cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Encryption Parts not followed
Date Thu, 15 Dec 2011 10:05:15 GMT
Hi Dan,

The problem is that your service provider is using the following policy:

<sp:AlgorithmSuite>
    <wsp:Policy>
        <sp:Basic128 />
    </wsp:Policy>
 </sp:AlgorithmSuite>

but in the request you have:

<xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>

The Basic128 algorithm suite requires a different key transport
method, hence the exception. There are two ways of fixing this
problem:

1) Change the policy AlgorithmSuite to "Basic128Rsa15".
2) Change the key transport algorithm in the STS

Colm.

2011/12/14 DTaylor <Dan.Taylor@merge.com>:
> Hi Colm,
>
> Sorry for the delay responding, I got tied up on something else at work.
> The policy section(s) are as follows:
>
>
>    <wsp:Policy wsu:Id="AsymmetricSAML2Policy">
>                <wsp:ExactlyOne>
>                        <wsp:All>
>                                <wsam:Addressing wsp:Optional="false">
>                                        <wsp:Policy />
>                                </wsam:Addressing>
>                                <sp:AsymmetricBinding>
>                                        <wsp:Policy>
>                                                <sp:InitiatorToken>
>                                                        <wsp:Policy>
>                                                          
     <sp:IssuedToken
>
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>                                                          
             <sp:RequestSecurityTokenTemplate>
>
> <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
>
> <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
>                                                          
             </sp:RequestSecurityTokenTemplate>
>                                                          
             <wsp:Policy>
>                                                          
                     <sp:RequireInternalReference />
>                                                          
             </wsp:Policy>
>                                                          
             <sp:Issuer>
>                                                          
                     <wsaw:Address>http://taylor-d-w7:8080/SecurityTokenService/
>                                                          
                     </wsaw:Address>
>                                                          
             </sp:Issuer>
>                                                          
     </sp:IssuedToken>
>                                                        </wsp:Policy>
>                                                </sp:InitiatorToken>
>                                                <sp:RecipientToken>
>                                                        <wsp:Policy>
>                                                          
     <sp:X509Token
>
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
>                                                          
             <wsp:Policy>
>                                                          
                     <sp:WssX509V3Token10 />
>                                                          
                     <sp:RequireIssuerSerialReference />
>                                                          
             </wsp:Policy>
>                                                          
     </sp:X509Token>
>                                                        </wsp:Policy>
>                                                </sp:RecipientToken>
>                                                <sp:Layout>
>                                                        <wsp:Policy>
>                                                          
     <sp:Lax />
>                                                        </wsp:Policy>
>                                                </sp:Layout>
>                                                <sp:IncludeTimestamp
/>
>                                                <sp:OnlySignEntireHeadersAndBody
/>
>                                                <sp:AlgorithmSuite>
>                                                        <wsp:Policy>
>                                                          
     <sp:Basic128 />
>                                                        </wsp:Policy>
>                                                </sp:AlgorithmSuite>
>                                        </wsp:Policy>
>                                </sp:AsymmetricBinding>
>                                <sp:Wss11>
>                                        <wsp:Policy>
>                                                <sp:MustSupportRefIssuerSerial
/>
>                                                <sp:MustSupportRefThumbprint
/>
>                                                <sp:MustSupportRefEncryptedKey
/>
>                                        </wsp:Policy>
>                                </sp:Wss11>
>                                <sp:Trust13>
>                                        <wsp:Policy>
>                                                <sp:MustSupportIssuedTokens
/>
>                                                <sp:RequireClientEntropy
/>
>                                                <sp:RequireServerEntropy
/>
>                                        </wsp:Policy>
>                                </sp:Trust13>
>                        </wsp:All>
>                </wsp:ExactlyOne>
>        </wsp:Policy>
>
>        <wsp:Policy wsu:Id="Input_Policy">
>                <wsp:ExactlyOne>
>                        <wsp:All>
>                                <sp:EncryptedParts>
>                                        <sp:Body />
>                                </sp:EncryptedParts>
>                                <sp:SignedParts>
>                                        <sp:Body />
>                                        <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"
> />
>                                        <sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"
> />
>                                        <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="AckRequested"
>                                                Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
>                                        <sp:Header Name="SequenceAcknowledgement"
>                                                Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
>                                        <sp:Header Name="Sequence"
>                                                Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
>                                        <sp:Header Name="CreateSequence"
>                                                Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
>                                </sp:SignedParts>
>                        </wsp:All>
>                </wsp:ExactlyOne>
>        </wsp:Policy>
>
>        <wsp:Policy wsu:Id="Output_Policy">
>                <wsp:ExactlyOne>
>                        <wsp:All>
>                                <sp:EncryptedParts>
>                                        <sp:Body />
>                                </sp:EncryptedParts>
>                                <sp:SignedParts>
>                                        <sp:Body />
>                                        <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"
> />
>                                        <sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"
> />
>                                        <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
>                                        <sp:Header Name="AckRequested"
>                                                Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
>                                        <sp:Header Name="SequenceAcknowledgement"
>                                                Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
>                                        <sp:Header Name="Sequence"
>                                                Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
>                                        <sp:Header Name="CreateSequence"
>                                                Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
>                                </sp:SignedParts>
>                        </wsp:All>
>                </wsp:ExactlyOne>
>        </wsp:Policy>
>
> The message is:
>
>
> INFO: Inbound Message
> ----------------------------
> ID: 1
> Address: http://taylor-d-w7:9001/SoapContext/SoapPort
> Encoding: UTF-8
> Http-Method: POST
> Content-Type: text/xml; charset=UTF-8
> Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
> content-type=[text/xml; charset=UTF-8], Host=[taylor-d-w7:9001],
> Pragma=[no-cache], SOAPAction=[""], transfer-encoding=[chunked],
> User-Agent=[Apache CXF 2.5.1-SNAPSHOT]}
> Payload:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>    <soap:Header>
>        <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> soap:mustUnderstand="1">
>            <xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> Id="EK-463EBF17CD8BB664F513238966849479">
>                <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>                    <wsse:SecurityTokenReference>
>                        <ds:X509Data>
>                            <ds:X509IssuerSerial>
>                                <ds:X509IssuerName>
>                                    CN=SUNCA,OU=JWS,O=SUN,ST=Some-State,C=AU
>                                </ds:X509IssuerName>
>                                <ds:X509SerialNumber>
>                                    3
>                                </ds:X509SerialNumber>
>                            </ds:X509IssuerSerial>
>                        </ds:X509Data>
>                    </wsse:SecurityTokenReference>
>                </ds:KeyInfo>
>                <xenc:CipherData>
>                    <xenc:CipherValue>
>
> EnQ3zXKpRuodk3ecpMJ6ACgNGPeCBTHWuVr3WsOHB/L3TJEujhaOmZHTLLn3Ml1+xPI3F/x+GswphkzjJeAmnEuCmgmbsz87CeZaycH+Jz7o/Q8xbpHzoC+XIkXwcRYsCnFmqNrtSrRTB9rzjgnrXGvVEI+Y+bV9A5Rre8nEGxs=
>                    </xenc:CipherValue>
>                </xenc:CipherData>
>                <xenc:ReferenceList>
>                    <xenc:DataReference URI="#ED-17"/>
>                    <xenc:DataReference URI="#ED-18"/>
>                    <xenc:DataReference URI="#ED-19"/>
>                </xenc:ReferenceList>
>            </xenc:EncryptedKey>
>            <xenc:EncryptedData
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-17"
> Type="http://www.w3.org/2001/04/xmlenc#Element">
>                <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
>                <xenc:CipherData>
>                    <xenc:CipherValue>
>
> clhjfLRCfEM6doCqvCx7rs+Bectqt54dzIWAEZW2KJcpJJVqxMe/nTT3qHwP0GsaJZMkWmO+D9pbNn6NJtzlMMCbmRp9LSlAD5lXxae9eGqeFXSB6it/EsIJVP+thfhkD1V9WHmc4F5LVX36RxW3wEDgl15MShvInzZoa4UN53ETtyFkk+L3YrsTZtXvqbaoZQ/k+mJyu1Y63NNiII24IP1j1n3vuaNPk0fmqrJEjnHKuum6gx6f1EnoJyXBqTcsL0sOsrxK3tDJ56LYP3dXQKAoFrLmFYtzo99yBIzLviJ1W2TTH2GvLQsp2akR0NQSgQvBRc0cIr0BrHZ984rUIZajNjK2UBKCzNp+9LWwu/VUDjLP7vhWCvVZF2ZqRvJ/VRNHaNU6z0u7Rc7icepwFJyABhdr9dHXZL19H0TqcjUZUsmJpQyjq3MclOV5aqN6ejhT3Em53CsEoc6KNdx+WFafoOZ+XwXtSavkzs3j+acMOu2W1I5dy8e6i4WTUmkXayEk4Hb97mNilWNID/8DozjWW+wW7OtQG8a4tE+OTL7DRYOit8iHH8lILzPSBV+BrrNoQgW8K06t3wUXh8+c0mw0TCBIextlo++/sB/0L5ScuNn0KBt+RfrfKj3r2JV+4D5xvaJ/ptQG7Kdzs9uYc64pUl3ZFL6ic7vZXjK6cDSy2LfeD3Zx5r10D6TDKaTLd2VGaxxYajrbP+GDobKBdlyPct+GwD3TMBHOImc6giupwizZv0CmI1Vs2EhIZ7NhnPD0Y6dlTUUdWdgtGOCIBHJi4nCQoRjoSjTpPI4RdKTdzl6aV+kHG+9ZNzv3ReQzLQJxzFk+fvUfijzdvycK+PJsk0lttR3fUwiVb5avQmUMKN0V7xj2S8rRw9DdaNckNAiBNFEscDl+iISIR1BPXhv2g+ayTQT7FCXnkr/Vn9iCeL5oq4+KuMe888ySX2bEF24gelcgUq1i9HqR4AFG+GA95R0/bgOTyHxCCx2ZKkBcGiXCkEgYWqx2s+WKqpl9OjV/W7P2hVXYtpUw9UjpZw09yendvub/KFntOR3O86vsmd73O0SCjYrBoJKyCQ73UPDR8pg/owvyO44YeH+FVpJ4kcf4VV6dA+lyavk18gA9LX969zSMdgwUtJ9wXWrhXgKWqBMxRimGY86WSK9iNR22f3qMkh66+M6SiYr6Wz4j5gPOcmuha7XRcC9jpaB+dFRcXuQo6+zHwh7RLAngv1YWIik6poKk1ISn9aTyyd98N3qZO7b7dPLIJSuGCVJOqCVvh6So0KF7P6hwe95lhoYjqE7MxGXDUTQr9ZWwYhOn/EkaZwWh+gGXE7vlSIUZ9tdlcHah88FaMduZrCkPCQGjRvg+6LKk0JaFkBlUGkwSlPglgw8KoZS9PH2+65o5nTTI7ZwpDacW/2SdfyndDWTlT6CZo2yGGQdFp10RzRAR3V0kMBxwOUXVdllVEuJTnsPUp8tzYSVNY0VMjB02AoDV9ouN3jV/r6Fah60I8Vdb14dFypd9OebO9Fzyo4VhY/iAWMqnS2m/afEyrm+rsYvS4C850mgZkHvv9iS7PUmQlNC/reiJk8pUXvDcaa0P7h+Mnim/pSAjuv4EDrVol5h2MYanQj2EWO93sJdboXqmQGosh1ca0u1WGWG+0kZ6Xe0PeWs8FsNtugahbPywV0gvNAuidsMIMAMnHKQL8BXZwy9rNmXXGy3Gg2rRuafL1CufKfqCNc9wLSRQKAf+ibcPinOww/45RhtjMfz4omE1cLgjDIKCGNA6KXppLRR1WsQxI20Q5bDK/erZgro3KJ7EknU8KwSn+usp7tuSONAHXYNZbiO57f5wJMMzoovA5ybKJ3PIUbMSNaG/h/VSI9HcgEijV4IGDq61PFvuzEDAmZx1VB21qnlLstDJWXkViZ+laLePBpPuqGpHtHGW/y0lKjrolyR1vbh5qJCtSjKs3hY46da2cq7tpqAz1xxOxeufC/oPWICKVcZjCcV/bTbO1cy+qBo8aikLJ2kJNsttMzZsGAzwJtLNUrVsgDtNmdHkMhebZjN92CBVmoa5YSonGqD7kH0xVnno6nlo1sI6Vh/+xQJfHB1O/7XFpBqWRuHKt8lcsOySXskjmphLnrFH6Hw9MRS2HHylGW6pZh1ZZotzHCmGuwxGqVNQ5CgtDP5TPunBsNe1p6/n1QSJcP689eyGFHCZ/W9FrWovK45LnpmuYL9qUZosajz8KE8kUGidmEqZR/UMf1wVGvDOFWSrcOQHucaTY71AVWNiyVyLJI/BUYTldKJ6pchzR1Etsmgvkc/MlYMy9nqGNxJRf0fztg3HC1CX4+jigE7yoJW6nxQl7swTq3QQiOG+1kbd1hLMuNfI4SUYWH80TDHJbNiprmQPkQHpycz5fJVEGQSZgbCTR/RTCC/agdyxOx7cmI59yKgV73T3/2mqzQ7ZWUvKGfS5iDBy5qLw/iXcOdTe4Tt+PVJhOUOKd0Bes+vm21aN55AB+/gQq4jS7qv8QzViDK08ZyLX7h8bbsgszDJJ4ZUSKnV7U5iZEhDw8DJ0vO5pK91F2PQ7In73ANHOLeJ8GOHq0inyCwANUh2GEPDoPE7XyLyuCVkFnJNSTR0X5+k5xn06NM/fBiLujbe+yBXIt9Di5svhk2QmtYSdObWAnwtr2qkprdXtaeh+7NA1v/2fkFEIJ3IfiAl9zkKuKPg6VkkmiUdgmBXSby4Tepv3pAJbB8x+mzaU1+pjxjhMRBjejTPasa/NYIwIdDfwFqpzTcBgX+4vFrfUTKuoFQHHVVsteePouQhD+kqaR6HNh6wiU3VK/b8bKPxe+Kkl4DHYVi1+kNl1OA3qr4InZ2K9BFFwUcFDvMUEt1TQgM1eKvD/kgQih454Vr+BJx7/bStNRML0JyDsXy3OzWsJlYT7PJ6BfKi4SyE3e8zdGiwA+2Jsjt+igOPI/CzuX43pOGreAEmkL7whcG+1GTlrzlzGsLhkjYImP4fVPYeT8Ubrq2w4glQsyR49b0F/fIw2eEbSVROUBgb47XM/d4dv1OfL1TKOmdqBg6Y+vg2ievjtUQTazDvxvWhweOxAAkgpOmA8+uFhPQgX3g12l4NgO8rcgQ04yQo1f+Cf45BoPqM5XTBgstmcLy1gdPCC3nhkI8Ng/wFLgNPYbVMt7M/xAoTSnONggeRzRfRmh6MnRAydljaq3zs7kVBHW1ovnK8wnXRRb4Y0sMAvi1skbdro9hBJL7+HoYqeDrbpMn0BLYnqLNr5XN8vKOBlXDwBddJCoiQY5zWVF/XjvGi1yxSjVUp9zczDc6ncMbf3jBxikDXuGJBeGcDmempugSuuvqBBbchZE80MgLoxtMdai1KULmuIQGK1wW5JgcpRe4ZaOaWybKKO+VNTR5cyVTq5tx50Nriihvp+zwCeR4hrL5K1pVmfes3bk5yA+ksVOzrlgqYOS/vsYsFmI59wAjBDpyDm78Orm38hs2qeQYt/QkQmPCpu2SPVEXLQRmRus1yzC6ozyME8VF3PJM99SqAgi1ktQBirU29teDTqP8VrVjWF02FPsWOmzsKF0XECzn90o08Ibj2G4cOd1dfqmpAIL5bwJv2EoiEpmvUvx/2fLMMqoLfzLJvamVZWeU9D+KeXL44/nRenn2mCtz4/+v0o+O7u06FcXaxbp++fOwjl4O7Dx2Xh1+RhPrZBxrb65rYl0SUHDFW/xhxwkDBVKH2PwYVRHA3MRphxvTOD1mrFT8+h8zHK+50+JT02DZ/JvMHQiIFTnCsdoDvCOCky7A2uq5Gc1IDXmWgDi22rRIBCg1Xn1nYfS+COGoouTVpPyI9tqngq3SbILFxLYpCAqq/b8HdZyF0RJjaSx3cQbZ2wF9diPGpS71LfRJYw8G/ftVOomJJ89r7h24hRYnpEbbLpC/vgTzZ2217xMg3IaQRO/SOncRagGMhjERJBtDtl3soR4DqwnCps+e8LplZoTZNipueQoEtFy214vAmwOtdYgdFW6H9gBxxV6BZmfPLo5qLi4PBFm75UVf22/2GmUCmm44A6GW1eatz06atC/5fp0EphDFF9HHMxIPsK/fmTKRdJfVL61z2+Y/iT2p7OjFFqmOXucUZjKJknycldbPEMhKfSBdsWZ59oRFpi0eenGnFHPujB59qyoOvixxtc+i9VRh9Tlg/0r0lg+1KnUfn2Vh0adxwgC+9azxJdvE3T2a99ZMnxSd5jI7UDNxkNEUrQevASY+OBOncEtjkT6YY7LK+F7bGBdKqq76rQzZ24NZ6sZR0cQBZoddamNSTlJXwTrynFHXatipowdJ+2L6mTqU7QWBnsfWzzjl6W5kHFH09O5qjBlICCzU/YRR0Zk5VGO3EFxiRonlr2hyyR5XIG926ijo1AFh4aj9+QABhY634+xG1eNHYih7c9LSUehWQuy/c8y+uROuq1xYmea+aENOnnlBVfHIeXk5seR+3JbjgbjgB4xRj/ZxF0ipRHUz7ZNdlit0E5wyALTIG94nrMdcp/7oHgSbrUdFzjESALWDt8IcWvS4Tki7rWDo4HpXO04TG5n7KvDWPEp9D22JofNyjECHWcKzbjmCH6HN3OuAKmVu2I5ap0BbWWwy6nkp0XUnPwcfc7QibruNgmNGjDnJKYSfqIuS3um3ANH2kPQHKNPgCgHhA0OPnyAA0rCNwS/83FGw+4R5P5KxyVGW1aFzWtJM9yOeCmZlypqUQb2hRdjEP/83hLJs7HDW7Hxl3l31UmiexFlhCMP16gm4RtYJQ+d+xstyvlM+zfKw7vISR/fSRr6J1dY3aUgavEtJMbKzYci82w5Jtgere4DitkbY/70m+NCKBH0uOImaiYI4RkhFMUPloG5pPr+cobKR4jtjR332C1dggWN0t5mvmW9I9R2q6q682dP5CZE6TS6xAP7gXQJARlQ/NdRU5++WUcT2hiou0x1ErCOc63I4zU4/pQIYECrOhGh0i12y7DJ8ky77bGuXLWw+0q8oG7DJx2wvrfOs5akfD2kv9a/kZJFX3ZGhq+xCf3r7LoSX7nlpVg6J1YEbG8osUpPIfL65/14gCSfUQr22/poQe45hiI+GkCmntgP0v4asvJAq/9h+3EzyYeMCCg6hiZ/HbNwxrj4dXlmmd9mcWekHXfRyNHp3YjAIY9JPjrgsSlKiRNXEijBS16x2HcYhjeRPaNYbyhguZUd0EUSt+wYmdgf25BEm6S9H8XmD3k9NVOyEc8TMhhUEhCCe95MbooEW7Q3tWiWjO8FiIelUvrE4zQXGQcwZHyV6Ft9UxJLhPasN1fCvu1D1rVjXmvk6pEK53XWIUta1/BGMxt3FKUm/wOM/WSWVOcQ61k9e+ypE9sq8PAFearC6rNJHLcmnpMYqicqjE8GKE65xrnrm2HOSWyUsK/n0nbVGysTKhAOBLqA8c/Oskf4bo0SmRQk5Yj5q21K/U303lnD03LIFKYHuopJ8/nCCT7Bek5tAAN3TDkyD3BtUN0Ng5yNzqCO4kzbnWaS8dzfG+3MiNfqK0G+abLSZjE99zGZMoYu5N04Fd9m/s5shpnXcNgja33bPx83ZGHYx11TrGQk14Ougt2qJtVcjC0cWXWDSfKMhqOyPakvckqiiPvpMbe
>                    </xenc:CipherValue>
>                </xenc:CipherData>
>            </xenc:EncryptedData>
>            <wsu:Timestamp wsu:Id="TS-9">
>                <wsu:Created>
>                    2011-12-14T21:04:44.931Z
>                </wsu:Created>
>                <wsu:Expires>
>                    2011-12-14T21:09:44.931Z
>                </wsu:Expires>
>            </wsu:Timestamp>
>        </wsse:Security>
>        <Action xmlns="http://www.w3.org/2005/08/addressing"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-15">
>            http://apache.org/hello_world_soap_http/Greeter/greetMe
>        </Action>
>        <MessageID xmlns="http://www.w3.org/2005/08/addressing"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.
> 0.xsd" wsu:Id="id-14">
>            urn:uuid:394867da-00ad-481b-a880-71bb12c14760
>        </MessageID>
>        <To xmlns="http://www.w3.org/2005/08/addressing"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-12">
>            http://taylor-d-w7:9001/SoapContext/SoapPort
>        </To>
>        <ReplyTo xmlns="http://www.w3.org/2005/08/addressing"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-13">
>            <Address>
>                http://www.w3.org/2005/08/addressing/anonymous
>            </Address>
>        </ReplyTo>
>        <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-2004-01/oasis-200404-wss-wssecurity-secext-1.0.xsd">
>            <saml2:Assertion
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> ID="_AFDCAEB237F02C6FBB13238966843091"
> IssueInstant="2011-12-14T21:04:44.313Z" Version="2.0" wsu:Id="id-10"
> xsi:type="saml2:AssertionType">
>                <saml2:Issuer>
>                    DoubleItSTSIssuer
>                </saml2:Issuer>
>                <xenc:EncryptedData
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-18"
> Type="http://www.w3.org/2001/04/xmlenc#Element">
>                    <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
>                    <ds:KeyInfo
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>                        <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
>                            <wsse:Reference
> URI="#EK-463EBF17CD8BB664F513238966849479"/>
>                        </wsse:SecurityTokenReference>
>                    </ds:KeyInfo>
>                    <xenc:CipherData>
>                        <xenc:CipherValue>
>
> fZNQCl+5TZKRRZgO1RVoDFA+mZd001UQDFp8t9Qi2AMR0UYW/4z8tE3eqSX4+NPyYip6cVa7QArvoudII69uLnWTZ8WACt5W42woMxrbXF/ARepAo0YSf41xnuk1pF5y9V3t/o1Wso3oCLuNz3fJwz/zfcAT1LgbWLXKZ1ohgyTZ/dzoPp2Z+h8nMYl+nfq+B5X1hZ4q1kjY2fB0Qe3BJ8xn5xcoQ+5jIwrjPrDQVBk3reJD9cuc6Eun70FYdFbAPFbWeVa6duadcHxKIvikmrVfByret7PvZmWR1GxtnSTUATn38lM/L44LfI1kne3QG+j8/6w2t1KyuyS4/hFTzDGmCTFVP1IMUS6oXdQvLrcQt3q+6+3Qz3kimTlr8eIwud1tC8JZdpIb19iOvco93TCa+AlPqVxju6Id02ZnsalZ5q8mymERY8bT7pAZDlPbNXqq0yArSNQ6opYH0QJRt2/vObyY6LNJcYIdAgvhXzjHb85YE+NlISNIrjQ7ElrAi0QUwZPw/OC7Y/crBG0nIT+7THLZnHyxBmR2Z5C4HTAHasqSDvwHAAIGuq4DQGyP1BBCT4lnxSqSVZMaDUN/Z0TCLBHu7G6xmEW69EoC40cAZ4VxGGWHlhGURLQi8MnK53th3K6VjpG8O+AjJBP3Nxqg2tcdz8bIKwKPoo0EvG6cZdvJev0HGx9KyMYJk7Y1HEr/P/Bylx6FizvMTkMZ1stbcPMa5GzrtFzp/ciySjajEDWS5pYQ+ZTzAQRoRMzXs/pPv0QwxUteNO4OHL7NU6A9v5wwLiFeoHxDVyyxSP/ipUCyOSoVNYC7FXxv2lz3r/N8ukMt1gqAYvInSf0fRstr3y+ACifn4yKJSNXZNsAWFd2OWBNdibnk7DWmhQZLTqkNMGj1H07oDuZhgn1DtxVPa+WyI8ZyaPIa1dQ66PdX/JfBI2irtFnZxW8CvNieI801rqPiEUqq5bjTNCedT0lGUQEdBht5TxvWr0Oa2BERPk5KMKzdjhotal26TTEBZq0xx6S6mwvOBoIJcdF9waZmcy0yxaxNdbE9NQ1GKYewWpO+/NYZKlELPs6UtCqzcxDeqWWzppWsraJeYlFn7UloBkffnv0/CFFW+lYzoGSQ5/iGqUKgryhIJ1KBLUr8QpbvjsF/OYahyIlXmGDOeSyYGJO7qDagZIyZEeHHH8F5e/739FiDLZUnRbnb1WmtxUfkIpwi88eg+H0lpCzOYbrtLMVrYjXjpH5SzquyqP/+DBLQqvGRui48jW0ATVTp8GWpddD0HUtPrAQyaU6juxCpH9nUax7wzXsfz3XW1kxWMUXjyoQEooOWBi3e8DHiVk40722zhVCdegmW8Fa74/IK7t1J5NY9voy4PNW8Je0Tit6FVSS8hRDWdbgEvsmSg8e469HlWLlD208TwL/lyI2ljg0ZjK3qBfH6ElivofvmOmh8Zjl8heaJFangRMjGCbuCB7PevXllnYVI8VDG9VEQyDTkzNGFKch5uZ/x4Hk6jryq0wkwM8KC0iafRwMgqt0s7xaaSfXnYuoNTEw30EeymKBewkPCYvGLHqj/7AC9WIgYpWyRVHks9idIhOy6AEo+2IKawOKfDXkorsCRnszljtOmJDIUthYezHfrWtO4KEjMwvxM7WxNXCUpvDPyO/MjwXmbqo8D2oc9GvUKRHInYLF4wbmeK944QBRrvrsp9IzARhxrZSOMpf6CiDKtXcGyGQ0lVLHsNnFoS/Gf/lXxdrU8lYQMvDhxWuO5A75jkNBi9TRh3AN5/68QxZg60XetETXQ9qicA4dFxW3PMZ/LNSzSJQGcm93OcUswz5QKHlyYuWvs2RjaBKPyldszIGo3j2Q23N6rA5oLeI+IcYu5e3XIsMOFoaYhVM2HlKh3eWzE7xUUjcKJy3CyjSQHuTEIz9pLQZmyDmVYLfQB22yz8uXtl7RKwA8IuIMRzqEhqfJt9kaVyXwyebqVM0Je5mbKu99v+I3ZBaoUWYYJtumB14B/lJQJjIWoPJGlqSYg9M93kVWoPz66EagCaiR8/xttadtEvPfYQFYqbyDdnZrAVY7ah0MFtT+of4p0KLyAhwYsMC+fb9DAFOrQ8Buh39GgfV7qIQR85IoRg7+E/ZJLgLNkEx5ChSWzace2KIBFAE5lLCh4sZd50QiziGzJxUq/z35yRx/PSXApfhdQL28OnaaRb2A05WgkweTfqLe7+y7gB9SCb6rPIwax/rK3EO40SpGgEQN6DfIKaRhP7t2O64EKky1B4tmtNNsyC40ANN7FeqIYSVd6NeQjKI6QAXl+tUza+JV2BiBcj9vne82ecJubYZE63FQqE1DqI8g2M7T7mizick2DH6OTJtcKAjNB9yVfGGC4tDwSIk1SaRlAxN5RRMjBe0GW8X6TytdiKM9NsSUroAqBhpeKujJmZAzGHBQIsxUwDE/Kx+Ywy73dvXWLMG2f29+oKS1zerYRvx//Ry4sMP0pvkvJf5kPl1qnJjPMa0I8asTvsRSv6V5UmzEW6i+Frr1LlS8JCJkCJhy+o/vEiQgXmt1HSVnqQuwb10naHl8ITqnfhMW7M7wz1cbe0J2V2j5s35x44NHxlrN+144YPvbRStTbErMrWeirXeMS/ZedpfKttSATyhshYwe1NtgVHxYjOLDI6GSR+s9RJe4lyL3uX952xifez7rR6xn42opJ+eS4TlAQ5kAdlgXbO2HDp1J9U0zPOizFgne9wBQk5Jj0s6ewYdAeMJ+v5JZ9At7aU/wftjcOSOiZMFj4qc5Kyc1EMRzqNDRqRImSirJyXcr5GNdaGyQnwp4p7fvIr+qP/HHtz+Zha0YJYXkFgPuXeL30I/kYAu07CGySJj97KZ6iE388fo9MXX19ZEa4iyFEDu0cR2wvE3HBKzV72luQFzw+ISnAtxAADVxQTVPQ5NCOVfZWHtiV3joDCwcs1kzUTWseG8V7fw==
>                        </xenc:CipherValue>
>                    </xenc:CipherData>
>                </xenc:EncryptedData>
>                <saml2:Subject>
>                    <saml2:NameID
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
> NameQualifier="http://cxf.apache.org/sts">
>                        wsitUser
>                    </saml2:NameID>
>                    <saml2:SubjectConfirmation
> Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
>                        <saml2:SubjectConfirmationData
> xsi:type="saml2:KeyInfoConfirmationDataType">
>                            <ds:KeyInfo
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>                                <ds:X509Data>
>                                    <ds:X509Certificate>
>
> MIIDAzCCAmygAwIBAgIBBDANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEMMAoGA1UEChMDU1VOMQwwCgYDVQQLEwNKV1MxDjAMBgNVBAMTBVNVTkNBMB4XDTA3MDMxMzA2NTUyNVoXDTE3MDMxMDA2NTUyNVowYzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UECxMDU1VOMQ4wDAYDVQQDEwVXU1NJUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwe37mzKVC6jgJduPfud9w8AurIhtbkW/6pHfrtpN+baCJhYVXPtHKf2+IcrPK6RxHuRFomvbd+mZY/ksPR/MWfo0uE55L6wMfBleQu+iSuZd7Rh37JFHp2CkWOeMfABtupzos3+VzMcoftBzRIZY9Bxy7WtZ8WJUDsnVBP1lCI0CAwEAAaOB2zCB2DAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUGx3MiyTizFxMbMyVePSDheTY4JwwfgYDVR0jBHcwdYAUZ7plxs6VyOOOTSFyojDV0/YYjJWhUqRQME4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMQwwCgYDVQQKEwNTVU4xDDAKBgNVBAsTA0pXUzEOMAwGA1UEAxMFU1VOQ0GCCQDbHkJaq6KijjANBgkqhkiG9w0BAQQFAAOBgQCJpSnqYAwg92tclja7izIJsFzfQTPzwO6l/+3OAIG93deUyKls4VcD6uXOOnz8CXA6hwh9pLrrYi9MeWuydwd3LLzLSLK6X6VPRC07b1xuJvkLHLeJ3p9IcPVeq9/zB94NXIiehHxDwc2pcxx10ArkRBPbACV4etG1Pnb9b5STZQ==
>                                    </ds:X509Certificate>
>                                </ds:X509Data>
>                            </ds:KeyInfo>
>                        </saml2:SubjectConfirmationData>
>                    </saml2:SubjectConfirmation>
>                </saml2:Subject>
>                <saml2:Conditions NotBefore="2011-12-14T21:04:44.364Z"
> NotOnOrAfter="2011-12-14T21:09:44.364Z">
>                    <saml2:AudienceRestriction>
>                        <saml2:Audience>
>                            http://taylor-d-w7:9001/SoapContext/SoapPort
>                        </saml2:Audience>
>                    </saml2:AudienceRestriction>
>                </saml2:Conditions>
>                <saml2:AttributeStatement>
>                    <saml2:Attribute Name="token-requestor"
> NameFormat="http://cxf.apache.org/sts">
>                        <saml2:AttributeValue xsi:type="xs:string">
>                            authenticated
>                        </saml2:AttributeValue>
>                    </saml2:Attribute>
>                </saml2:AttributeStatement>
>            </saml2:Assertion>
>        </wsse:Security>
>    </soap:Header>
>    <soap:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"wsu:Id="id-11">
>        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> Id="ED-19" Type="http://www.w3.org/2001/04/xmlenc#Content">
>            <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
>            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>                <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
>
> <wsse:ReferenceURI=&quot;#EK-463EBF17CD8BB664F513238966849479&quot;/>
>                </wsse:SecurityTokenReference>
>            </ds:KeyInfo>
>            <xenc:CipherData>
>                <xenc:CipherValue>
>
> j1ygG6miHrG3f9yQmRacxlAvEwn+ZJ0hh9Pig8qMAjxFb+TjFNBA8h0nx+LMwwdWU05i6mnH4xMq913fmPr5A9TBQf75Y5/1j1DdO4lwQ0lwLC7Gzrq2OwLwXHEFX+Ze2Y0cXn4C11fpzdOnVMpykRY2a/YdIxWj+9d5trabGuU=
>                </xenc:CipherValue>
>            </xenc:CipherData>
>        </xenc:EncryptedData>
>    </soap:Body>
> </soap:Envelope>
> --------------------------------------
>
>
> Thanks for your help,
>
> Dan.
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Encryption-Parts-not-followed-tp5067011p5075696.html
> Sent from the cxf-user mailing list archive at Nabble.com.



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message