Tuesday, August 18, 2009

org.apache.rampart.RampartException: The timestamp could not be validated

Exception :
Caused by: org.apache.rampart.RampartException: The timestamp could not be validated
at org.apache.rampart.PolicyBasedResultsValidator.validat(PolicyBasedResultsValidator.java:188)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:214)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
Root Cause :
This could be either due to the server clock not in sync with the client clock or the transmission delay goes beyond the accepted TTL.

Solution :
Add the following to the RampartConfig in the policy file appropriately.

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
  <ramp:timestampTTL>600</ramp:timestampTTL>
  <ramp:timestampMaxSkew>600</ramp:timestampMaxSkew>
<ramp:RampartConfig>

The value must be the time skew /ttl in seconds and must be specified as an integer. By default Apache Rampart/Java tolarates a maximum time skew / ttl of five (5) minutes (300 seconds).

Explanation :
For the timestamp to be validated;

created timestamp <= now + maxSkew * 1000;
created timestamp >= now - ttl* 1000;
Posted by Prabath Siriwardena at 8:51 AM
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)