Timestamp validation fails! Why?

Archived Content
This article is provided for historical perspective only, and may not reflect current conditions. Please refer to relevant product page for more up-to-date product information and resources.
  • By Ruchith Fernando
  • 30 Jul, 2007

We usually develop and test secure Web services applications in one machine. Then, when we actually test this application with a remote client, some of the initial issues we run into are timestamp validation issues. This is mainly due to the clocks of the two machines not being in sync. In real life scenarios, we certainly cannot expect clocks to be in sync. You can synchronize clocks across machines automatically with tools that use Network Time Protocol.

Apache Rampart/Java introduces a new configuration assertion to allow time differences between communicating hosts.

<timestampMaxSkew>value<timestampMaxSkew>

The "value" must be the allowed time skew in seconds and must be specified as an integer. By default Apache Rampart/Java tolarates a maximum time skew of five (5) minutes (300 seconds).

The <timestampMaxSkew> assertion must be placed within the <RampartConfig> assertion as an immediate child element.

 

Applies To

1. Apache Rampart/Java