cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: SecurityContextToken is refering to wrong SecurityTokenReference
Date Tue, 29 Mar 2016 10:20:43 GMT
I don't really understand your mail. Is it objecting to the fact that the
Signature Reference is using the "Identifier" Id of the
SecurityContextToken rather than the wsu:Id? Do you have an example of a
message that works?

Colm.

On Sat, Mar 26, 2016 at 3:23 PM, ashish19singh <ashish19.singh@gmail.com>
wrote:

> HI,
> I am getting below error while accessing WCF service with wshttpbinding
> Cannot resolve KeyInfo for verifying signature: KeyInfo
> 'SecurityKeyIdentifier
>     (
>     IsReadOnly = False,
>     Count = 1,
>     Clause[0] = LocalIdKeyIdentifierClause(LocalId =
> 'uuid-e86a9da2-b8a4-413c-8e48-16126dad54f0-1', Owner = '')
>     )
> ', available tokens 'SecurityTokenResolver
>     (
>     TokenCount = 1,
>     TokenEntry[0] = (AllowedReferenceStyle=Internal,
> Token=System.ServiceModel.Security.Tokens.SecurityContextSecurityToken,
>
> Parameters=System.ServiceModel.Security.Tokens.SecureConversationSecurityTokenParameters:
> InclusionMode: AlwaysToRecipient
>
> I am not sure how Identifier element of SecurityContextToken is referring
> to
> Reference element of SecurityTokenReference.
> As per service provider:  Id of SecurityContextToken  should refer the
> Reference element of SecurityTokenReference.
> Please help how can we make this change client side.
>
> My Request look like:
> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/ soap-envelope">
> <soap:Header>
> <Action
> xmlns="http://www.w3.org/2005/08/addressing">
> http://example.service/GetfileID</Action>
> <MessageI D
> xmlns="http://www.w3.org/2005/08/addressing
> ">urn:uuid:e53bd47b-6538-47df-8b23-19a82430de6
> f</MessageID>
> <To
> xmlns="http://www.w3.org/2005/08/addressing">
> https://testexampleservice/exampleService.svc</To>
> <ReplyTo xmlns="http://www.w3.org/200 5/08/addressing">
> <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> </ReplyTo >
> <wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
> ity-secext-1.0.xsd" soap:mustUnderstand="true">
> <c:SecurityContextToken xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc"
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd"
> u:Id="uuid-e86a9da2-b8a4-413c-8e48-16126dad54f0-1">
> <c:Identifier>urn:uuid:c4bcae77-3f58-4312-a43a-c1c0553c103c</c:Identifier>
> </c:SecurityContextToken>
> <wsu:Timestamp
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-utility-1.0.xsd" wsu:Id="G32964ac3-836a-49ea-a360-95a0955e9189">
> <wsu:Created>2016-03-26T 13:50:27.220Z</wsu:Created>
> <wsu:Expires>2016-03-26T13:55:27.220Z</wsu:Expires>
> </wsu:Timesta mp>
> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
> Id="G1a92270a-2297-46d3- 9e54-771837debfd9">
> <dsig:SignedInfo>
> <dsig:CanonicalizationMethod Algorithm="http://www.w3.o
> rg/2001/10/xml-exc-c14n#">
> <c14nEx:InclusiveNamespaces xmlns:c14nEx="http://www.w3.org/2001/
> 10/xml-exc-c14n#" PrefixList="soap"/>
> </dsig:CanonicalizationMethod>
> <dsig:SignatureMethod Al
> gorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
> <dsig:Reference URI="#G32964ac3-836a-49ea-a360-95a0955e9189">
> <dsig:Transforms>
> <dsig:Transform Algorithm="http://www.w3.org/2001 /10/xml-exc-c14n#">
> <c14nEx:InclusiveNamespaces
> xmlns:c14nEx="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
> </dsig:Transform>
> </dsig:Transforms>
> <dsig:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/>
> <dsig:DigestValue>3/umcmPhDrC8ZQ0yUWzJJQz8QMk=</dsig:DigestValue>
> </dsig:Reference>
> </dsig:SignedInfo>
> <dsig:SignatureValue>nNK+1MjSfVkxTypa8lDu nlGmsS4= </dsig:SignatureValue>
> <dsig:KeyInfo Id="G0916089d-f0b9-466b-b641-3cce13e3bf36">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
> ity-utility-1.0.xsd" wsu:Id="G58fd702d-c13e-4932-968d-73dec0ce288c">
> <wsse:Reference URI="#urn:uuid:c4bcae77-3f58-4312-a43a-c1c0553c103c"
> ValueType="http://docs.oasis-open.org/ws-sx/w
> s-secureconversation/200512/sct"/>
> </wsse:SecurityTokenReference>
> </dsig:KeyInfo>
> </dsig:Signa ture>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <ns2:GetfileID xmlns:ns2="http://example.service/Batch"
> xmlns:ns3="http://schemas.microsoft.com/2003/10/Serializatio n/"
> xmlns="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd"/>
> </soap:Body>
> </soap:Envelope>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/SecurityContextToken-is-refering-to-wrong-SecurityTokenReference-tp5767249.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message