Unstable Terrain

Software development in the real world

Archive for February 2010

Axis2 MustUnderstand shenanigans

with 4 comments

Am integrating with a .NET web service with Axis2 as the client. The web service uses WSSE so I hooked up Rampart to do the security tokens (an exercise in itself). However, Axis2 still complained when it receives the SOAP response, with

Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd

Rampart definitely could handle that namespace; heck, it had just sent a security token in that namespace. So what was going on?

Turns out Rampart kinda only handles stuff it expects. The response sent this as a SOAP header:

<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <u:Timestamp u:Id="_0">
        <u:Created>2010-02-19T00:05:06.259Z</u:Created>
        <u:Expires>2010-02-19T00:10:06.259Z</u:Expires>
      </u:Timestamp>
    </o:Security>

…but Rampart had only been configured to send and expect a UsernameToken in its policy.xml.

Solution: add

<sp:IncludeTimestamp />

to policy.xml and voila, Rampart is happy again.

Advertisements

Written by Trent

February 19, 2010 at 10:23 am