incubator-stonehenge-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Dewey (JIRA)" <j...@apache.org>
Subject [jira] Commented: (STONEHENGE-44) PHP_BS -> DOTNET_OPSSEC interop does not work properly
Date Fri, 01 May 2009 21:45:31 GMT

    [ https://issues.apache.org/jira/browse/STONEHENGE-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12705130#action_12705130
] 

Ben Dewey commented on STONEHENGE-44:
-------------------------------------

I tried again today from a fresh build and, as before, the php page returned, but the order
never got closed or processed through .NET.  

Using the bob_cert had no data in the SvcTraceViewer.

I've been looking into the issue a lot and I'm hoping to get a security expert involved. 
Is seems to be related to the fact that the EncryptionKey is loaded by reference:

<xenc:EncryptedKey Id="EncKeyID-04818ef2-e732-44e1" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"></xenc:EncryptionMethod>
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

        <wsse:Reference URI="#CertID-4835f059-ce6f-4de8" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference>

      </wsse:SecurityTokenReference>
    </ds:KeyInfo>
    <xenc:CipherData>
      <xenc:CipherValue>ARMh40u6P93sgtNbiAIHQ6wb1XwGCB7j7lo0INOcKXvyOn0CAHVXn8r7VL7bdkvUtTowWiGtPGgWG8rp22QqpcEpXbPY4cPVaSr8apfc35Ri5lQZ5jeHeOhrlLk5iMEgTtljbFvOgvkq22Miyj/XJ+Q6eQIEw9R8Wv9Ys9YxzMc=</xenc:CipherValue>
    </xenc:CipherData>
  </xenc:EncryptedKey>

Is there a way to modify the policy.xml file so that the SecurityToken, gets supplied as a
Key Identifier, this is the data that is being sent to WSAS/PHP from .NET

      <e:EncryptedKey Id="uuid-914d7d40-322e-4228-ba8c-d286ff9bc88c-1" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
        <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
          <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
        </e:EncryptionMethod>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <o:SecurityTokenReference>


            <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">NQM0IBvuplAtETQvk+6gn8C13wE=</o:KeyIdentifier>


          </o:SecurityTokenReference>
        </KeyInfo>
        <e:CipherData>
          <e:CipherValue>O8E6TRY7tEehAjY2p6+euAOF2l7sbXWEmpp9usnecJLewxdBjAFxyHcZ7F7iLxuyB2XDgT30fZlKCS4E5JE2vz6Mk1OJwm94cURIH6ATNcp49SgY5hI3yonVNSD/n1tfUuSdEFBuMNdqIat5lMMhKnZZS4DhDNCoBqAFT9IyZAY=</e:CipherValue>
        </e:CipherData>
        <e:ReferenceList>
          <e:DataReference URI="#_1"/>
        </e:ReferenceList>
      </e:EncryptedKey>

> PHP_BS -> DOTNET_OPSSEC interop does not work properly
> ------------------------------------------------------
>
>                 Key: STONEHENGE-44
>                 URL: https://issues.apache.org/jira/browse/STONEHENGE-44
>             Project: Stonehenge
>          Issue Type: Bug
>          Components: DOTNET_OPS, PHP_BS
>            Reporter: S.Uthaiyashankar
>             Fix For: M1
>
>         Attachments: bob_cert.cert
>
>
> PHP_BS and DOTNET_OPSSEC are using different certificates, policies. Have to include
a CustomBinding in .NET order processor service to include the policy and certificate. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message