cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukas Noll (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CXF-7578) WS-Trust Secured Request casts SecretKeySpec to PrivateKey
Date Mon, 04 Dec 2017 13:13:00 GMT

    [ https://issues.apache.org/jira/browse/CXF-7578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16276748#comment-16276748
] 

Lukas Noll edited comment on CXF-7578 at 12/4/17 1:12 PM:
----------------------------------------------------------

cxf version 3.2.1
 ps.:
     ws-security.enable.streaming is set to True

Policy from wsdl is:

{{<wsp:ExactlyOne>
			<wsp:All>
				<saptrnbnd:OptimizedMimeSerialization xmlns:saptrnbnd="http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization"
wsp:Optional="true"/>
				<wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" wsp:Optional="true"/>
				<wsp:All xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
					<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
						<wsp:Policy>
							<sp:TransportToken>
								<wsp:Policy>
									<sp:HttpsToken/>
								</wsp:Policy>
							</sp:TransportToken>
							<sp:AlgorithmSuite>
								<wsp:Policy>
									<sp:Basic256/>
								</wsp:Policy>
							</sp:AlgorithmSuite>
							<sp:Layout>
								<wsp:Policy>
									<sp:Strict/>
								</wsp:Policy>
							</sp:Layout>
							<sp:IncludeTimestamp/>
						</wsp:Policy>
					</sp:TransportBinding>
					<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
						<wsp:Policy>
							<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
								<sp:Issuer>
									<wsa:Address>https://s-apl-vm-001.corpnet.at/nidp/wstrust/sts</wsa:Address>
									<wsa:Metadata>
										<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
											<wsx:MetadataSection xmlns="">
												<wsx:MetadataReference>
													<wsa:Address>https://s-apl-vm-001.corpnet.at/nidp/wstrust/sts/mex</wsa:Address>
												</wsx:MetadataReference>
											</wsx:MetadataSection>
										</Metadata>
									</wsa:Metadata>
								</sp:Issuer>
								<sp:RequestSecurityTokenTemplate>
									<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType>
									<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
								</sp:RequestSecurityTokenTemplate>
								<wsp:Policy>
									<sp:RequireDerivedKeys/>
								</wsp:Policy>
							</sp:IssuedToken>
						</wsp:Policy>
					</sp:EndorsingSupportingTokens>
				</wsp:All>
			</wsp:All>
			<wsp:All>
				<saptrnbnd:OptimizedXMLTransfer uri="http://xml.sap.com/2006/11/esi/esp/binxml" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"
wsp:Optional="true"/>
				<wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" wsp:Optional="true"/>
				<wsp:All xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
					<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
						<wsp:Policy>
							<sp:TransportToken>
								<wsp:Policy>
									<sp:HttpsToken/>
								</wsp:Policy>
							</sp:TransportToken>
							<sp:AlgorithmSuite>
								<wsp:Policy>
									<sp:Basic256/>
								</wsp:Policy>
							</sp:AlgorithmSuite>
							<sp:Layout>
								<wsp:Policy>
									<sp:Strict/>
								</wsp:Policy>
							</sp:Layout>
							<sp:IncludeTimestamp/>
						</wsp:Policy>
					</sp:TransportBinding>
					<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
						<wsp:Policy>
							<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
								<sp:Issuer>
									<wsa:Address>https://s-apl-vm-001.corpnet.at/nidp/wstrust/sts</wsa:Address>
									<wsa:Metadata>
										<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
											<wsx:MetadataSection xmlns="">
												<wsx:MetadataReference>
													<wsa:Address>https://s-apl-vm-001.corpnet.at/nidp/wstrust/sts/mex</wsa:Address>
												</wsx:MetadataReference>
											</wsx:MetadataSection>
										</Metadata>
									</wsa:Metadata>
								</sp:Issuer>
								<sp:RequestSecurityTokenTemplate>
									<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType>
									<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
								</sp:RequestSecurityTokenTemplate>
								<wsp:Policy>
									<sp:RequireDerivedKeys/>
								</wsp:Policy>
							</sp:IssuedToken>
						</wsp:Policy>
					</sp:EndorsingSupportingTokens>
				</wsp:All>
			</wsp:All>
		</wsp:ExactlyOne>}}


was (Author: atnoll_l):
cxf version 3.2.1


Policy from wsdl is:

{{<wsp:ExactlyOne>
			<wsp:All>
				<saptrnbnd:OptimizedMimeSerialization xmlns:saptrnbnd="http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization"
wsp:Optional="true"/>
				<wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" wsp:Optional="true"/>
				<wsp:All xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
					<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
						<wsp:Policy>
							<sp:TransportToken>
								<wsp:Policy>
									<sp:HttpsToken/>
								</wsp:Policy>
							</sp:TransportToken>
							<sp:AlgorithmSuite>
								<wsp:Policy>
									<sp:Basic256/>
								</wsp:Policy>
							</sp:AlgorithmSuite>
							<sp:Layout>
								<wsp:Policy>
									<sp:Strict/>
								</wsp:Policy>
							</sp:Layout>
							<sp:IncludeTimestamp/>
						</wsp:Policy>
					</sp:TransportBinding>
					<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
						<wsp:Policy>
							<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
								<sp:Issuer>
									<wsa:Address>https://s-apl-vm-001.corpnet.at/nidp/wstrust/sts</wsa:Address>
									<wsa:Metadata>
										<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
											<wsx:MetadataSection xmlns="">
												<wsx:MetadataReference>
													<wsa:Address>https://s-apl-vm-001.corpnet.at/nidp/wstrust/sts/mex</wsa:Address>
												</wsx:MetadataReference>
											</wsx:MetadataSection>
										</Metadata>
									</wsa:Metadata>
								</sp:Issuer>
								<sp:RequestSecurityTokenTemplate>
									<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType>
									<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
								</sp:RequestSecurityTokenTemplate>
								<wsp:Policy>
									<sp:RequireDerivedKeys/>
								</wsp:Policy>
							</sp:IssuedToken>
						</wsp:Policy>
					</sp:EndorsingSupportingTokens>
				</wsp:All>
			</wsp:All>
			<wsp:All>
				<saptrnbnd:OptimizedXMLTransfer uri="http://xml.sap.com/2006/11/esi/esp/binxml" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"
wsp:Optional="true"/>
				<wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" wsp:Optional="true"/>
				<wsp:All xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
					<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
						<wsp:Policy>
							<sp:TransportToken>
								<wsp:Policy>
									<sp:HttpsToken/>
								</wsp:Policy>
							</sp:TransportToken>
							<sp:AlgorithmSuite>
								<wsp:Policy>
									<sp:Basic256/>
								</wsp:Policy>
							</sp:AlgorithmSuite>
							<sp:Layout>
								<wsp:Policy>
									<sp:Strict/>
								</wsp:Policy>
							</sp:Layout>
							<sp:IncludeTimestamp/>
						</wsp:Policy>
					</sp:TransportBinding>
					<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
						<wsp:Policy>
							<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
								<sp:Issuer>
									<wsa:Address>https://s-apl-vm-001.corpnet.at/nidp/wstrust/sts</wsa:Address>
									<wsa:Metadata>
										<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
											<wsx:MetadataSection xmlns="">
												<wsx:MetadataReference>
													<wsa:Address>https://s-apl-vm-001.corpnet.at/nidp/wstrust/sts/mex</wsa:Address>
												</wsx:MetadataReference>
											</wsx:MetadataSection>
										</Metadata>
									</wsa:Metadata>
								</sp:Issuer>
								<sp:RequestSecurityTokenTemplate>
									<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType>
									<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
								</sp:RequestSecurityTokenTemplate>
								<wsp:Policy>
									<sp:RequireDerivedKeys/>
								</wsp:Policy>
							</sp:IssuedToken>
						</wsp:Policy>
					</sp:EndorsingSupportingTokens>
				</wsp:All>
			</wsp:All>
		</wsp:ExactlyOne>}}

> WS-Trust Secured Request casts SecretKeySpec to PrivateKey
> ----------------------------------------------------------
>
>                 Key: CXF-7578
>                 URL: https://issues.apache.org/jira/browse/CXF-7578
>             Project: CXF
>          Issue Type: Bug
>          Components: Soap Binding, STS
>    Affects Versions: 3.2.1
>         Environment: Apache cxf 3.2.1 + transitive gradle dependencies
> opensaml 3.1.1
> NetIQ IDM for SAML 2.0 and WS-TRUST STS
> Ps: with org.apache.cxf:cxf-bundle:2.7.18' this works, but does older versions of cxf
do not support opensaml 3.1.1, which is required.
>            Reporter: Lukas Noll
>
> Flow is:
> Set the STS Client for a SOAP-Context to request a Ws-Trust token for a already aquired
SAML Assertion (ActsAs)
> STSClient retrieves the WS-Trust token alright, then tries to - a presume - sign the
SOAP-request to die actual Service.
> This fails:
> {{Caused by: java.lang.ClassCastException: javax.crypto.spec.SecretKeySpec cannot be
cast to java.security.PrivateKey
> 	at org.apache.xml.security.stax.impl.algorithms.PKISignatureAlgorithm.engineInitSign(PKISignatureAlgorithm.java:77)
> 	at org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor.processHeaderEvent(AbstractSignatureEndingOutputProcessor.java:141)
> 	at org.apache.wss4j.stax.impl.processor.output.WSSSignatureEndingOutputProcessor.processHeaderEvent(WSSSignatureEndingOutputProcessor.java:77)
> 	at org.apache.xml.security.stax.ext.AbstractBufferingOutputProcessor.flushBufferAndCallbackAfterHeader(AbstractBufferingOutputProcessor.java:68)
> 	at org.apache.wss4j.stax.impl.processor.output.WSSSignatureEndingOutputProcessor.flushBufferAndCallbackAfterHeader(WSSSignatureEndingOutputProcessor.java:284)
> 	at org.apache.xml.security.stax.ext.AbstractBufferingOutputProcessor.doFinal(AbstractBufferingOutputProcessor.java:54)
> 	at org.apache.xml.security.stax.impl.OutputProcessorChainImpl.doFinal(OutputProcessorChainImpl.java:225)
> 	at org.apache.xml.security.stax.ext.AbstractOutputProcessor.doFinal(AbstractOutputProcessor.java:140)
> 	at org.apache.xml.security.stax.impl.processor.output.AbstractSignatureOutputProcessor.doFinal(AbstractSignatureOutputProcessor.java:72)
> 	at org.apache.xml.security.stax.impl.OutputProcessorChainImpl.doFinal(OutputProcessorChainImpl.java:225)
> 	at org.apache.xml.security.stax.impl.XMLSecurityStreamWriter.close(XMLSecurityStreamWriter.java:192)
> 	at org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor$WSS4JStaxOutInterceptorInternal.handleMessageInternal(WSS4JStaxOutInterceptor.java:335)
> 	at org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor$WSS4JStaxOutInterceptorInternal.handleMessage(WSS4JStaxOutInterceptor.java:321)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> 	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> 	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> 	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
> }}
> The line in question does this:
> {{ signature.initSign((PrivateKey) signingKey);}}
> while signingKey always is set to a SecretKeySpec by cxf's {{AbstractSignatureEndingOutputProcessor,
line 139
> Key key = wrappingSecurityToken.getSecretKey(sigAlgorithm);}}
> This is the WS-Trust token reply I recieve from the STS (Certificates are selfsigned,
names and ruis are changed for this report):
> {{
> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
>   <S:Header>
>     <Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://www.w3.org/2003/05/soap-envelope"
S:mustUnderstand="true">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</Action>
>     <MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:bfb37bd1-70a1-4c51-87d5-ea40f8162a0f</MessageID>
>     <RelatesTo xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:55c8fc93-73d7-46c7-adcb-1e2ca9f34e16</RelatesTo>
>     <To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</To>
>     <wsse:Security S:mustUnderstand="true">
>       <wsu:Timestamp xmlns:ns15="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns14="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_1">
>         <wsu:Created>2017-12-04T07:49:48Z</wsu:Created>
>         <wsu:Expires>2017-12-04T07:54:48Z</wsu:Expires>
>       </wsu:Timestamp>
>     </wsse:Security>
>   </S:Header>
>   <S:Body>
>     <trust:RequestSecurityTokenResponseCollection xmlns:ns10="http://www.w3.org/2000/09/xmldsig#"
xmlns:ns13="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ns4="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:ns9="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>       <trust:RequestSecurityTokenResponse>
>         <trust:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>
>         <trust:RequestedSecurityToken>
>           <saml2:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="nstsb73a0e5a-1ec3-451b-89e1-07fb99b755e0"
IssueInstant="2017-12-04T07:49:48.802Z" Version="2.0">
>             <saml2:Issuer>NetIQ_STS</saml2:Issuer>
>             <ds:Signature>
>               <ds:SignedInfo>
>                 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>                 <ds:Reference URI="#nstsb73a0e5a-1ec3-451b-89e1-07fb99b755e0">
>                   <ds:Transforms>
>                     <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                   </ds:Transforms>
>                   <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                   <ds:DigestValue>kJMGItWGRm7klCMcQS4VprJromA=</ds:DigestValue>
>                 </ds:Reference>
>               </ds:SignedInfo>
>               <ds:SignatureValue>KMH1flkFYr/O5uUd/2AKzJ5iHeei5i1hBs+nbUFqmgRVPtW2OCxlrEq/qXBVhnS0mOIWdnJxE4q7
> N9aKXl7nQUAxkraNVYGSO5gCmaHdVKW/7V9w9bJn6xiNHA8gtzaKGQ8oaw5YqzlT9XN2Kt1+yPOE
> DYZTN0v6R0I3Cl1dFNXKX65A4pGdm32JXTS8XanvXfA2Fd0msh7NbAPLUDX4Noce7MOQRcKim67T
> obH72x8NIu7pQfj+crjIsPswgpYa9Q3uDvSAJqEI/aATd6LVWwnDmutmWLrSHglh/pT6Eo2xXAaY
> rtGxIj7RL5ccoTzUSM+z+mkZRAEX//CCfEViyQ==</ds:SignatureValue>
>               <ds:KeyInfo>
>                 <ds:X509Data>
>                   <ds:X509Certificate>MIIE/jCCA+agAwIBAgIUb2yiaoR9iovKmsL3z7Z7Yc2J5GQwDQYJKoZIhvcNAQELBQAwODEaMBgG
> A1UECxMRT3JnYW5pemF0aW9uYWwgQ0ExGjAYBgNVBAoUEXNfYXBsX3ZtXzAwMV90cmVlMB4XDTE3
> MDcyNTEwMTEwMloXDTI3MDcyNTEwMTEwMlowIjEgMB4GA1UEAxMXcy1hcGwtdm0tMDAxLmNvcnBu
> ZXQuYXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqsyg1WKCTR+QVoZthSnqjIblW
> zd1Y5JMfI2hRoglgKn5odPuXvOtnbiqelKsmkyhgEXd83T0nHxNimONvT1Tp+/DE4egxSeBvuThM
> Z+C2+6gUpVk4TTYA42LTDedFyz5Dz+38ksTq/lHsha7E+dUStpC8qsQRNVSY99+KzeaB4TZB1vQa
> NX+/zYGEN62petbH31ByygowqrcPRVp2ciKIbUCKtvcNRo7CTd+dTBkApnB0l4Rjbnkt86HNlRkM
> jXY0NWEsDhPTuGBOmAn4llCwP7rXyKuscDA9rSuXR4CsFATYtTXMqTYzPq8+FRF0hH4O8gEfhbko
> MnfK6wxcNEHpAgMBAAGjggIUMIICEDAdBgNVHQ4EFgQUCsUhkj27mPP95ZSDKltZJ/NABjcwHwYD
> VR0jBBgwFoAUyrEJpJ0Xd/FawGIUHtNYF2CrVTgwggHMBgtghkgBhvg3AQkEAQSCAbswggG3BAIB
> AAEB/xMdTm92ZWxsIFNlY3VyaXR5IEF0dHJpYnV0ZSh0bSkWQ2h0dHA6Ly9kZXZlbG9wZXIubm92
> ZWxsLmNvbS9yZXBvc2l0b3J5L2F0dHJpYnV0ZXMvY2VydGF0dHJzX3YxMC5odG0wggFIoBoBAQAw
> CDAGAgEBAgFGMAgwBgIBAQIBCgIBaaEaAQEAMAgwBgIBAQIBADAIMAYCAQECAQACAQCiBgIBFwEB
> /6OCAQSgWAIBAgICAP8CAQADDQCAAAAAAAAAAAAAAAADCQCAAAAAAAAAADAYMBACAQACCH//////
> ////AQEAAgQG8N9IMBgwEAIBAAIIf/////////8BAQACBAbw30ihWAIBAgICAP8CAQADDQBAAAAA
> AAAAAAAAAAADCQBAAAAAAAAAADAYMBACAQACCH//////////AQEAAgQR/6pnMBgwEAIBAAIIf///
> //////8BAQACBBH/qmeiTjBMAgECAgEAAgIA/wMNAIAAAAAAAAAAAAAAAAMJAIAAAAAAAAAAMBIw
> EAIBAAIIf/////////8BAQAwEjAQAgEAAgh//////////wEBADANBgkqhkiG9w0BAQsFAAOCAQEA
> Ub6eSzBaltUcb/KmF08me9lRQMefYUR5ILaGMdvulo9KPESP6/PqsRQLWFHjsi6I8HRL5KdFarv/
> Niq1AJSSo+KOOKQSiwAMAo9F3jskGXCCmF5A3gBS+zu7FMt22D1l9bhtvjQoIXCpw7UXdeP/mUp9
> j2MJPa2Lsp+O1r3q6kv1NAjLwcO8uZjfTs+UF1zWkdffsEsudfYXfZjWtJ+2UUJDZbYjf1x5NbY2
> 8Ml+Uq51salIXddFYarLRRGiQcUr/8Of1uXkQyS8kyrnO4B+sWYgLrN/6z9ySRukabqtU5VqjV/9
> wvSJGKU2n0aSWynlR0ZqvSM6YbI0MXD4I+Gjxg==</ds:X509Certificate>
>                 </ds:X509Data>
>               </ds:KeyInfo>
>             </ds:Signature>
>             <saml2:Subject>
>               <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="https://CHANGED_FOR_BUGREPORT">CHANGED_FOR_BUGREPORT</saml2:NameID>
>               <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
>                 <saml2:SubjectConfirmationData xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance"
ns6:type="saml2:KeyInfoConfirmationDataType">
>                   <ds:KeyInfo>
>                     <xenc:EncryptedKey>
>                       <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
>                       <ds:KeyInfo>
>                         <ds:X509Data>
>                           <ds:X509Certificate>
> MIICVjCCAb8CCAogFwUjESABMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAkRFMRwwGgYDVQQK
> ExNTQVAgVHJ1c3QgQ29tbXVuaXR5MRMwEQYDVQQLEwpTQVAgV2ViIEFTMRQwEgYDVQQLEwtJMDAy
> MDE2NzAwMzEYMBYGA1UEAwwPSTVTX1NTRkFfUzJTVlBFMB4XDTE3MDUyMzExMjAwMVoXDTM4MDEw
> MTAwMDAwMVowcDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzAR
> BgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMTY3MDAzMRgwFgYDVQQDDA9JNVNfU1NG
> QV9TMlNWUEUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM+Jmzrrty94qySuDx0rP39i9FOo
> L14KiKxqXER3dqBW0OhqqdOAutyvpZ9iqvJKn7LTIOUhDLe3LwwW2ZPv26albJXwzyEYrelFk/5S
> foHbEbyVquYnTYFrp8SY7KLxFRyLIYWnuINCPrRg2bB8vGanpQOok3hSqacC9ylNECkxAgMBAAEw
> DQYJKoZIhvcNAQELBQADgYEAl+YITTSNR0xq2Ca3z5ZRxKDcXC7sL5TikgNyW6gx8kFXQhl7tQHh
> fSq7xBRj8Wia3CXR3/iOzfV92apI2AFjmkx8vTQFUsE6cO4qofneHKc2bdZ7sf8dsnAf6Egss24W
> gUGkrsL4KNmq0Q4e6cI2EJwMs84VGp1pfD9PYZOpTm4=
> </ds:X509Certificate>
>                         </ds:X509Data>
>                       </ds:KeyInfo>
>                       <xenc:CipherData>
>                         <xenc:CipherValue>s5hm8saT/x2OS+hWg9AFp8AFKO0/jdnVslBqp27bPpViUHRPOvy7keQPb52W980NhFX3wHGmilmr
> DAPgd0JIH9H8+4ryV038Uw6zwgL+iMQjoWcYiVXFIYUB2b30yjZLoUVO1B8AghbTfBSo6QMKbUET
> 5KC1TLAVOff1dML9KZY=</xenc:CipherValue>
>                       </xenc:CipherData>
>                     </xenc:EncryptedKey>
>                   </ds:KeyInfo>
>                 </saml2:SubjectConfirmationData>
>               </saml2:SubjectConfirmation>
>             </saml2:Subject>
>             <saml2:Conditions NotBefore="2017-12-04T07:49:48.802Z" NotOnOrAfter="2017-12-04T07:59:48.802Z">
>               <saml2:AudienceRestriction>
>                 <saml2:Audience>https://sapwsi5s.sap.wst:9042/sap/bc/srt/rfc/wsv/ca_saf_ping/010/wsv_ca_saf_ping/insurance</saml2:Audience>
>               </saml2:AudienceRestriction>
>             </saml2:Conditions>
>             <saml2:Advice/>
>             <saml2:AuthnStatement AuthnInstant="2017-12-04T07:49:48.802Z">
>               <saml2:AuthnContext>
>                 <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:1.0:am:password</saml2:AuthnContextClassRef>
>               </saml2:AuthnContext>
>             </saml2:AuthnStatement>
>             <saml2:AttributeStatement>
>               <saml2:Attribute AttributeName="actor" AttributeNamespace="http://schemas.xmlsoap.com/ws/2009/09/identity/claims"
Name="actor" NameFormat="http://schemas.xmlsoap.com/ws/2009/09/identity/claims">
>                 <saml2:AttributeValue>&lt;Actor>&lt;saml2:Attribute
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.com/ws/2005/05/identity/claims"
Name="name" NameFormat="http://schemas.xmlsoap.com/ws/2005/05/identity/claims">&lt;saml2:AttributeValue>CHANGED_FOR_BUGREPORT&lt;/saml2:AttributeValue>&lt;/saml2:Attribute>&lt;/Actor></saml2:AttributeValue>
>               </saml2:Attribute>
>             </saml2:AttributeStatement>
>           </saml2:Assertion>
>         </trust:RequestedSecurityToken>
>         <trust:RequestedAttachedReference>
>           <wsse:SecurityTokenReference ns4:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
>             <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">nstsb73a0e5a-1ec3-451b-89e1-07fb99b755e0</wsse:KeyIdentifier>
>           </wsse:SecurityTokenReference>
>         </trust:RequestedAttachedReference>
>         <trust:RequestedUnattachedReference>
>           <wsse:SecurityTokenReference ns4:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
>             <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">nstsb73a0e5a-1ec3-451b-89e1-07fb99b755e0</wsse:KeyIdentifier>
>           </wsse:SecurityTokenReference>
>         </trust:RequestedUnattachedReference>
>         <wsp:AppliesTo>
>           <wsa:EndpointReference>
>             <wsa:Address>https://CHANGED FOR BUGREPORT</wsa:Address>
>           </wsa:EndpointReference>
>         </wsp:AppliesTo>
>         <trust:RequestedProofToken>
>           <trust:ComputedKey>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</trust:ComputedKey>
>         </trust:RequestedProofToken>
>         <trust:Entropy>
>           <trust:BinarySecret Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">1Ba5e6QgRN251mMBwLTSoUqwbHrmGGL+VXremIGnwZM=</trust:BinarySecret>
>         </trust:Entropy>
>         <trust:Lifetime>
>           <wsu:Created>2017-12-04T07:52:04.948Z</wsu:Created>
>           <wsu:Expires>2017-12-04T08:02:04.948Z</wsu:Expires>
>         </trust:Lifetime>
>         <trust:KeySize>256</trust:KeySize>
>       </trust:RequestSecurityTokenResponse>
>     </trust:RequestSecurityTokenResponseCollection>
>   </S:Body>
> </S:Envelope>}}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message