WSO2Con 2013 CFP Banner

wso2 2.1.0 rampc:ClockSkewBuffer

Home » Forums » Project: WSO2 Web Services Framework for PHP (WSO2 WSF/PHP)
jfaircloth's picture
Submitted by jfaircloth on August 7, 2010 - 15:31
Hello I am having an issue in which the service I am trying to consume runs on a server that the clock runs faster then mine. I have requested several times that they implement a more efficient process for keeping their time updated but it does not appear to be resolved. Troubleshooting this issue I have noticed that there have been changes since the 2.1.0 release that allows for this type of issue by setting the rampart configuration ClockSkewBuffer. It appears I may not be implementing this correctly because my clock skew buffer value equals 0 at the time of validating the response time stamp. This is happening during the token request and response. I continually receive the errors: [rampart]Timestamp not valid: Created time is not valid [rampart]Timestamp is not valid Can someone please look at my policy file and tell me how I implement and ClockSkewBuffer of 3 seconds during the Token Service request? Thanks John
AttachmentSize
policy.xml7.43 KB
‹ DateTime Deserializing Error Problem with <wsa:From> ›
  • 1024 reads
nandika's picture

Re

Submitted by nandika on August 16, 2010 - 01:50.
Try setting it to 300. Usually the time is in miliseconds. Eg <rampc:TimeToLive>360</rampc:TimeToLive> <rampc:ClockSkewBuffer>300</rampc:ClockSkewBuffer> Regards Nandika
lcyhao.yahoo.com's picture

I met the same exact problem

Submitted by lcyhao.yahoo.com on August 19, 2010 - 08:17.
I have the same exact issue, it does not work by putting the following two lines in the policy file. <rampc:TimeToLive>360</rampc:TimeToLive> <rampc:ClockSkewBuffer>300</rampc:ClockSkewBuffer> This is part of my policy file. </sp:Wss10> <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy"> <rampc:TimeToLive>360</rampc:TimeToLive> <rampc:ClockSkewBuffer>360</rampc:ClockSkewBuffer> <rampc:PrecisionInMilliseconds>false</rampc:PrecisionInMilliseconds> </rampc:RampartConfig> </wsp:All> Regards, Bruce
lcyhao.yahoo.com's picture

Which policy file and where should ClockSkewBuffer go

Submitted by lcyhao.yahoo.com on August 19, 2010 - 08:40.
Hi Nandika, jfaircloth , Can you please explain where the following two lines go? <rampc:TimeToLive>360</rampc:TimeToLive> <rampc:ClockSkewBuffer>300</rampc:ClockSkewBuffer> Should it go to the policy file for creating WSClient? Or is it a separate policy file for rampart? Thanks, Bruce
nandika's picture

Re

Submitted by nandika on August 19, 2010 - 21:36.
Actually, I took the example from rampart. The option is available from rampart but it the ClockSkewBuffer option has not been added to the WSSecurityToken options.Could you raise a jira issue for this. Regards Nandika
lcyhao.yahoo.com's picture

Re

Submitted by lcyhao.yahoo.com on August 25, 2010 - 14:41.
Sorry, don't yet know how to raise a jira issue. Regards, Bruce
pputerla.hstechnology.pl's picture

jira bug submitted

Submitted by pputerla.hstech... on October 2, 2010 - 13:22.
The bug is here: https://wso2.org/jira/browse/WSFPHP-454 Well... should I do the fix (because I filed the bug) or perhaps someone will take care of that? I am asking because for me it will take much more time (like couple weeks) than for a permanent WSO2/WSF developer. On the other hand I am going to dig for the source of another bug that is making me crazy. I am getting segfaults with WSO2 WSF/PHP (many versions) on Ubuntu 10.04.1 with php 5.3.3 or 5.3.2 and it is really stopping my own development. So maybe during that digging I can try to add this ClockSkewBuffer to WSF/PHP to be set from policy.xml and php directly.
eagle82's picture

 I uploaded a fix to the

Submitted by eagle82 on February 15, 2011 - 13:31.
 I uploaded a fix to the issue https://wso2.org/jira/browse/WSFPHP-454. This works fine using WSSecurityToken, so the example usage would be: $sec_token = new WSSecurityToken(array("privateKey" => $pvt_key,    "receiverCertificate" => $rec_cert,    "certificate" => $my_cert,    "ttl" => 300,    "clockSkewBuffer" => 324)); It seems to take a max skew of 324.