Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4DDF0175DA for ; Fri, 3 Apr 2015 13:58:27 +0000 (UTC) Received: (qmail 42378 invoked by uid 500); 3 Apr 2015 13:58:23 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 42305 invoked by uid 500); 3 Apr 2015 13:58:23 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 42294 invoked by uid 99); 3 Apr 2015 13:58:23 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Apr 2015 13:58:23 +0000 Received: from mail-wg0-f49.google.com (mail-wg0-f49.google.com [74.125.82.49]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 28B661A0348 for ; Fri, 3 Apr 2015 13:58:23 +0000 (UTC) Received: by wgin8 with SMTP id n8so22322194wgi.0 for ; Fri, 03 Apr 2015 06:58:21 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.180.104.35 with SMTP id gb3mr5753425wib.60.1428069501606; Fri, 03 Apr 2015 06:58:21 -0700 (PDT) Reply-To: coheigea@apache.org Received: by 10.28.149.194 with HTTP; Fri, 3 Apr 2015 06:58:21 -0700 (PDT) In-Reply-To: References: Date: Fri, 3 Apr 2015 14:58:21 +0100 Message-ID: Subject: Re: Signing of UsernameToken element with WS-SecurityPolicy and CXF From: Colm O hEigeartaigh To: Alx Cc: "users@cxf.apache.org" Content-Type: multipart/alternative; boundary=f46d044267a05ba21e0512d25791 --f46d044267a05ba21e0512d25791 Content-Type: text/plain; charset=UTF-8 > I tried this before and the Username was still not signed. Only when I > used SignedEncryptedSupportingTokens the username is getting signed (and > not encrypted by the way, which is what I want at the moment). Probably I > am doing something wrong but this works for me now. > Any chance of a test-case? Both scenarios should work fine. By the way, the UsernameToken should be signed/encrypted, not just the "Username" part of it. What version of CXF are you using? Colm. > Thanks for the feedback! > > Alex > > On Fri, Apr 3, 2015 at 4:33 PM, Colm O hEigeartaigh > wrote: > >> Simply change "SupportingTokens" to "SignedSupportingTokens". >> >> Colm. >> >> On Thu, Apr 2, 2015 at 12:49 PM, Alx wrote: >> >> > I have a requirement from my client for the signature to contain the >> > UsernameToken element. According to the rest of his requirements the >> > security policy I am using is the following: >> > >> > >> > >> > >> > >> > > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> >> > >> > > > sp:IncludeToken=" >> > >> > >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >> > "> >> > >> > >> > >> > >> > >> > >> > > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> >> > >> > >> > >> > > > sp:IncludeToken=" >> > >> > >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >> > "> >> > >> > >> > >> > >> > >> > >> > >> > >> > > > sp:IncludeToken=" >> > >> > >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >> > "> >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > The above works correctly for me. the only thing that I could not sign >> is >> > the UserbameToken I tried using: >> > >> > >> > >> > > > xmlns:wsse=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> > " >> > xmlns:wsu=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > "> >> > >> /soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Username >> > >> > >> > >> > >> > which did not seem to work. >> > >> > Trying to debug I see that the SignedElementsBuilder class is accessed >> but >> > I am not sure where to debug next, where should the signing occurs. >> > >> > Any help will be appreciated. >> > >> > Alex >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com --f46d044267a05ba21e0512d25791--