You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ws.apache.org by "Srinivasa Kukatla (JIRA)" <ji...@apache.org> on 2011/07/05 18:39:16 UTC

[jira] [Commented] (WSS-231) There is an issue with the position of the element in the header when using WSS4J calling .NET Web Services with WS-Security.

    [ https://issues.apache.org/jira/browse/WSS-231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13059994#comment-13059994 ] 

Srinivasa Kukatla commented on WSS-231:
---------------------------------------

This needs to be fixed, as it is causing lot of issues. In our case, we need to have the Signed Saml Assertion, timestamp, as well as the signature covering the timestamp only. Hence, we needed to configure SamlTokenSigned, and Timestamp, with the Signature parts as the timestamp element. If we specify the signature again it is failing, as the signature action is decoded from the SamlTokenSigned, and it is signing the timestamp as well.

This issue causes failure in lot of scenarios where the signature is involved with other actions.

> There is an issue with the position of the <Timestamp> element in the <Security> header when using  WSS4J calling .NET Web Services with WS-Security.  
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-231
>                 URL: https://issues.apache.org/jira/browse/WSS-231
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>         Environment: Windows, Solaris
>            Reporter: Chris Weitner
>            Assignee: Ruchith Udayanga Fernando
>              Labels: timestamp, ws-security
>         Attachments: patch.txt
>
>
> There is an issue with the position of the <Timestamp> element in the <Security> header when using  WSS4J calling .NET Web Services with WS-Security.  When using the "Timestamp Signature" action over https, we are receiving the following error: "Signing without primary signature requires timestamp".   When I modified org.apache.ws.security.message.WSSecSignature to position <Timestamp> as the first element in <Security> it worked fine (by default <Timestamp> is the last element and after the <Signature>).  Can this be fixed or can you make Timestamp positioned first as a configuration option?
> <soapenv:Header>
>   <wsse:Security>
>  
>     <wsu:Timestamp>
>       <wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
>       <wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
>     </wsu:Timestamp>
>  
>     <wsse:BinarySecurityToken</wsse:BinarySecurityToken>
>  
>     <ds:Signature>
>        ....
>     </ds:Signature>
>   </wsse:Security>
> </soapenv:Header>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org