cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Stephen.CTR.Chapp...@faa.gov>
Subject org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID
Date Fri, 21 Nov 2014 20:25:09 GMT
It turns out that I haven't completely resolved my issues from earlier, but I think I'm in
the home stretch (hopefully). In the code I'm migrating (from CXF 2.3 to CXF 2.7), the original
authors created a WSSecSignature descendant that does some security header customization,
including inserting a Security Token Reference and inserting a SAML Assertion. This part seems
to work fine, until I try to sign the assertion. Then I get this:

Caused by: org.apache.ws.security.WSSecurityException: Error during Signature: 
	at gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction.execute(SupportingSamlTokenSignedAction.java:126)
	at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
	at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
	at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
	... 44 more
Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed
	at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:561)
	at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:481)
	at gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction$WSSecSamlSupportingTokenSignature.build(SupportingSamlTokenSignedAction.java:250)
	at gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction.execute(SupportingSamlTokenSignedAction.java:122)
	... 47 more
Caused by: javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException:
org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with
ID STRId-5676DF1E739178AEC41416571963291192
	at org.apache.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:436)
	at org.apache.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:364)
	at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:495)
	at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:378)
	at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:556)
	... 50 more
Caused by: javax.xml.crypto.URIReferenceException: org.apache.xml.security.utils.resolver.ResourceResolverException:
Cannot resolve element with ID STRId-5676DF1E739178AEC41416571963291192
	at org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:118)
	at org.apache.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:430)
	... 54 more
Caused by: org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve
element with ID STRId-5676DF1E739178AEC41416571963291192
	at org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:85)
	at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:298)
	at org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:111)

The security header has the element with the specified ID, 

	<wsse:SecurityTokenReference wsu:Id="STRId-5676DF1E739178AEC41416571963291192">
		<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_5676DF1E739178AEC41416571963191191</wsse:KeyIdentifier>
	</wsse:SecurityTokenReference>

So I'm not sure what the issue is. I've come across some references to using IdResolver, but
that didn't seem to help, and is supposed to be deprecated besides. Does anyone have any suggestions
for resolving this issue?

Thanx,

Stephen W. Chappell
Mime
View raw message