[wsf-php-user] PHP to WebLogic Problems
Kaushalye Kapuruge
kaushalye at wso2.com
Fri Aug 24 00:54:48 PDT 2007
Hi Shawn,
The server should treat the password as a plaintext or as a digest,
depending on the "Type" attribute of the "Password" element.
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
>password_in_plain_text</wsse:Password>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
>PASSWORDDIGEST=</wsse:Password>
Cheers,
Kaushalye
Manjula Peiris wrote:
> Hi Shawn,
>
> As mentioned in the usernametoken profile [1] nonce and created are
> optional when sending password as plaintext. If someone sends them with
> plaintext password they have no use when authenticating. So we do not
> send them with plaintext password. If the server expect them when
> sending the password as plaintext it is a bug on serverside.
>
> [1]http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
>
> Thanks
> -Manjula.
>
>
>
>
> On Fri, 2007-08-24 at 08:26 +0200, Shawn Hamman wrote:
>
>> Hi All,
>>
>> I changed the password to plaintext and requested the algorithm suite from
>> the server administrator.
>>
>> I notice that in the valid post that was sent to me the username token still
>> includes a timestamp and nonce even though the password is in plain text. Do
>> you think this could affect anything?
>>
>> Regards,
>> Shawn
>>
>>
>>> -----Original Message-----
>>> From: Manjula Peiris [mailto:manjula at wso2.com]
>>> Sent: 24 August 2007 05:26 AM
>>> To: wsf-php-user at wso2.org
>>> Cc: shawn at melange.co.za
>>> Subject: RE: [wsf-php-user] PHP to WebLogic Problems
>>>
>>> On Fri, 2007-08-24 at 08:42 +0530, Manjula Peiris wrote:
>>>
>>>> Hi Shawn,
>>>>
>>>> Looking at your service policies it is not clear whether the service
>>>> needs plainText password or digested password. But in its message out
>>>> policies it sends the password as plaintext. so try sending the password
>>>> associated with the usernametoken in plaintext. To do this set the
>>>>
>>>> passwordType => plainText
>>>>
>>>> in your PHP script. If you are using a policy file set the
>>>>
>>>> <rampc:PasswordType>plainText<rampc:PasswordType>.
>>>>
>>>> BTW I noticed in the valid soap message you sent contained the
>>>> password as plainText.
>>>>
>>> And I also noticed that in the service policies it does not specify what
>>> are the algorithms to be used when encrypting and signing. so please try
>>> to find this. And what is the value of Algorithmsuite property in you
>>> client?
>>>
>>> -Manjula.
>>>
>>>
>>>> Thanks,
>>>> -Manjula.
>>>>
>>>> On Thu, 2007-08-23 at 15:48 +0200, Shawn Hamman wrote:
>>>>
>>>>> Hi Manjula,
>>>>>
>>>>> Attached is the policy as provided to me by the mobile operator.
>>>>>
>>>>> Regards,
>>>>> Shawn
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Manjula Peiris [mailto:manjula at wso2.com]
>>>>>> Sent: 23 August 2007 11:30 AM
>>>>>> To: shawn at melange.co.za
>>>>>> Subject: RE: [wsf-php-user] PHP to WebLogic Problems
>>>>>>
>>>>>> Hi Shawn,
>>>>>>
>>>>>> It doesn't have any reference on the policies used. Where can I find
>>>>>>
>>> the
>>>
>>>>>> Policies ?. And please send them to the wsf-php-user list, So that
>>>>>> others also can involve in finding the solution.
>>>>>>
>>>>>> -Manjula.
>>>>>>
>>>>>> On Thu, 2007-08-23 at 10:51 +0200, Shawn Hamman wrote:
>>>>>>
>>>>>>> Hi Manjula,
>>>>>>>
>>>>>>> Yes, they are different because the post from the PHP framework
>>>>>>>
>> was
>>
>>> done
>>>
>>>>> by
>>>>>
>>>>>>> myself with my certificate. The other one, the valid post was done
>>>>>>>
>> by
>>
>>>>>>> somebody else with their certificate.
>>>>>>>
>>>>>>> I have attached the service WSDL.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Shawn
>>>>>>>
>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Manjula Peiris [mailto:manjula at wso2.com]
>>>>>>>> Sent: 23 August 2007 10:32 AM
>>>>>>>> To: shawn at melange.co.za
>>>>>>>> Subject: RE: [wsf-php-user] PHP to WebLogic Problems
>>>>>>>>
>>>>>>>> Hi Shawn,
>>>>>>>>
>>>>>>>> >From the two certificates I mean the certificates found in the
>>>>>>>> <BinarySecurityToken> elements in the soap messages you have
>>>>>>>>
>> sent.
>>
>>> Not
>>>
>>>>>>>> the two certificates you have sent to me through mail.
>>>>>>>> I asked it because the certificate found in the valid message to
>>>>>>>>
>>> the
>>>
>>>>>>>> server and the certificate found in the message sent from php
>>>>>>>>
>>>>> framework
>>>>>
>>>>>>>> are different.
>>>>>>>>
>>>>>>>> And can you send the wsdl of the service or the uri of the wsdl.
>>>>>>>> Normally this can be otained by adding ?wsdl at the end of the
>>>>>>>>
>>> service
>>>
>>>>>>>> uri.
>>>>>>>> eg:http://service/url?wsdl.
>>>>>>>>
>>>>>>>> If you find this please send to the wsf-php-user list.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> -Manjula.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, 2007-08-23 at 10:05 +0200, Shawn Hamman wrote:
>>>>>>>>
>>>>>>>>> Hi Manjula,
>>>>>>>>>
>>>>>>>>> Unfortunately the server side is controlled by a mobile
>>>>>>>>>
>> operator
>>
>>> who
>>>
>>>>> is
>>>>>
>>>>>>> not
>>>>>>>
>>>>>>>> very helpful (nor, do I think, are the staff there willing to
>>>>>>>>
>>> assist)
>>>
>>>>> so
>>>>>
>>>>>>> the
>>>>>>>
>>>>>>>> server side policies can't be changed.
>>>>>>>>
>>>>>>>>> If you are referring to the two certificates in the post that
>>>>>>>>>
>> I
>>
>>> sent
>>>
>>>>>> and
>>>>>>
>>>>>>>> the valid post that I attached to the email, it is because the
>>>>>>>>
>>> valid
>>>
>>>>> post
>>>>>
>>>>>>> was
>>>>>>>
>>>>>>>> not done by me. The text file was supplied to me by the mobile
>>>>>>>>
>>>>> operator
>>>>>
>>>>>> so
>>>>>>
>>>>>>>> that I could compare what I was sending to a valid post.
>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Shawn
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> -----Original Message-----
>>>>>>>>>> From: Manjula Peiris [mailto:manjula at wso2.com]
>>>>>>>>>> Sent: 23 August 2007 10:00 AM
>>>>>>>>>> To: shawn at melange.co.za
>>>>>>>>>> Cc: wsf-php-user at wso2.org
>>>>>>>>>> Subject: RE: [wsf-php-user] PHP to WebLogic Problems
>>>>>>>>>>
>>>>>>>>>> Hi Shawn,
>>>>>>>>>>
>>>>>>>>>> Can't you adjust the server side policies just for testing
>>>>>>>>>>
>> the
>>
>>>>>> signing
>>>>>>
>>>>>>>>>> only scenario ?
>>>>>>>>>> And as I mentioned in the previous mail why does the two
>>>>>>>>>>
>>>>> certificates
>>>>>
>>>>>>>>>> are different ?
>>>>>>>>>>
>>>>>>>>>> -Manjula.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, 2007-08-23 at 08:45 +0200, Shawn Hamman wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Manjula,
>>>>>>>>>>>
>>>>>>>>>>> Sign, no encrypt, no time stamp, no username token (see
>>>>>>>>>>>
>>> attached
>>>
>>>>>>> text
>>>>>>>
>>>>>>>>>> file):
>>>>>>>>>>
>>>>>>>>>>> Response:
>>>>>>>>>>>
>>>>>>>> com.bea.wlw.runtime.jws.wssecurity.exception.WLWWSSEException:
>>>>>>>>
>>>>>>>>>> Policy requires Message to be encrypted, Message was not
>>>>>>>>>>
>>>>> encrypted.
>>>>>
>>>>>>>>>>> No sign, encrypt, no time stamp, no username token:
>>>>>>>>>>> Response:
>>>>>>>>>>>
>>>>>>>> com.bea.wlw.runtime.jws.wssecurity.exception.WLWWSSEException:
>>>>>>>>
>>>>>>>>>> Policy requires Message to be signed, Message was not
>>>>>>>>>>
>> signed.
>>
>>>>>>>>>>> Sign, Encrypt, no time stamp, no username token
>>>>>>>>>>> Response:
>>>>>>>>>>>
>>>>>>>> com.bea.wlw.runtime.jws.wssecurity.exception.WLWWSSEException:
>>>>>>>>
>>>>>>>>>> Policy requires Message to contain UsernameToken,
>>>>>>>>>>
>> UsernameToken
>>
>>>>> not
>>>>>
>>>>>>> found
>>>>>>>
>>>>>>>> in
>>>>>>>>
>>>>>>>>>> the Message.
>>>>>>>>>>
>>>>>>>>>>> Sign, Encrypt, no time stamp, username token:
>>>>>>>>>>> Response: javax.xml.rpc.soap.SOAPFaultException: One or
>>>>>>>>>>>
>> more
>>
>>>>>>> references
>>>>>>>
>>>>>>>>>> failed to validate: <Reference URI="#SecurityToken-fce7626e-
>>>>>>>>>>
>>> 5143-
>>>
>>>>>> 1dc1"
>>>>>>
>>>>>>> />
>>>>>>>
>>>>>>>>>>> Where #SecurityToken-fce7626e-5143-1dc1 is:
>>>>>>>>>>>
>>>>>>>>>>> <wsse:UsernameToken
>>>>>>>>>>>
>> wsu:Id="SecurityToken-fce7626e-5143-1dc1"
>>
>>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
>>>>>
>>>>>>>>>> wssecurity-utility-1.0.xsd">
>>>>>>>>>>
>>>>>>>>>>> <wsse:Username>901000322</wsse:Username>
>>>>>>>>>>> <wsse:Password
>>>>>>>>>>>
>>>>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>>>
>>>>>>>> 200401-
>>>>>>>>
>>>>>>>>>> wss-username-token-profile-
>>>>>>>>>>
>>>>>>>>>>
>>> 1.0#PasswordDigest">E09FIXWyVi8c1OUK5px8ZsYgbxo=</wsse:Password>
>>>
>>>>>>>>>>> <wsse:Nonce>A66CNhbJ64JJOoszXIUe4Q==</wsse:Nonce>
>>>>>>>>>>> <wsu:Created>2007-08-23T06:42:16.194Z</wsu:Created>
>>>>>>>>>>> </wsse:UsernameToken>
>>>>>>>>>>>
>>>>>>>>>>> And referenced from:
>>>>>>>>>>>
>>>>>>>>>>> <ds:Reference URI="#SecurityToken-fce7626e-5143-1dc1">
>>>>>>>>>>> <ds:Transforms>
>>>>>>>>>>> <ds:Transform
>>>>>>>>>>>
>>>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
>>>>>
>>>>>>>>>>> </ds:Transform>
>>>>>>>>>>> </ds:Transforms>
>>>>>>>>>>> <ds:DigestMethod
>>>>>>>>>>>
>>>>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">
>>>>>>
>>>>>>>>>>> </ds:DigestMethod>
>>>>>>>>>>>
>>>>>>>>>>>
>> <ds:DigestValue>tuMZKRIuH2qopbfjPbNQv9jJje8=</ds:DigestValue>
>>
>>>>>>>>>>> </ds:Reference>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>>>>> Shawn
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> -----Original Message-----
>>>>>>>>>>>> From: Manjula Peiris [mailto:manjula at wso2.com]
>>>>>>>>>>>> Sent: 23 August 2007 07:14 AM
>>>>>>>>>>>> To: shawn at melange.co.za; wsf-php-user at wso2.org
>>>>>>>>>>>> Subject: Re: [wsf-php-user] PHP to WebLogic Problems
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Shawn,
>>>>>>>>>>>>
>>>>>>>>>>>> Looking at the two messages I have noticed that the keys
>>>>>>>>>>>>
>>> used
>>>
>>>>> to
>>>>>
>>>>>>> sign
>>>>>>>
>>>>>>>>>>>> the two messages are different. But if you attached the
>>>>>>>>>>>>
>>>>> correct
>>>>>
>>>>>>>>>>>> certificates corresponding to the different keys this
>>>>>>>>>>>>
>> won't
>>
>>> be
>>>
>>>>> a
>>>>>
>>>>>>>>>>>> problem. So first please check the attaching
>>>>>>>>>>>>
>> certificates
>>
>>> are
>>>
>>>>>>> correct
>>>>>>>
>>>>>>>> or
>>>>>>>>
>>>>>>>>>>>> not.
>>>>>>>>>>>>
>>>>>>>>>>>> And please try sending the message without a username
>>>>>>>>>>>>
>> and
>>
>>> the
>>>
>>>>>>>> timestamp
>>>>>>>>
>>>>>>>>>>>> and only signing the body of the message. Then we can
>>>>>>>>>>>>
>>> findout
>>>
>>>>>>> exactly
>>>>>>>
>>>>>>>>>>>> where the problem is.
>>>>>>>>>>>>
>>>>>>>>>>>> -Manjula.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, 2007-08-22 at 14:36 +0200, Shawn Hamman wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Guys,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have followed Kaushalye's suggestion and changed
>>>>>>>>>>>>>
>>> namespace
>>>
>>>>>>> prefix
>>>>>>>
>>>>>>>>>> from
>>>>>>>>>>
>>>>>>>>>>>>> "u:" to "wsu:", rebuilt, re-deployed and re-tested
>>>>>>>>>>>>>
>> with
>>
>>> the
>>>
>>>>>> same
>>>>>>
>>>>>>>>>> result.
>>>>>>>>>>
>>>>>>>>>>>>> When I compare what I am posting to WebLogic to what
>>>>>>>>>>>>>
>> the
>>
>>>>> mobile
>>>>>
>>>>>>>>>> operator
>>>>>>>>>>
>>>>>>>>>>>>> insists is a valid post, I don?t see any difference
>>>>>>>>>>>>>
>> that
>>
>>>>> should
>>>>>
>>>>>>>> cause
>>>>>>>>
>>>>>>>>>> my
>>>>>>>>>>
>>>>>>>>>>>>> post to be rejected.
>>>>>>>>>>>>>
>>>>>>>>>>>>> The only things I can come up with are:
>>>>>>>>>>>>> - The c14n transform of the Username token ends up
>>>>>>>>>>>>>
>> with a
>>
>>>>>>> different
>>>>>>>
>>>>>>>>>> result
>>>>>>>>>>
>>>>>>>>>>>>> on the PHP side than on the WebLogic side which is
>>>>>>>>>>>>>
>>> causing
>>>
>>>>> the
>>>>>
>>>>>>>> digest
>>>>>>>>
>>>>>>>>>> to be
>>>>>>>>>>
>>>>>>>>>>>>> different (the WebLogic error message is hardly
>>>>>>>>>>>>>
>>>>> descriptive).
>>>>>
>>>>>>>>>>>>> - The digest ends up with a different result for some
>>>>>>>>>>>>>
>>> other
>>>
>>>>>>> reason
>>>>>>>
>>>>>>>>>>>>> - There is a problem with the cert that is causing the
>>>>>>>>>>>>>
>>>>>> signature
>>>>>>
>>>>>>> to
>>>>>>>
>>>>>>>> be
>>>>>>>>
>>>>>>>>>>>>> invalid (though I would expect WebLogic to say so)
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have attached a dump of one of my posts as well as
>>>>>>>>>>>>>
>> what
>>
>>> is
>>>
>>>>>>>> supposed
>>>>>>>>
>>>>>>>>>> to be
>>>>>>>>>>
>>>>>>>>>>>>> a valid post.
>>>>>>>>>>>>>
>>>>>>>>>>>>> If anybody has any ideas around this problem, I will
>>>>>>>>>>>>>
>>>>> gratefully
>>>>>
>>>>>>>> accept
>>>>>>>>
>>>>>>>>>> any
>>>>>>>>>>
>>>>>>>>>>>>> help what so ever.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Shawn
>>>>>>>>>>>>>
>>>>>>>>>>>>> No virus found in this outgoing message.
>>>>>>>>>>>>> Checked by AVG Free Edition.
>>>>>>>>>>>>> Version: 7.5.484 / Virus Database: 269.12.1/965 -
>>>>>>>>>>>>>
>> Release
>>
>>>>> Date:
>>>>>
>>>>>>>>>> 2007/08/21
>>>>>>>>>>
>>>>>>>>>>>>> 04:02 PM
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Wsf-php-user mailing list
>>>>>>>>>>>>> Wsf-php-user at wso2.org
>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>>>>>>>>>>>>>
>>>>>>>>>>>> No virus found in this incoming message.
>>>>>>>>>>>> Checked by AVG Free Edition.
>>>>>>>>>>>> Version: 7.5.484 / Virus Database: 269.12.2/967 -
>>>>>>>>>>>>
>> Release
>>
>>>>> Date:
>>>>>
>>>>>>>>>> 2007/08/22
>>>>>>>>>>
>>>>>>>>>>>> 06:51 PM
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> No virus found in this outgoing message.
>>>>>>>>>>> Checked by AVG Free Edition.
>>>>>>>>>>> Version: 7.5.484 / Virus Database: 269.12.2/967 - Release
>>>>>>>>>>>
>>> Date:
>>>
>>>>>>>> 2007/08/22
>>>>>>>>
>>>>>>>>>> 06:51 PM
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> No virus found in this incoming message.
>>>>>>>>>> Checked by AVG Free Edition.
>>>>>>>>>> Version: 7.5.484 / Virus Database: 269.12.2/967 - Release
>>>>>>>>>>
>> Date:
>>
>>>>>>>> 2007/08/22
>>>>>>>>
>>>>>>>>>> 06:51 PM
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> No virus found in this outgoing message.
>>>>>>>>> Checked by AVG Free Edition.
>>>>>>>>> Version: 7.5.484 / Virus Database: 269.12.2/967 - Release
>>>>>>>>>
>> Date:
>>
>>>>>>> 2007/08/22
>>>>>>>
>>>>>>>> 06:51 PM
>>>>>>>>
>>>>>>>>>
>>>>>>>> No virus found in this incoming message.
>>>>>>>> Checked by AVG Free Edition.
>>>>>>>> Version: 7.5.484 / Virus Database: 269.12.2/967 - Release Date:
>>>>>>>>
>>>>>> 2007/08/22
>>>>>>
>>>>>>>> 06:51 PM
>>>>>>>>
>>>>>>>>
>>>>>>> No virus found in this outgoing message.
>>>>>>> Checked by AVG Free Edition.
>>>>>>> Version: 7.5.484 / Virus Database: 269.12.2/967 - Release Date:
>>>>>>>
>>>>> 2007/08/22
>>>>>
>>>>>>> 06:51 PM
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> No virus found in this incoming message.
>>>>>> Checked by AVG Free Edition.
>>>>>> Version: 7.5.484 / Virus Database: 269.12.2/967 - Release Date:
>>>>>>
>>> 2007/08/22
>>>
>>>>>> 06:51 PM
>>>>>>
>>>>>>
>>>>> No virus found in this outgoing message.
>>>>> Checked by AVG Free Edition.
>>>>> Version: 7.5.484 / Virus Database: 269.12.2/967 - Release Date:
>>>>>
>>> 2007/08/22
>>>
>>>>> 06:51 PM
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Wsf-php-user mailing list
>>>> Wsf-php-user at wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>>>>
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.5.484 / Virus Database: 269.12.2/967 - Release Date: 2007/08/22
>>> 06:51 PM
>>>
>>>
>> No virus found in this outgoing message.
>> Checked by AVG Free Edition.
>> Version: 7.5.484 / Virus Database: 269.12.4/969 - Release Date: 2007/08/23
>> 04:04 PM
>>
>>
>>
>
>
> _______________________________________________
> Wsf-php-user mailing list
> Wsf-php-user at wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>
>
--
http://kaushalye.blogspot.com/
http://wso2.org/
More information about the Wsf-php-user
mailing list