cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Mandatory # tag in KeyIdentifier
Date Thu, 03 Jan 2013 11:20:49 GMT
It's a bug in CXF: https://issues.apache.org/jira/browse/CXF-4728

Thanks,

Colm.

On Wed, Jan 2, 2013 at 8:24 PM, DTaylor <Dan.Taylor@merge.com> wrote:

> Hi All,
>
> Another Java to .NET interop question here.
>
> The Java STS contains the TokenIssueOperation which builds the RSTR. In
> doing so, it generates a RequestedAttachedReference using the
> AbstractOperation.createRequestedReference with an attached parameter of
> true. This method, if the attached parameter is true, will get the token
> identifier and ensure it is prepended with a “#”.
>
> WS-Trust 1.3 – 4.4:
>
> /wst:RequestSecurityTokenResponse/wst:RequestedAttachedReference
> Since returned tokens are considered opaque to the requestor, this optional
> element is specified to indicate how to reference the returned token when
> that token doesn't support references using URI fragments (XML ID).  *This
> element contains a <wsse:SecurityTokenReference> element that can be used
> /verbatim/ to reference the token (when the token is placed inside a
> message).*  Typically tokens allow the use of wsu:Id so this element isn't
> required. Note that a token MAY support multiple reference mechanisms; this
> indicates the issuer’s preferred mechanism.  When encrypted tokens are
> returned, this element is not needed since the <xenc:EncryptedData> element
> supports an ID reference. If this element is not present in the RSTR then
> the recipient can assume that the returned token (when present in a
> message)
> supports references using URI fragments.
>
> As it states, the element value can be used verbatim, not by manipulating
> it
> to account for the “#”. The .NET service cannot look up the token from a
> DerivedKey using a SecurityTokenReference using a KeyIdentifier that
> contains the extra “#”, so the interoperability fails. We tried simply
> removing the “#” in this case and the call succeeds.
>
> Have we misconfigured CXF somehow, or is this a bug in the framework or in
> .NET?
>
> Thanks,
>
> Dan
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Mandatory-tag-in-KeyIdentifier-tp5720901.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message