cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: Mandatory # tag in KeyIdentifier
Date Thu, 03 Jan 2013 11:20:49 GMT
It's a bug in CXF:



On Wed, Jan 2, 2013 at 8:24 PM, DTaylor <> wrote:

> Hi All,
> Another Java to .NET interop question here.
> The Java STS contains the TokenIssueOperation which builds the RSTR. In
> doing so, it generates a RequestedAttachedReference using the
> AbstractOperation.createRequestedReference with an attached parameter of
> true. This method, if the attached parameter is true, will get the token
> identifier and ensure it is prepended with a “#”.
> WS-Trust 1.3 – 4.4:
> /wst:RequestSecurityTokenResponse/wst:RequestedAttachedReference
> Since returned tokens are considered opaque to the requestor, this optional
> element is specified to indicate how to reference the returned token when
> that token doesn't support references using URI fragments (XML ID).  *This
> element contains a <wsse:SecurityTokenReference> element that can be used
> /verbatim/ to reference the token (when the token is placed inside a
> message).*  Typically tokens allow the use of wsu:Id so this element isn't
> required. Note that a token MAY support multiple reference mechanisms; this
> indicates the issuer’s preferred mechanism.  When encrypted tokens are
> returned, this element is not needed since the <xenc:EncryptedData> element
> supports an ID reference. If this element is not present in the RSTR then
> the recipient can assume that the returned token (when present in a
> message)
> supports references using URI fragments.
> As it states, the element value can be used verbatim, not by manipulating
> it
> to account for the “#”. The .NET service cannot look up the token from a
> DerivedKey using a SecurityTokenReference using a KeyIdentifier that
> contains the extra “#”, so the interoperability fails. We tried simply
> removing the “#” in this case and the call succeeds.
> Have we misconfigured CXF somehow, or is this a bug in the framework or in
> .NET?
> Thanks,
> Dan
> --
> View this message in context:
> Sent from the cxf-user mailing list archive at

Colm O hEigeartaigh

Talend Community Coder

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message