cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: General security error (Provided SAML token does not contain a suitable key)
Date Wed, 16 Nov 2011 10:25:53 GMT
It's due to a bug in WSS4J - which has been fixed here:

https://issues.apache.org/jira/browse/WSS-323

Colm.

On Tue, Nov 15, 2011 at 5:36 PM, danlee100 <danlee1000@yahoo.com> wrote:
> Here is the SAML token that is causing the error "General security error
> (Provided SAML token does not contain a suitable key)".
>
>
> <?xml version="1.0"?>
> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
> MajorVersion="1" MinorVersion="1"
> AssertionID="_2bea327c-8791-4bd2-9f98-5690c0c6a83b" Issuer="BLISTS"
> IssueInstant="2011-11-09T22:47:38.202Z">
>  <saml:Conditions NotBefore="2011-11-09T22:47:38.124Z"
> NotOnOrAfter="2011-11-09T23:47:38.124Z">
>    <saml:AudienceRestrictionCondition>
>
> <saml:Audience>http://66.211.102.200/gen4/services/AssessmentDataService</saml:Audience>
>    </saml:AudienceRestrictionCondition>
>  </saml:Conditions>
>  <saml:AttributeStatement>
>    <saml:Subject>
>      <saml:SubjectConfirmation>
>
> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
>        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>          <trust:BinarySecret
> xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">sYjbfcODXJg0oBL0EPlCMlUJ2SZnjk/51e2rDs+2e+E=</trust:BinarySecret>
>        </KeyInfo>
>      </saml:SubjectConfirmation>
>    </saml:Subject>
>    <saml:Attribute AttributeName="Name"
> AttributeNamespace="http://www.bli.org/claims">
>      <saml:AttributeValue>roccbufalino1</saml:AttributeValue>
>    </saml:Attribute>
>    <saml:Attribute AttributeName="IDNamespace"
> AttributeNamespace="http://www.bli.org/claims">
>
> <saml:AttributeValue>http://www.bli.org/Rocketship/</saml:AttributeValue>
>    </saml:Attribute>
>    <saml:Attribute AttributeName="ID"
> AttributeNamespace="http://www.bli.org/claims">
>      <saml:AttributeValue>123111111111111111111</saml:AttributeValue>
>    </saml:Attribute>
>  </saml:AttributeStatement>
>  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>    <ds:SignedInfo>
>      <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>      <ds:SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>      <ds:Reference URI="#_2bea327c-8791-4bd2-9f98-5690c0c6a83b">
>        <ds:Transforms>
>          <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>          <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>        </ds:Transforms>
>        <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> <ds:DigestValue>1cIz27KwzN0gwLkDSLolHTxaAMQ19YsVcF3eV1sA/68=</ds:DigestValue>
>      </ds:Reference>
>    </ds:SignedInfo>
>
> <ds:SignatureValue>t1vCq6MWMWupEDcfv/8b+FOCcb8bi7gIbBNM9XCLsIjm20xMPla5u43DjPaRb2+rPdnlVeNt/s/8Id/zxvPmBqIohdJY3ZeAC0/i+DLV+8tMdA/q6azSUjgZHKniUtqPjH6B5aLYm3niwkqivwhWCcl3txVjfbtjoxDTUmMendaDxZ80zHmIy73vzf1nNo+SokdGvwEbQY8RKSYXnUoXXP2oAkyUSG2efr/41eXkeOd+nLdCWLKEhDJCWYNEs1KlneJclh9Fu15DRmnihjeV3eFDFy1xmIXQ8IiVI+78CYvcPN7HMDSKOkDSQs3DmNQaamlxTYkMN0AMYwwEhcyWsA==</ds:SignatureValue>
>    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>      <X509Data>
>
> <X509Certificate>MIIC5DCCAcygAwIBAgIQbDQulAkeX7ROQqIwV6TAHDANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtTVFNUZXN0Q2VydDAeFw0xMTAzMzAxNTA4NDJaFw0xMjAzMjkyMTA4NDJaMBYxFDASBgNVBAMTC1NUU1Rlc3RDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu56LAvEEYI7mI85ufyLS8MjuU5uPlgH9FUtE/YxPNIwsRe8+GZcXWHefuU0MV6m06K4GMeUq2i4E0ciKTsqnQhs0eqHt3WgH8uaF7DAz6sxzLpbUYWG7sGq0v3oanYv0S3+cfWyERvwYpdTmzqRRTNLRv371FIycc13LF67ZvpXZKEl0rkSfL8p6O6KHPQz5CduP3N+/3pjTsKsl/iNjM8K3Vi1MCb5lWeCBBig7yT9ICwWCkkDJpGJsksCanw8uM4eoRP3aY41EtPnA8Gvt5qVTMnn2JJGgxklegVUmsYtbBiziJCNWIa9loTEg5MbrzhQ5WSptV4HTviCSFqAPgwIDAQABoy4wLDALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFCAC194orTY0yHGxY/O+5fm+GHtjMA0GCSqGSIb3DQEBBQUAA4IBAQC4fo83cVW+Q8kNhn9bWSh9hOynuv1mTNPtgAxS37fifziexnK+LYe4uQNzAuGlgusxwQS1izSP5S3dRyOjzqrT+H4ZBeWwX9rTkmlyOtnGQIwyA5jwDeRqcPMgU9XJf5NwA2W88lJDTijRNIG6RCBQcusflqc4/DvYZmRlRX8XGjgOwf4Zw4pATMfA67CG/NDJXPbTHqTbJihdWjJXQODjocU1KabAXlIxPkwJFh8cf1dRDvYN3xVOmjgHpQ82G6RA4TXdTJKcU0yO8PHsVrOGmjYjDbVgThHRdzLvpBZG6ZD0O/i8C2gavoguIgRBnBCT4b4DEDLfVnebApzIFnVl</X509Certificate>
>      </X509Data>
>    </KeyInfo>
>  </ds:Signature>
> </saml:Assertion>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p4995094.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message