You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Yves Langisch <li...@langisch.ch> on 2005/03/18 16:34:19 UTC

SecurityTokenReference issue?

All,

If I use a reference to a subject key identifier I got the following on
the wire:

...
<wsse:SecurityTokenReference><wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIID6TCCA1KgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBoDELMAkGA1UEBhMCQ0gxDTALBgNVBAgT
BEJlcm4xDTALBgNVBAcTBEJlcm4xEzARBgNVBAoTCml0U2VydmUgQUcxGDAWBgNVBAsTD0xvaG5z
dGFuZGFyZC1DSDEcMBoGA1UEAxMTUmVmQXBwIFBJViBSZWNlaXZlcjEmMCQGCSqGSIb3DQEJARYX
bG9obnN0YW5kYXJkQGl0c2VydmUuY2gwHhcNMDQwNzAyMDkwMzU3WhcNMDUwNzAyMDkwMzU3WjCB
....y0PZksq
+C8tEO3Xjukv83CklYo6KELoH83sBJBmiXFQs8ClGmBejn/RLnp</wsse:KeyIdentifier></wsse:SecurityTokenReference>
</ds:KeyInfo>
...

Per the X.509 Certificate Token Profile (section 3.2.1) the ValueType
attribute must be
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier and should contain the encoded SubjectKeyIdentifier of the certificate and not the entire certificate as above.


Is this a bug or am I wrong?

Yves