You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Freddy Exposito <ex...@gmail.com> on 2015/06/17 16:44:16 UTC
Issue with the renew of SCT in Secure Conversation
Secure Conversation Renew is not working from a .NET client because
<ws:Instance> is missing in the SecurityContextToken.
Reading into the standard here ->
http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/os/ws-secureconversation-1.4-spec-os.html
says the following:
"The initial issuance need not contain a wsc:Instance element, however, all
subsequent issuances with different keys MUST have a wsc:Instance element
with a unique value."
Also a reference seems to be required in the SecurityTokenRefernce according
to this:
"If a specific key instance needs to be referenced, then the global
attribute wsc:Instance is included in the <wsse:Reference> sub-element (only
when using <wsc:Identifier> references)"
The following patches for wss4j (2.0.x branch)
wss4j-sct-with-instance.patch
<http://cxf.547215.n5.nabble.com/file/n5758363/wss4j-sct-with-instance.patch>
and cxf (3.0.x branch) cxf-sct-with-instance.patch
<http://cxf.547215.n5.nabble.com/file/n5758363/cxf-sct-with-instance.patch>
work for us.
Would be possible to include this in the next cxf and wss4j releases?
Thanks,
Freddy
--
View this message in context: http://cxf.547215.n5.nabble.com/Issue-with-the-renew-of-SCT-in-Secure-Conversation-tp5758363.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Issue with the renew of SCT in Secure Conversation
Posted by Freddy Exposito <ex...@gmail.com>.
The Jira tickets are: https://issues.apache.org/jira/browse/WSS-542 and
https://issues.apache.org/jira/browse/CXF-6468
Thanks,
Freddy
--
View this message in context: http://cxf.547215.n5.nabble.com/Issue-with-the-renew-of-SCT-in-Secure-Conversation-tp5758363p5758445.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Issue with the renew of SCT in Secure Conversation
Posted by Colm O hEigeartaigh <co...@apache.org>.
Could you create JIRAs in WSS4J + CXF and attach the patches there?
Colm.
On Wed, Jun 17, 2015 at 3:44 PM, Freddy Exposito <ex...@gmail.com> wrote:
> Secure Conversation Renew is not working from a .NET client because
> <ws:Instance> is missing in the SecurityContextToken.
>
> Reading into the standard here ->
>
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/os/ws-secureconversation-1.4-spec-os.html
> says the following:
> "The initial issuance need not contain a wsc:Instance element, however, all
> subsequent issuances with different keys MUST have a wsc:Instance element
> with a unique value."
>
> Also a reference seems to be required in the SecurityTokenRefernce
> according
> to this:
> "If a specific key instance needs to be referenced, then the global
> attribute wsc:Instance is included in the <wsse:Reference> sub-element
> (only
> when using <wsc:Identifier> references)"
>
> The following patches for wss4j (2.0.x branch)
> wss4j-sct-with-instance.patch
> <
> http://cxf.547215.n5.nabble.com/file/n5758363/wss4j-sct-with-instance.patch
> >
> and cxf (3.0.x branch) cxf-sct-with-instance.patch
> <http://cxf.547215.n5.nabble.com/file/n5758363/cxf-sct-with-instance.patch
> >
> work for us.
>
> Would be possible to include this in the next cxf and wss4j releases?
>
> Thanks,
> Freddy
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Issue-with-the-renew-of-SCT-in-Secure-Conversation-tp5758363.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com