ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Srinivasa Kukatla (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-231) There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security.
Date Tue, 05 Jul 2011 16:39:16 GMT

    [ https://issues.apache.org/jira/browse/WSS-231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13059994#comment-13059994
] 

Srinivasa Kukatla commented on WSS-231:
---------------------------------------

This needs to be fixed, as it is causing lot of issues. In our case, we need to have the Signed
Saml Assertion, timestamp, as well as the signature covering the timestamp only. Hence, we
needed to configure SamlTokenSigned, and Timestamp, with the Signature parts as the timestamp
element. If we specify the signature again it is failing, as the signature action is decoded
from the SamlTokenSigned, and it is signing the timestamp as well.

This issue causes failure in lot of scenarios where the signature is involved with other actions.

> There is an issue with the position of the <Timestamp> element in the <Security>
header when using  WSS4J calling .NET Web Services with WS-Security.  
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-231
>                 URL: https://issues.apache.org/jira/browse/WSS-231
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>         Environment: Windows, Solaris
>            Reporter: Chris Weitner
>            Assignee: Ruchith Udayanga Fernando
>              Labels: timestamp, ws-security
>         Attachments: patch.txt
>
>
> There is an issue with the position of the <Timestamp> element in the <Security>
header when using  WSS4J calling .NET Web Services with WS-Security.  When using the "Timestamp
Signature" action over https, we are receiving the following error: "Signing without primary
signature requires timestamp".   When I modified org.apache.ws.security.message.WSSecSignature
to position <Timestamp> as the first element in <Security> it worked fine (by
default <Timestamp> is the last element and after the <Signature>).  Can this
be fixed or can you make Timestamp positioned first as a configuration option?
> <soapenv:Header>
>   <wsse:Security>
>  
>     <wsu:Timestamp>
>       <wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
>       <wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
>     </wsu:Timestamp>
>  
>     <wsse:BinarySecurityToken</wsse:BinarySecurityToken>
>  
>     <ds:Signature>
>        ....
>     </ds:Signature>
>   </wsse:Security>
> </soapenv:Header>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message