UPVS - eForms - Received Timestamp does not match the requirements IncludeTimestamp

jsuchal · March 15, 2017, 5:15pm

Volanie na eForm sluzbu nam konci na errore, vygenerovane to bolo podla WSDL na https://vyvoj.upvs.globaltel.sk/ServiceBus/SbWsdlGeneratorToken.aspx?serviceNamespace=http%3A%2F%2Fschemas.gov.sk%2FServiceBusServiceProvider%2FNess%2FeFormProvider%2F1.0

Caused by: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: 
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding: Received Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp

miso · March 15, 2017, 5:36pm

Mali sme podobny problem, aj ked na sluzbe GetIdentityServices. Skontrolujte ci pouzivate najnovsiu verziu CXF, to vas zrejme privedie k dalsej chybe:

WARN: o.a.c.w.p.a.w.Wsdl11AttachmentPolicyProvider - Failed to build the policy 'CustomBinding_IServiceBus_policy':sp:HttpsToken must have an inner wsp:Policy element

Nasledne vyskusajte modifikovat WSDL a vyhodit z neho nasledovnu policy sekciu

<ns1:TransportBinding xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
            <wsp:Policy>
                <ns1:TransportToken>
                    <wsp:Policy>
                        <ns1:HttpsToken>
                            <wsp:Policy/>
                        </ns1:HttpsToken>
                    </wsp:Policy>
                </ns1:TransportToken>
                <ns1:AlgorithmSuite>
                    <wsp:Policy>
                        <ns1:Basic256/>
                    </wsp:Policy>
                </ns1:AlgorithmSuite>
                <ns1:Layout>
                    <wsp:Policy>
                        <ns1:Lax/>
                    </wsp:Policy>
                </ns1:Layout>
                <ns1:IncludeTimestamp/>
            </wsp:Policy>
        </ns1:TransportBinding>
        <ns2:SupportingTokens xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
            <wsp:Policy>
                <ns2:SamlToken
                        ns2:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                    <wsp:Policy>
                        <ns2:WssSamlV20Token11/>
                    </wsp:Policy>
                </ns2:SamlToken>
            </wsp:Policy>
        </ns2:SupportingTokens>

Vysvetlenie:
HttpsToken musi mat podla specifikacie definovanu policy, vid. http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_HttpsToken_Assertion, definujucu aky druh autentifikacie sa vyzaduje. Zda sa vsak, ze kazdy framework chape specifikaciu po svojom.