0a03b16289">uuid:946a71bb-3b4b-4937-b7d9-6e5cf1b89ed3</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-45d19edb-16d5-4663-b0f7-c3e175a54026">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-6a29355b-b18f-4ab3-b8eb-52bcb48db3e6">http://localhost/server/Service1.asmx</wsa:To>
<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext">
<BinarySecurityToken xmlns="http://schemas.xmlsoap.org/ws/2003/06/secext" wsu:Id="signWithX509Tok" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary">
MIIHkTCCBzugAwIBAgIKMTQtRgAAAAAADDANBgkqhkiG9w0BAQUFADCBtzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRIwEAYDVQQHEwlWYW5jb3V2ZXIxIzAhBgNVBAoTGk5WSSBQYXltZW50IFNvbHV0aW9ucyBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMR4wHAYDVQQDExVEZWJpdHMtRGlyZWN0IFNlcnZpY2UxLTArBgkqhkiG9w0BCQEWHmFkbWluaXN0cmF0b3JAbnZpc2lvbmlkZWFzLmNvbTAeFw0wNDA4MTUxNjIwMThaFw0wNTA4MTUxNjIwMThaMIGtMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEjMCEGA1UEChMaTlZJIFBheW1lbnQgU29sdXRpb25zIEluYy4xDDAKBgNVBAsMA1ImRDEgMB4GA1UEAwwXTlZJIFRlc3QgVmVuZG9yIFNpdGUgIzExKDAmBgkqhkiG9w0BCQEWGWFuZHJlYXNtQG52aXNpb25pZGVhcy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOvmhwmzx9Vu0wqUELa3lE8Fj8l6Y1Q7R9KvGRnoi3WSjfJKORH7bxJjhGUBdSfTbUgCuR3C+hScRygEAiNN8YZ62MWnx/eT70jZOJKlWwM556udGc2R35iP8UVMXSxLacsw7WEZn4kGW0yfQE00N1cFzaI6vHTmn3GKbS+vqW4EII3APzQ4PAFvBeBSvD8N0U3EeBiona2AhI85Fm2LkGwsoAQr+tsajA/AfeO34nG+q1suLOxhkPYnW0Q4kccwlHWP4FVrZLHDx5ToLZeraG2lL6chnsx0BAbGOaKPfwY9aV3z1pv3vMhmBBP3NGe/BwQqGtEpPi2QmjZ8Z+CityXeet5BIXRKakFFiVALkTZw60spCkGzicXVIZ3xprlgZs/dyPeFqGSkPHWg9fP1oM1yPdFxaOPKXzG+vfQppQz6KF1D7G8VqEo/CYyrxj1UdDLplK/EAHwZARTjXCc3yiNVQrMHhIGtmMXLyVva8IuxTHnGradmjGDeQsrfDMpCh8xGwjh0F32ntGh/BY4R4IvM4hnR//Q2HT+vKNtdndZWr5NSZc5kwTblnqxrnVr8wADQww/P9r045pJNh3WqHcpaE1yjYD6nym/TkjLumv9pSi+M4G79FshVccZGpdgUtOceGSkv/OdwBCICmmLtE+HvWWS8jWuWJ1mNh9FneLBQIDAQABo4IDZzCCA2MwCwYDVR0PBAQDAgWgMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUbxqWrQATn6WCcx6USI85YJGWMf0wPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUI7ZBcgveVN4f5iRiHzY5T4MJPgWKHtIUBh/73PQIBZAIBAjAfBgNVHSMEGDAWgBSd2bCi9/WjyXq1zlyqUA/hpqDkYDCCARkGA1UdHwSCARAwggEMMIIBCKCCAQSgggEAhoG8bGRhcDovLy9DTj1EZWJpdHMtRGlyZWN0JTIwU2VydmljZSxDTj1zcWxfMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9TlZJLERDPW9mZmljZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGP2h0dHA6Ly9zcWxfMDEubnZpLm9mZmljZS9DZXJ0RW5yb2xsL0RlYml0cy1EaXJlY3QlMjBTZXJ2aWNlLmNybDCCASkGCCsGAQUFBwEBBIIBGzCCARcwgbUGCCsGAQUFBzAChoGobGRhcDovLy9DTj1EZWJpdHMtRGlyZWN0JTIwU2VydmljZSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1OVkksREM9b2ZmaWNlP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MF0GCCsGAQUFBzAChlFodHRwOi8vc3FsXzAxLm52aS5vZmZpY2UvQ2VydEVucm9sbC9zcWxfMDEuTlZJLm9mZmljZV9EZWJpdHMtRGlyZWN0JTIwU2VydmljZS5jcnQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADQQBP+VsAqxCz1RgF34ydsyudVnCEYNkGFw+g2aZZd8q6/X7P1SswRYZtlhnA2EeVd/uXXCy2wRM8zddFI12ZD+UU
</BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#MsgBody">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">
</DigestMethod>
<DigestValue>7TU8cy3JWxgtE0lXFH3v76GXtN0 </DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>mvXfc2oPm4WLk821+0RAHTOydLxmvrndO2GhYNO+Ieww9n8Lw5BLP8HWC+OGj5nw t/MHzFG2nyYLMxP6RYEJd7HyYemQvnhAIsvnhZQ1BBjQ5/FtNl1hkVhUL/jXXxFu ElcfN38e6Wm0WDF5o/zCyGuNci+5rK9UwSK/DpPErx4xwcZk2J3Lj0VZSXfGntsE +Qo+xELIxITcJSVUJ2PPmBL7PUQY20wPP5XfJV5Ekyrq4MOQtVDNz/uSja6WMeDi l45OdnCrIiXfOr2KDTM0pT8q4E1DWVWJ2BCPIjjHk/ypAt9VCNokq2tWlH+lX7P+ YG4Dl9MFb0p/Oo85oEC9C9p9Tr0p7y8+d6/yxBhAjPfe/WZoo1fEt8Awf+wfxpH8 r3XFn9abGnMB/kfeMzWx7DoeDsAirCusdCzNrJDaFRmvlYdlW/ooyXq4b4ET0/Up RkNozqHAiDKBl8qZltMTI0Q1g91i7U0dFx7cOBWq7Q6KDfzSOlR3eENaibXxLSAs TCzA4TqQwQuSaV0cn7rr/Qp8dUuD0vBo+SGiPOsmXJibJ+RGfZBBuMSH+hpa1K7q vSv6W9CT5qa+l8Lgt2EYlq8GwnmV5jvVtuiDD0Fs504K1l2OkfkE3JPpoh4ULHwu 80rIt2CWx7//v3lauz43nSOhO5bVbMVC2IXmfa4hGbo </SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<SecurityTokenReference>
<Reference URI="#signWithX509Tok">
</Reference>
</SecurityTokenReference>
</KeyInfo>
</Signature><wsse:BinarySecurityToken wsu:Id="x509token" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary">
MIIHjDCCBzagAwIBAgIKNeRgbwAAAAAADTANBgkqhkiG9w0BAQUFADCBtzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRIwEAYDVQQHEwlWYW5jb3V2ZXIxIzAhBgNVBAoTGk5WSSBQYXltZW50IFNvbHV0aW9ucyBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMR4wHAYDVQQDExVEZWJpdHMtRGlyZWN0IFNlcnZpY2UxLTArBgkqhkiG9w0BCQEWHmFkbWluaXN0cmF0b3JAbnZpc2lvbmlkZWFzLmNvbTAeFw0wNDA4MTYxNDEwNTVaFw0wNTA4MTYxNDEwNTVaMIGpMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEjMCEGA1UEChMaTlZJIFBheW1lbnQgU29sdXRpb25zIEluYy4xDDAKBgNVBAsMA1ImRDEcMBoGA1UEAwwTTlZJIFRlc3QgRkkgU2l0ZSAjMTEoMCYGCSqGSIb3DQEJARYZYW5kcmVhc21AbnZpc2lvbmlkZWFzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALULkB8SB+zg/rtSGGp+W4nX4fBRaR46ESoI8/2JUXOTQ4cnsrNf76h/CUsXe9LDdxRZsxcfcjc3C9ZwxMfc2L2KhvisHp0eKJIoV+J3Uk0YMRzbK/Jhk9bYDWCbKAKNxhJEH7oxCFvVha5VxccrMVNcrIrsNMook94qVr76syNfgwAtVwbdqtKIF3gt70OcgBHt4GzWrRftnflg/6nB717XIErS9zo20MRQvaCPc5d5uEUsexPku5nFajyhyuLcnmUF+xYJuLdRXkMKC1jC2xvHpJMJzddOr/dHFoQAiPiMAL2EIGA4kGLGmN1t9Un0+sCwyao5KqJvQlde9SXHdCfcJ564K6rMR8MQQpeL6E1N83VXY06v6Wglhqe7WDbwnb0dnfnr5fogNVyguIVXNH/zDZuRIBB7GIfWpaiXlUx357//DiDYLhyhYEx5siN8EF5vpWybNWTLtlMGfqUX6nNBB+Z6ndEr+wGDQ8kEwx+rm4nFGPWlzEssd83ZGnkQokcUIq/TAGhXjhTjsMkSwj5cnOscvFW6hAonIDio9AAEPIVRdWsWe1PHl5G99k59+VpTv+CxQYS8XeZVBxurn/+cQ882jYRYnRJIx+E3Ks8xfaXSKEwSgp375ZxGrphwgKw4k0wbRp1ZheJ+0y/hbL2j7HFo3Z5ANrkCw8eZQne5AgMBAAGjggNmMIIDYjALBgNVHQ8EBAMCBaAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBSEAjmUDb4VjLUfGzmVSww2aCTUtzA7BgkrBgEEAYI3FQcELjAsBiQrBgEEAYI3FQjtkFyC95U3h/mJGIfNjlPgwk+BYviwHYeClEkCAWQCAQMwHwYDVR0jBBgwFoAUndmwovf1o8l6tc5cqlAP4aag5GAwggEZBgNVHR8EggEQMIIBDDCCAQigggEEoIIBAIaBvGxkYXA6Ly8vQ049RGViaXRzLURpcmVjdCUyMFNlcnZpY2UsQ049c3FsXzAxLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPU5WSSxEQz1vZmZpY2U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vc3FsXzAxLm52aS5vZmZpY2UvQ2VydEVucm9sbC9EZWJpdHMtRGlyZWN0JTIwU2VydmljZS5jcmwwggEpBggrBgEFBQcBAQSCARswggEXMIG1BggrBgEFBQcwAoaBqGxkYXA6Ly8vQ049RGViaXRzLURpcmVjdCUyMFNlcnZpY2UsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9TlZJLERDPW9mZmljZT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTBdBggrBgEFBQcwAoZRaHR0cDovL3NxbF8wMS5udmkub2ZmaWNlL0NlcnRFbnJvbGwvc3FsXzAxLk5WSS5vZmZpY2VfRGViaXRzLURpcmVjdCUyMFNlcnZpY2UuY3J0MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA0EAJzBY0fPhbMHqKyRZb0ST9qs1O8W978O/PskcFHXTP+MVQQU4RVE3zE9J9GTYef4svUAXxFFsDMcaaYDwosv7HQ= </wsse:BinarySecurityToken><EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5">
</EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#x509token">
</wsse:Reference>
</wsse:SecurityTokenReference>
</KeyInfo>
<CipherData>
<CipherValue>
T7BGEB/MpUBC5BTcPoOCcJd8LbTEDL0eAd4s8Dsy2XlcvRvFmjX3pEX2o+OQdaKP
nYoLoJhZhReKmHLMafeBkNQfnQo8zkYq1XmXDN9ti2+8P/jeNeHkKrRoya1z3D7L
gxO7Q5t6rRylkM+dokM80s0q01MPaqB2C48TJ4eHn3ofYeoTsBaVINx5bb9MeJMF
URcwQEuiInJurFrr4H6vdZTHKwKHhuXUOlYIDwJUDBEMExBNsg6RZx5vUV1wUJ/W
5G0re8cnrz0g09h9yxn3f1c1pjCQxwVBc4UJZ+e4wV+z9he0jHGKNv5vtc6aa/0O
mN6xVyk549K00g1S+OCqoZCF7qinbkWNwWw7KXguAL/pe8TMR5kRE9dZNJdfM5jt
yvN8h8f18sSN1L+nc0zP3xQA2ch/c4Jjgya9vjVApbKC5v3iWRqLPSCcqyi3VJGW
OFw9InU5BXWmeHb1Ui9Fr/pY7TlQBdo5fJsX5TVjIOFkXqHkw6fy7pB7iQJodWSh
OXDz2MCJtnv08arEgjhqVarNCLdT1p93qiiJh2hF90/qoB5YSbwE/BAUqPHM3oj9
A4HmSrz+cBcCRsWwn7d/usQTxYNY1/+SAOlM+GnxYW57bDRD/KZm7U25maUf4oDQ
+rTrAf0jpELSdptiHb/U1ZlXs4gRtTwUIfr2ERJoYhE </CipherValue>
</CipherData>
<ReferenceList>
<DataReference URI="#-Encryption-Reference-URIs5Igv541LZqeu1XYJFnz3vkMMJQ=">
</DataReference>
</ReferenceList>
</EncryptedKey>

</wsse:Security></soap:Header>
<soap:Body Id="MsgBody"><EncryptedData Id="-Encryption-Reference-URIs5Igv541LZqeu1XYJFnz3vkMMJQ=" xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">
</EncryptionMethod>
<CipherData>
<CipherValue>f6jzT5qf+X3TuVcWxAKTF0i3TuxWR8b9O2hcWOa+Bl7Jf2YEWY/m2VyDuzyujTg4
8V2ysQVKfZ6FhHYy4J0HV+qU00bFLM5Ct8lTz3dNYc+Lh9/Q8mhhZws1Zq6rGR0E</CipherValue>
</CipherData>
</EncryptedData></soap:Body>
</soap:Envelope>
</log

Reply to this Message

HongMei Ge - 26 Aug 2004 21:33 GMT

Hi!

The error shows that your message didn't pass the policy verification on the server. More specifically, you MessagePredicate element in your policy file might be expecting the message to have all the addressing headers signed, such as the To header. However, the message only signed soap body.

Do you minding sharing your policy file on the server side? So we can be sure about this.

You can either loose your policy ( not recommended ) or make the RSA WS-Secure SDK to sign all the necessary parts ( recommended ).

Hope this helps!

hongmei
I am trying to get a very simple "Hello World" type web service to work with a client that uses the RSA WS-Secure SDK to implement the WS-Security portion of the message. I am signing and encrypting with X509v3 certificates, which I have tested with a regular .Net web service client app against the server.

The server is set up with WS-Policy to expect the specific signature and encryption.

The RSA-based client is returned the following soap fault:

Microsoft.Web.Services2.Policy.PolicyVerificationException: WSE402: The message does not conform to the policy it was mapped to.
at Microsoft.Web.Services2.Policy.SimplePolicyVerifier.VerifyMessageWithExpression(PolicyExpression expression, SoapEnvelope message, EndpointReference endpoint, String action, Uri requestEndpoint)
at Microsoft.Web.Services2.Policy.SimplePolicyVerifier.Verify(SoapEnvelope message)
at Microsoft.Web.Services2.Policy.PolicyVerificationInputFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message)

First off - where can I get documentation on WSE402? Anyone knows what that is???

I have the various traces set up on the server as well (with full details). The ReceivePolicy output is:
<log xmlns:wsp=http://schemas.xmlsoap.org/ws/2002/12/policy
xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
xmlns:wssp=http://schemas.xmlsoap.org/ws/2002/12/secext
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
xmlns:wse=http://schemas.microsoft.com/wse/2003/06/Policy
xmlns:wset="http://schemas.microsoft.com/wse/2003/09/PolicyTrace">
<wset:message to=http://localhost/server/Service1.asmx
from=http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous
action=http://tempuri.org/server/Service1/HelloWorld
messageId="uuid:946a71bb-3b4b-4937-b7d9-6e5cf1b89ed3"
appDomain="/LM/w3svc/1/root/server-23-127378684432468564"
time="2004-08-24T10:47:24.3405644-07:00">
<wset:verify qname="wsp:Policy" wsu:Id="#Sign-X.509-Encrypt-X.509" usage="Required" satisfied="false">
<wset:verify qname="wsp:MessagePredicate" usage="Required" satisfied="false" />
</wset:verify>
</wset:message>
</log>

It is clear that the policy failed, but no details on specifically what exactly failed. Is there a way to get more specific details on what part of the policy fails?

Finally, has anyone else worked with this RSA SDK and have had sucess in making it workk with a .Net-based web-service?

Thanks,

Andreas Mertens
andreasm@<remove - spam>nvisionideas.com

PS: below is the message intercepted at the server:

<?xml version="1.0" encoding="utf-8"?>
<log>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action wsu:Id="Id-8b02fff6-7838-4d27-8877-46e2013966be">http://tempuri.org/server/Service1/HelloWorld</wsa:Action>
<wsa:MessageID wsu:Id="Id-e5f22baf-6580-44d9-b2fa-5e0a03b16289">uuid:946a71bb-3b4b-4937-b7d9-6e5cf1b89ed3</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-45d19edb-16d5-4663-b0f7-c3e175a54026">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-6a29355b-b18f-4ab3-b8eb-52bcb48db3e6">http://localhost/server/Service1.asmx</wsa:To>
<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext">
<BinarySecurityToken xmlns="http://schemas.xmlsoap.org/ws/2003/06/secext" wsu:Id="signWithX509Tok" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary">
MIIHkTCCBzugAwIBAgIKMTQtRgAAAAAADDANBgkqhkiG9w0BAQUFADCBtzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRIwEAYDVQQHEwlWYW5jb3V2ZXIxIzAhBgNVBAoTGk5WSSBQYXltZW50IFNvbHV0aW9ucyBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMR4wHAYDVQQDExVEZWJpdHMtRGlyZWN0IFNlcnZpY2UxLTArBgkqhkiG9w0BCQEWHmFkbWluaXN0cmF0b3JAbnZpc2lvbmlkZWFzLmNvbTAeFw0wNDA4MTUxNjIwMThaFw0wNTA4MTUxNjIwMThaMIGtMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEjMCEGA1UEChMaTlZJIFBheW1lbnQgU29sdXRpb25zIEluYy4xDDAKBgNVBAsMA1ImRDEgMB4GA1UEAwwXTlZJIFRlc3QgVmVuZG9yIFNpdGUgIzExKDAmBgkqhkiG9w0BCQEWGWFuZHJlYXNtQG52aXNpb25pZGVhcy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOvmhwmzx9Vu0wqUELa3lE8Fj8l6Y1Q7R9KvGRnoi3WSjfJKORH7bxJjhGUBdSfTbUgCuR3C+hScRygEAiNN8YZ62MWnx/eT70jZOJKlWwM556udGc2R35iP8UVMXSxLacsw7WEZn4kGW0yfQE00N1cFzaI6vHTmn3GKbS+vqW4EII3APzQ4PAFvBeBSvD8N0U3EeBiona2AhI85Fm2LkGwsoAQr+tsajA/AfeO34nG+q1suLOxhkPYnW0Q4kccwlHWP4FVrZLHDx5ToLZeraG2lL6chnsx0BAbGOaKPfwY9aV3z1pv3vMhmBBP3NGe/BwQqGtEpPi2QmjZ8Z+CityXeet5BIXRKakFFiVALkTZw60spCkGzicXVIZ3xprlgZs/dyPeFqGSkPHWg9fP1oM1yPdFxaOPKXzG+vfQppQz6KF1D7G8VqEo/CYyrxj1UdDLplK/EAHwZARTjXCc3yiNVQrMHhIGtmMXLyVva8IuxTHnGradmjGDeQsrfDMpCh8xGwjh0F32ntGh/BY4R4IvM4hnR//Q2HT+vKNtdndZWr5NSZc5kwTblnqxrnVr8wADQww/P9r045pJNh3WqHcpaE1yjYD6nym/TkjLumv9pSi+M4G79FshVccZGpdgUtOceGSkv/OdwBCICmmLtE+HvWWS8jWuWJ1mNh9FneLBQIDAQABo4IDZzCCA2MwCwYDVR0PBAQDAgWgMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUbxqWrQATn6WCcx6USI85YJGWMf0wPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUI7ZBcgveVN4f5iRiHzY5T4MJPgWKHtIUBh/73PQIBZAIBAjAfBgNVHSMEGDAWgBSd2bCi9/WjyXq1zlyqUA/hpqDkYDCCARkGA1UdHwSCARAwggEMMIIBCKCCAQSgggEAhoG8bGRhcDovLy9DTj1EZWJpdHMtRGlyZWN0JTIwU2VydmljZSxDTj1zcWxfMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9TlZJLERDPW9mZmljZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGP2h0dHA6Ly9zcWxfMDEubnZpLm9mZmljZS9DZXJ0RW5yb2xsL0RlYml0cy1EaXJlY3QlMjBTZXJ2aWNlLmNybDCCASkGCCsGAQUFBwEBBIIBGzCCARcwgbUGCCsGAQUFBzAChoGobGRhcDovLy9DTj1EZWJpdHMtRGlyZWN0JTIwU2VydmljZSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1OVkksREM9b2ZmaWNlP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MF0GCCsGAQUFBzAChlFodHRwOi8vc3FsXzAxLm52aS5vZmZpY2UvQ2VydEVucm9sbC9zcWxfMDEuTlZJLm9mZmljZV9EZWJpdHMtRGlyZWN0JTIwU2VydmljZS5jcnQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADQQBP+VsAqxCz1RgF34ydsyudVnCEYNkGFw+g2aZZd8q6/X7P1SswRYZtlhnA2EeVd/uXXCy2wRM8zddFI12ZD+UU
</BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#MsgBody">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">
</DigestMethod>
<DigestValue>7TU8cy3JWxgtE0lXFH3v76GXtN0 </DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>mvXfc2oPm4WLk821+0RAHTOydLxmvrndO2GhYNO+Ieww9n8Lw5BLP8HWC+OGj5nw t/MHzFG2nyYLMxP6RYEJd7HyYemQvnhAIsvnhZQ1BBjQ5/FtNl1hkVhUL/jXXxFu ElcfN38e6Wm0WDF5o/zCyGuNci+5rK9UwSK/DpPErx4xwcZk2J3Lj0VZSXfGntsE +Qo+xELIxITcJSVUJ2PPmBL7PUQY20wPP5XfJV5Ekyrq4MOQtVDNz/uSja6WMeDi l45OdnCrIiXfOr2KDTM0pT8q4E1DWVWJ2BCPIjjHk/ypAt9VCNokq2tWlH+lX7P+ YG4Dl9MFb0p/Oo85oEC9C9p9Tr0p7y8+d6/yxBhAjPfe/WZoo1fEt8Awf+wfxpH8 r3XFn9abGnMB/kfeMzWx7DoeDsAirCusdCzNrJDaFRmvlYdlW/ooyXq4b4ET0/Up RkNozqHAiDKBl8qZltMTI0Q1g91i7U0dFx7cOBWq7Q6KDfzSOlR3eENaibXxLSAs TCzA4TqQwQuSaV0cn7rr/Qp8dUuD0vBo+SGiPOsmXJibJ+RGfZBBuMSH+hpa1K7q vSv6W9CT5qa+l8Lgt2EYlq8GwnmV5jvVtuiDD0Fs504K1l2OkfkE3JPpoh4ULHwu 80rIt2CWx7//v3lauz43nSOhO5bVbMVC2IXmfa4hGbo </SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<SecurityTokenReference>
<Reference URI="#signWithX509Tok">
</Reference>
</SecurityTokenReference>
</KeyInfo>
</Signature><wsse:BinarySecurityToken wsu:Id="x509token" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary">
MIIHjDCCBzagAwIBAgIKNeRgbwAAAAAADTANBgkqhkiG9w0BAQUFADCBtzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRIwEAYDVQQHEwlWYW5jb3V2ZXIxIzAhBgNVBAoTGk5WSSBQYXltZW50IFNvbHV0aW9ucyBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMR4wHAYDVQQDExVEZWJpdHMtRGlyZWN0IFNlcnZpY2UxLTArBgkqhkiG9w0BCQEWHmFkbWluaXN0cmF0b3JAbnZpc2lvbmlkZWFzLmNvbTAeFw0wNDA4MTYxNDEwNTVaFw0wNTA4MTYxNDEwNTVaMIGpMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEjMCEGA1UEChMaTlZJIFBheW1lbnQgU29sdXRpb25zIEluYy4xDDAKBgNVBAsMA1ImRDEcMBoGA1UEAwwTTlZJIFRlc3QgRkkgU2l0ZSAjMTEoMCYGCSqGSIb3DQEJARYZYW5kcmVhc21AbnZpc2lvbmlkZWFzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALULkB8SB+zg/rtSGGp+W4nX4fBRaR46ESoI8/2JUXOTQ4cnsrNf76h/CUsXe9LDdxRZsxcfcjc3C9ZwxMfc2L2KhvisHp0eKJIoV+J3Uk0YMRzbK/Jhk9bYDWCbKAKNxhJEH7oxCFvVha5VxccrMVNcrIrsNMook94qVr76syNfgwAtVwbdqtKIF3gt70OcgBHt4GzWrRftnflg/6nB717XIErS9zo20MRQvaCPc5d5uEUsexPku5nFajyhyuLcnmUF+xYJuLdRXkMKC1jC2xvHpJMJzddOr/dHFoQAiPiMAL2EIGA4kGLGmN1t9Un0+sCwyao5KqJvQlde9SXHdCfcJ564K6rMR8MQQpeL6E1N83VXY06v6Wglhqe7WDbwnb0dnfnr5fogNVyguIVXNH/zDZuRIBB7GIfWpaiXlUx357//DiDYLhyhYEx5siN8EF5vpWybNWTLtlMGfqUX6nNBB+Z6ndEr+wGDQ8kEwx+rm4nFGPWlzEssd83ZGnkQokcUIq/TAGhXjhTjsMkSwj5cnOscvFW6hAonIDio9AAEPIVRdWsWe1PHl5G99k59+VpTv+CxQYS8XeZVBxurn/+cQ882jYRYnRJIx+E3Ks8xfaXSKEwSgp375ZxGrphwgKw4k0wbRp1ZheJ+0y/hbL2j7HFo3Z5ANrkCw8eZQne5AgMBAAGjggNmMIIDYjALBgNVHQ8EBAMCBaAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBSEAjmUDb4VjLUfGzmVSww2aCTUtzA7BgkrBgEEAYI3FQcELjAsBiQrBgEEAYI3FQjtkFyC95U3h/mJGIfNjlPgwk+BYviwHYeClEkCAWQCAQMwHwYDVR0jBBgwFoAUndmwovf1o8l6tc5cqlAP4aag5GAwggEZBgNVHR8EggEQMIIBDDCCAQigggEEoIIBAIaBvGxkYXA6Ly8vQ049RGViaXRzLURpcmVjdCUyMFNlcnZpY2UsQ049c3FsXzAxLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPU5WSSxEQz1vZmZpY2U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vc3FsXzAxLm52aS5vZmZpY2UvQ2VydEVucm9sbC9EZWJpdHMtRGlyZWN0JTIwU2VydmljZS5jcmwwggEpBggrBgEFBQcBAQSCARswggEXMIG1BggrBgEFBQcwAoaBqGxkYXA6Ly8vQ049RGViaXRzLURpcmVjdCUyMFNlcnZpY2UsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9TlZJLERDPW9mZmljZT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTBdBggrBgEFBQcwAoZRaHR0cDovL3NxbF8wMS5udmkub2ZmaWNlL0NlcnRFbnJvbGwvc3FsXzAxLk5WSS5vZmZpY2VfRGViaXRzLURpcmVjdCUyMFNlcnZpY2UuY3J0MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA0EAJzBY0fPhbMHqKyRZb0ST9qs1O8W978O/PskcFHXTP+MVQQU4RVE3zE9J9GTYef4svUAXxFFsDMcaaYDwosv7HQ= </wsse:BinarySecurityToken><EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5">
</EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#x509token">
</wsse:Reference>
</wsse:SecurityTokenReference>
</KeyInfo>
<CipherData>
<CipherValue>
T7BGEB/MpUBC5BTcPoOCcJd8LbTEDL0eAd4s8Dsy2XlcvRvFmjX3pEX2o+OQdaKP
nYoLoJhZhReKmHLMafeBkNQfnQo8zkYq1XmXDN9ti2+8P/jeNeHkKrRoya1z3D7L
gxO7Q5t6rRylkM+dokM80s0q01MPaqB2C48TJ4eHn3ofYeoTsBaVINx5bb9MeJMF
URcwQEuiInJurFrr4H6vdZTHKwKHhuXUOlYIDwJUDBEMExBNsg6RZx5vUV1wUJ/W
5G0re8cnrz0g09h9yxn3f1c1pjCQxwVBc4UJZ+e4wV+z9he0jHGKNv5vtc6aa/0O
mN6xVyk549K00g1S+OCqoZCF7qinbkWNwWw7KXguAL/pe8TMR5kRE9dZNJdfM5jt
yvN8h8f18sSN1L+nc0zP3xQA2ch/c4Jjgya9vjVApbKC5v3iWRqLPSCcqyi3VJGW
OFw9InU5BXWmeHb1Ui9Fr/pY7TlQBdo5fJsX5TVjIOFkXqHkw6fy7pB7iQJodWSh
OXDz2MCJtnv08arEgjhqVarNCLdT1p93qiiJh2hF90/qoB5YSbwE/BAUqPHM3oj9
A4HmSrz+cBcCRsWwn7d/usQTxYNY1/+SAOlM+GnxYW57bDRD/KZm7U25maUf4oDQ
+rTrAf0jpELSdptiHb/U1ZlXs4gRtTwUIfr2ERJoYhE </CipherValue>
</CipherData>
<ReferenceList>
<DataReference URI="#-Encryption-Reference-URIs5Igv541LZqeu1XYJFnz3vkMMJQ=">
</DataReference>
</ReferenceList>
</EncryptedKey>

</wsse:Security></soap:Header>
<soap:Body Id="MsgBody"><EncryptedData Id="-Encryption-Reference-URIs5Igv541LZqeu1XYJFnz3vkMMJQ=" xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">
</EncryptionMethod>
<CipherData>
<CipherValue>f6jzT5qf+X3TuVcWxAKTF0i3TuxWR8b9O2hcWOa+Bl7Jf2YEWY/m2VyDuzyujTg4
8V2ysQVKfZ6FhHYy4J0HV+qU00bFLM5Ct8lTz3dNYc+Lh9/Q8mhhZws1Zq6rGR0E</CipherValue>
</CipherData>
</EncryptedData></soap:Body>
</soap:Envelope>
</log

Reply to this Message

Andreas Mertens - 27 Aug 2004 19:22 GMT

The following is the policyCache.config file in its entirety, with only e-mail address in the certs blanked out. It was generated with the WSE 2.0 Configuration Editor (see below)

Thanks,

Andreas

<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy">
<mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy">

<endpoint uri="http://localhost/server/Service1.asmx">
<defaultOperation>
<request policy="#Sign-X.509-Encrypt-X.509" />
<response policy="#Sign-X.509-Encrypt-X.509-1" />
<fault policy="" />
</defaultOperation>
</endpoint>
</mappings>
<policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing">
<wsp:Policy wsu:Id="Sign-X.509-Encrypt-X.509">

<wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()</wsp:MessagePredicate>

<wssp:Integrity wsp:Usage="wsp:Required">
<wssp:TokenInfo>

<wssp:SecurityToken wse:IdentityToken="true">
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X
509v3</wssp:TokenType>
<wssp:TokenIssuer>C, S, L=Vancouver, O=NVI Payment Solutions Inc., OU=Operations, CNbits-Direct Service, Eministrator@xxxxx.com</wssp:TokenIssuer>
<wssp:Claims>

<wssp:SubjectName MatchType="wssp:Exact">C, S, L=Vancouver, O=NVI Payment Solutions Inc., OU=R&D, CN="NVI Test Vendor Site #1", E=andreasm@xxxxx.com</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bxqWrQATn6WCcx6USI85YJGWMf0=</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
</wssp:Integrity>

<wssp:Confidentiality wsp:Usage="wsp:Required">
<wssp:KeyInfo>

<wssp:SecurityToken>
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X
509v3</wssp:TokenType>
<wssp:TokenIssuer>C, S, L=Vancouver, O=NVI Payment Solutions Inc., OU=Operations, CNbits-Direct Service, Eministrator@xxxxx.com</wssp:TokenIssuer>
<wssp:Claims>

<wssp:SubjectName MatchType="wssp:Exact">C, S, L=Vancouver, O=NVI Payment Solutions Inc., OU=R&D, CN="NVI Test FI Site #1", E=andreasm@xxxxx.com</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">hAI5lA2+FYy1Hxs5lUsMNmgk1Lc=</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:KeyInfo>
<wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts>
</wssp:Confidentiality>
</wsp:Policy>
<wsp:Policy wsu:Id="Sign-X.509-Encrypt-X.509-1">

<wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()</wsp:MessagePredicate>

<wssp:Integrity wsp:Usage="wsp:Required">
<wssp:TokenInfo>

<wssp:SecurityToken>
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X
509v3</wssp:TokenType>
<wssp:TokenIssuer>C, S, L=Vancouver, O=NVI Payment Solutions Inc., OU=Operations, CNbits-Direct Service, Eministrator@xxxxx.com</wssp:TokenIssuer>
<wssp:Claims>

<wssp:SubjectName MatchType="wssp:Exact">C, S, L=Vancouver, O=NVI Payment Solutions Inc., OU=R&D, CN="NVI Test FI Site #1", E=andreasm@xxxxxx.com</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">hAI5lA2+FYy1Hxs5lUsMNmgk1Lc=</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
</wssp:Integrity>

<wssp:Confidentiality wsp:Usage="wsp:Required">
<wssp:KeyInfo>

<wssp:SecurityToken wse:IdentityToken="true">
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X
509v3</wssp:TokenType>
</wssp:SecurityToken>
</wssp:KeyInfo>
<wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts>
</wssp:Confidentiality>
</wsp:Policy>
</policies>
</policyDocument>
Hi!

...
Do you minding sharing your policy file on the server side? So we can be sure about this.

Reply to this Message

Rate this thread:

Interop with RSA Secure-WS product

Free Magazines