cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: WSS4J Endorsing Supporting tokens
Date Fri, 10 Feb 2012 14:17:43 GMT
The problem is that the signature is using an IssuerSerial structure
(by default) to refer to the signing certificate, which is not
included in the request as a result. Try adding the following
configuration:

wss4jOut.setProperty(WSHandlerConstants.SIG_KEY_ID, "DirectReference");

Colm.

On Thu, Feb 9, 2012 at 4:59 PM, sram <sram71@hotmail.com> wrote:
> I am trying a WSS4J assisted client to generate security headers that can
> meet the policy (DoubleItTransportEndorsingPolicy + usernametoken); the
> issue is how do I tell to generate <EndorsingSupportingToken>. Instructions
> available from DoubleIt test cases, are using WSPolicy interceptors. I want
> to make sure this token can be generated (how) for my clients coming via
> WSS4J or WCF.
>
> Currently I do,
> wss4jOut.setProperty(WSHandlerConstants.ACTION,
> WSHandlerConstants.TIMESTAMP + " "
>                        + WSHandlerConstants.USERNAME_TOKEN + " " +
> WSHandlerConstants.SIGNATURE);
>
>
> which obviously is missing this additional token, and therefore my server
> would complain
>
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens:
> The received token does not match the endorsing supporting token requirement
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The
> received token does not match the token inclusion requirement
>
>
> Any help or pointers much appreciated.
>
>>>>>>>>>>>>>>>>>>>
> <wsp:All>
>                        <sp:TransportBinding>
>                                ...
>                                </wsp:Policy>
>                        </sp:TransportBinding>
>                        <sp:EndorsingSupportingTokens>
>                                <wsp:Policy>
>                                        <sp:X509Token
>
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>                                                <wsp:Policy>
>                                                        <sp:WssX509V3Token10
/>
>                                                </wsp:Policy>
>                                        </sp:X509Token>
>                                </wsp:Policy>
>                        </sp:EndorsingSupportingTokens>
>                        <sp:SupportingTokens>
>                                <wsp:Policy>
>                                        <sp:UsernameToken
>
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>                                        </sp:UsernameToken>
>                                </wsp:Policy>
>                        </sp:SupportingTokens>
>                </wsp:All>
>        </wsp:ExactlyOne>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/WSS4J-Endorsing-Supporting-tokens-tp5470082p5470082.html
> Sent from the cxf-user mailing list archive at Nabble.com.



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message