You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by José Ferreiro <jo...@gmail.com> on 2007/03/30 11:26:35 UTC
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Hello,
Are you using mutualCertificate10Security or mutualCertificate11Security in
VS.NET 2005?
Can you show your Axis deployement wsdd file?
Thank you
José
On 3/30/07, hunterg1 <gh...@tier1innovation.com> wrote:
>
>
> I should add that the .NET client example SOAP works, and the java client
> example SOAP does not.
>
> hunterg1 wrote:
> >
> > I am having the same issue. Can anybody help me with this? I am using
> a
> > java client to a .NET service using WSE3.0. I get the same error of
> > 'Referenced security token could not be retrieved' from the .NET
> service.
> > I have tried everything, even comparing a .NET client SOAP message to my
> > java client SOAP message. I am completely stuck now, can anybody please
> > help? I included the entire sample SOAP messages for both types of
> > clients below.
> >
> > Sample .NET client SOAP:
> > <soap:Envelope
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> > <soap:Header>
> > <wsa:Action
> > wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> http://services.test.org/HelloWorld</wsa:Action>
> > <wsa:MessageID
> >
> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
> > <wsa:ReplyTo wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> >
> > <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> > </wsa:ReplyTo>
> > <wsa:To
> > wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> > <wsse:Security soap:mustUnderstand="1">
> > <wsu:Timestamp
> > wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> > <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
> > <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
> > </wsu:Timestamp>
> > <wsse:BinarySecurityToken
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >
> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> > <xenc:EncryptedKey
> > Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
> > <ds:DigestMethod
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> > </xenc:EncryptionMethod>
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <wsse:SecurityTokenReference>
> > <X509Data>
> > <X509IssuerSerial>
> > <X509IssuerName>CN=Root Agency</X509IssuerName>
> >
> >
> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
> > </X509IssuerSerial>
> > </X509Data>
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > <xenc:CipherData>
> >
> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> > URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
> > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <Reference
> URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
> > </Reference>
> > </SignedInfo>
> >
> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
> > <KeyInfo>
> > <wsse:SecurityTokenReference>
> > <wsse:Reference
> > URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > />
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > </Signature>
> > </wsse:Security>
> > </soap:Header>
> > <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> > <xenc:EncryptedData
> > Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
> > Type="http://www.w3.org/2001/04/xmlenc#Content"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > <xenc:CipherData>
> >
> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </soap:Body>
> > </soap:Envelope>
> >
> >
> >
> > Sample java client SOAP:
> > <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> > <soapenv:Header>
> > <wsse:Security
> > xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > soapenv:mustUnderstand="1">
> > <xenc:EncryptedKey Id="EncKeyId-3852606">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
> > <ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#">
> > <wsse:SecurityTokenReference>
> > <ds:X509Data>
> >
> <ds:X509IssuerSerial>
> >
> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
> >
> >
> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
> >
> </ds:X509IssuerSerial>
> > </ds:X509Data>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> >
> >
> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> URI="#EncDataId-28472268" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <wsse:BinarySecurityToken
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> >
> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> > <ds:Signature xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#"
> > Id="Signature-2661678">
> > <ds:SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > <ds:SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <ds:Reference URI="#id-28472268">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-29087666">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-21886820">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-28113457">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-22927632">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference
> URI="#Timestamp-32580443">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
> > </ds:Reference>
> > </ds:SignedInfo>
> > <ds:SignatureValue>
> >
> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
> >
> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
> > /ouTIppVwJnvzMom4EQ=
> > </ds:SignatureValue>
> > <ds:KeyInfo Id="KeyId-32689826">
> > <wsse:SecurityTokenReference
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="STRId-3840954">
> > <wsse:Reference
> URI="#CertId-1110094"
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > />
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > </ds:Signature>
> > <wsu:Timestamp
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="Timestamp-32580443">
> > <wsu:Created>2007-03-29T21:36:04.570Z
> </wsu:Created>
> > <wsu:Expires>2007-03-29T21:41:04.570Z
> </wsu:Expires>
> > </wsu:Timestamp>
> > </wsse:Security>
> > <wsa:To
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-21886820">
> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> > <wsa:ReplyTo
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-28113457">
> > <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> > </wsa:ReplyTo><wsa:MessageID
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >
> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
> > <wsa:Action
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
> > </soapenv:Header>
> > <soapenv:Body
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-28472268">
> > <xenc:EncryptedData Id="EncDataId-28472268"
> > Type="http://www.w3.org/2001/04/xmlenc#Content">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > <xenc:CipherData>
> >
> >
> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
> >
> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
> >
> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
> >
> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
> >
> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
> >
> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
> > Kn2YHj4Vdt4IEg==</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
> >
> > Freddy Weishaeupl wrote:
> >>
> >> Hi,
> >>
> >> currently I'm trying to use a .NET Client to access a Java webservice.
> At
> >> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> >> encrypt
> >> the SOAP Body of the SOAP request message. At server-side WSS4J is used
> >> for
> >> checking the signature and decrypting the SOAP Message.
> >>
> >> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
> >> package.
> >>
> >> Unfortunately at server-side I always get the following error message:
> >>
> -----------------------------------------------------------------------------------------------------------------
> >> ...
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
> URI
> >> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >>
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> >> HmacSHA1"
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
> >> Request
> >> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> .<init>]
> >> Created IntegrityHmacSHA1 using HmacSHA1
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.utils.ElementProxy.<init>]
> setElement("KeyInfo",
> >> "null")
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> ]
> >> Token reference uri:
> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> >> org.apache.ws.security.WSSecurityException: Referenced security token
> >> could
> >> not be retrieved. (Reference
> >> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> >> at
> >>
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> (SecurityTokenReference.java:179)
> >> at
> >> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> SignatureProcessor.java:186)
> >> ...
> >>
> -----------------------------------------------------------------------------------------------------------------------------------------
> >>
> >>
> >> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> >> combination with WSS4J?
> >>
> >> Thanks.
> >>
> >> Best Regards
> >> Freddy
> >>
> >> _________________________________________________________________
> >> Express yourself instantly with MSN Messenger! Download today it's
> FREE!
> >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not
be retrieved
Posted by hunterg1 <gh...@tier1innovation.com>.
Thanks Jose,
I am using mutualCertifciate10 Security. Below is the output while the .NET
service is trying to process the request. I am also using axis2, so have
included the settings I used.
.NET processing message:
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"
/>
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"
/>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.MutualCertificate10Assertion+ServiceInputFilter"
/>
<processingStep description="Exception thrown: Referenced security token
could not be retrieved"> at
Microsoft.Web.Services3.Security.EncryptedKey.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)</processingStep>
AXIS2 outflow settings:
<module ref="addressing-1.1.1" />
<module ref="rampart" />
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>client</user>
<passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
<signaturePropFile>client.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<signatureParts>{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
<encryptionKeyIdentifier>X509KeyIdentifier</encryptionKeyIdentifier>
<encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</encryptionKeyTransportAlgorithm>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</encryptionSymAlgorithm>
<encryptionUser>service</encryptionUser>
</action>
</parameter>
client.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.file=testkeystore.jks
José Ferreiro wrote:
>
> Hello,
>
> Are you using mutualCertificate10Security or mutualCertificate11Security
> in
> VS.NET 2005?
> Can you show your Axis deployement wsdd file?
>
> Thank you
>
> José
>
>
> On 3/30/07, hunterg1 <gh...@tier1innovation.com> wrote:
>>
>>
>> I should add that the .NET client example SOAP works, and the java client
>> example SOAP does not.
>>
>> hunterg1 wrote:
>> >
>> > I am having the same issue. Can anybody help me with this? I am using
>> a
>> > java client to a .NET service using WSE3.0. I get the same error of
>> > 'Referenced security token could not be retrieved' from the .NET
>> service.
>> > I have tried everything, even comparing a .NET client SOAP message to
>> my
>> > java client SOAP message. I am completely stuck now, can anybody
>> please
>> > help? I included the entire sample SOAP messages for both types of
>> > clients below.
>> >
>> > Sample .NET client SOAP:
>> > <soap:Envelope
>> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> > xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> ">
>> > <soap:Header>
>> > <wsa:Action
>> > wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
>> http://services.test.org/HelloWorld</wsa:Action>
>> > <wsa:MessageID
>> >
>> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
>> > <wsa:ReplyTo
>> wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>> >
>> > <wsa:Address>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> > </wsa:ReplyTo>
>> > <wsa:To
>> > wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
>> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
>> > <wsse:Security soap:mustUnderstand="1">
>> > <wsu:Timestamp
>> > wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
>> > <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
>> > <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
>> > </wsu:Timestamp>
>> > <wsse:BinarySecurityToken
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > EncodingType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> "
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> >
>> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
>> > <xenc:EncryptedKey
>> > Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
>> > <ds:DigestMethod
>> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> > </xenc:EncryptionMethod>
>> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <wsse:SecurityTokenReference>
>> > <X509Data>
>> > <X509IssuerSerial>
>> > <X509IssuerName>CN=Root Agency</X509IssuerName>
>> >
>> >
>> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
>> > </X509IssuerSerial>
>> > </X509Data>
>> > </wsse:SecurityTokenReference>
>> > </KeyInfo>
>> > <xenc:CipherData>
>> >
>> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > <xenc:ReferenceList>
>> > <xenc:DataReference
>> > URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
>> > </xenc:ReferenceList>
>> > </xenc:EncryptedKey>
>> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <SignedInfo>
>> > <ds:CanonicalizationMethod
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
>> > <SignatureMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> > <Reference
>> URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
>> > </Reference>
>> > <Reference
>> > URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
>> > </Reference>
>> > </SignedInfo>
>> >
>> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
>> > <KeyInfo>
>> > <wsse:SecurityTokenReference>
>> > <wsse:Reference
>> > URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > />
>> > </wsse:SecurityTokenReference>
>> > </KeyInfo>
>> > </Signature>
>> > </wsse:Security>
>> > </soap:Header>
>> > <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
>> > <xenc:EncryptedData
>> > Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
>> > Type="http://www.w3.org/2001/04/xmlenc#Content"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
>> > <xenc:CipherData>
>> >
>> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > </xenc:EncryptedData>
>> > </soap:Body>
>> > </soap:Envelope>
>> >
>> >
>> >
>> > Sample java client SOAP:
>> > <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>> > <soapenv:Header>
>> > <wsse:Security
>> > xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> > soapenv:mustUnderstand="1">
>> > <xenc:EncryptedKey Id="EncKeyId-3852606">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
>> > <ds:KeyInfo xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#">
>> > <wsse:SecurityTokenReference>
>> > <ds:X509Data>
>> >
>> <ds:X509IssuerSerial>
>> >
>> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
>> >
>> >
>> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
>> >
>> </ds:X509IssuerSerial>
>> > </ds:X509Data>
>> > </wsse:SecurityTokenReference>
>> > </ds:KeyInfo>
>> > <xenc:CipherData>
>> >
>> >
>> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > <xenc:ReferenceList>
>> > <xenc:DataReference
>> URI="#EncDataId-28472268" />
>> > </xenc:ReferenceList>
>> > </xenc:EncryptedKey>
>> > <wsse:BinarySecurityToken
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > EncodingType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> "
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> >
>> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
>> > <ds:Signature xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#"
>> > Id="Signature-2661678">
>> > <ds:SignedInfo>
>> > <ds:CanonicalizationMethod
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > <ds:SignatureMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> > <ds:Reference URI="#id-28472268">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-29087666">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-21886820">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-28113457">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-22927632">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference
>> URI="#Timestamp-32580443">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
>> > </ds:Reference>
>> > </ds:SignedInfo>
>> > <ds:SignatureValue>
>> >
>> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
>> >
>> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
>> > /ouTIppVwJnvzMom4EQ=
>> > </ds:SignatureValue>
>> > <ds:KeyInfo Id="KeyId-32689826">
>> > <wsse:SecurityTokenReference
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="STRId-3840954">
>> > <wsse:Reference
>> URI="#CertId-1110094"
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > />
>> > </wsse:SecurityTokenReference>
>> > </ds:KeyInfo>
>> > </ds:Signature>
>> > <wsu:Timestamp
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="Timestamp-32580443">
>> > <wsu:Created>2007-03-29T21:36:04.570Z
>> </wsu:Created>
>> > <wsu:Expires>2007-03-29T21:41:04.570Z
>> </wsu:Expires>
>> > </wsu:Timestamp>
>> > </wsse:Security>
>> > <wsa:To
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-21886820">
>> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
>> > <wsa:ReplyTo
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-28113457">
>> > <wsa:Address>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> > </wsa:ReplyTo><wsa:MessageID
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> >
>> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
>> > <wsa:Action
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
>> > </soapenv:Header>
>> > <soapenv:Body
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-28472268">
>> > <xenc:EncryptedData Id="EncDataId-28472268"
>> > Type="http://www.w3.org/2001/04/xmlenc#Content">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
>> > <xenc:CipherData>
>> >
>> >
>> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
>> >
>> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
>> >
>> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
>> >
>> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
>> >
>> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
>> >
>> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
>> > Kn2YHj4Vdt4IEg==</xenc:CipherValue>
>> > </xenc:CipherData>
>> > </xenc:EncryptedData>
>> > </soapenv:Body>
>> > </soapenv:Envelope>
>> >
>> >
>> > Freddy Weishaeupl wrote:
>> >>
>> >> Hi,
>> >>
>> >> currently I'm trying to use a .NET Client to access a Java webservice.
>> At
>> >> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>> >> encrypt
>> >> the SOAP Body of the SOAP request message. At server-side WSS4J is
>> used
>> >> for
>> >> checking the signature and decrypting the SOAP Message.
>> >>
>> >> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
>> >> package.
>> >>
>> >> Unfortunately at server-side I always get the following error message:
>> >>
>> -----------------------------------------------------------------------------------------------------------------
>> >> ...
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
>> URI
>> >> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>> >>
>> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>> >> HmacSHA1"
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
>> >> Request
>> >> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
>> .<init>]
>> >> Created IntegrityHmacSHA1 using HmacSHA1
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.utils.ElementProxy.<init>]
>> setElement("KeyInfo",
>> >> "null")
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>> ]
>> >> Token reference uri:
>> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>> >> org.apache.ws.security.WSSecurityException: Referenced security token
>> >> could
>> >> not be retrieved. (Reference
>> >> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> >> at
>> >>
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>> (SecurityTokenReference.java:179)
>> >> at
>> >>
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
>> SignatureProcessor.java:186)
>> >> ...
>> >>
>> -----------------------------------------------------------------------------------------------------------------------------------------
>> >>
>> >>
>> >> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>> >> combination with WSS4J?
>> >>
>> >> Thanks.
>> >>
>> >> Best Regards
>> >> Freddy
>> >>
>> >> _________________________________________________________________
>> >> Express yourself instantly with MSN Messenger! Download today it's
>> FREE!
>> >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>> >>
>> >>
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
>> Sent from the WSS4J mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
> --
> José Ferreiro
> EPFL Communication Systems engineer
> ing.sys.com.dipl.EPFL
>
>
--
View this message in context: http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9751948
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not
be retrieved
Posted by hunterg1 <gh...@tier1innovation.com>.
Thanks Jose,
I am using mutualCertifciate10 Security. Below is the output while the .NET
service is trying to process the request. I am also using axis2, so have
included the settings I used.
.NET processing message:
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"
/>
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"
/>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.MutualCertificate10Assertion+ServiceInputFilter"
/>
<processingStep description="Exception thrown: Referenced security token
could not be retrieved"> at
Microsoft.Web.Services3.Security.EncryptedKey.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)</processingStep>
AXIS2 outflow settings:
<module ref="addressing-1.1.1" />
<module ref="rampart" />
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>client</user>
<passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
<signaturePropFile>client.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<signatureParts>{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
<encryptionKeyIdentifier>X509KeyIdentifier</encryptionKeyIdentifier>
<encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</encryptionKeyTransportAlgorithm>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</encryptionSymAlgorithm>
<encryptionUser>service</encryptionUser>
</action>
</parameter>
client.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.file=testkeystore.jks
José Ferreiro wrote:
>
> Hello,
>
> Are you using mutualCertificate10Security or mutualCertificate11Security
> in
> VS.NET 2005?
> Can you show your Axis deployement wsdd file?
>
> Thank you
>
> José
>
>
> On 3/30/07, hunterg1 <gh...@tier1innovation.com> wrote:
>>
>>
>> I should add that the .NET client example SOAP works, and the java client
>> example SOAP does not.
>>
>> hunterg1 wrote:
>> >
>> > I am having the same issue. Can anybody help me with this? I am using
>> a
>> > java client to a .NET service using WSE3.0. I get the same error of
>> > 'Referenced security token could not be retrieved' from the .NET
>> service.
>> > I have tried everything, even comparing a .NET client SOAP message to
>> my
>> > java client SOAP message. I am completely stuck now, can anybody
>> please
>> > help? I included the entire sample SOAP messages for both types of
>> > clients below.
>> >
>> > Sample .NET client SOAP:
>> > <soap:Envelope
>> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> > xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> ">
>> > <soap:Header>
>> > <wsa:Action
>> > wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
>> http://services.test.org/HelloWorld</wsa:Action>
>> > <wsa:MessageID
>> >
>> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
>> > <wsa:ReplyTo
>> wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>> >
>> > <wsa:Address>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> > </wsa:ReplyTo>
>> > <wsa:To
>> > wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
>> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
>> > <wsse:Security soap:mustUnderstand="1">
>> > <wsu:Timestamp
>> > wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
>> > <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
>> > <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
>> > </wsu:Timestamp>
>> > <wsse:BinarySecurityToken
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > EncodingType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> "
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> >
>> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
>> > <xenc:EncryptedKey
>> > Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
>> > <ds:DigestMethod
>> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> > </xenc:EncryptionMethod>
>> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <wsse:SecurityTokenReference>
>> > <X509Data>
>> > <X509IssuerSerial>
>> > <X509IssuerName>CN=Root Agency</X509IssuerName>
>> >
>> >
>> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
>> > </X509IssuerSerial>
>> > </X509Data>
>> > </wsse:SecurityTokenReference>
>> > </KeyInfo>
>> > <xenc:CipherData>
>> >
>> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > <xenc:ReferenceList>
>> > <xenc:DataReference
>> > URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
>> > </xenc:ReferenceList>
>> > </xenc:EncryptedKey>
>> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <SignedInfo>
>> > <ds:CanonicalizationMethod
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
>> > <SignatureMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> > <Reference
>> URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
>> > </Reference>
>> > <Reference
>> > URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
>> > </Reference>
>> > </SignedInfo>
>> >
>> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
>> > <KeyInfo>
>> > <wsse:SecurityTokenReference>
>> > <wsse:Reference
>> > URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > />
>> > </wsse:SecurityTokenReference>
>> > </KeyInfo>
>> > </Signature>
>> > </wsse:Security>
>> > </soap:Header>
>> > <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
>> > <xenc:EncryptedData
>> > Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
>> > Type="http://www.w3.org/2001/04/xmlenc#Content"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
>> > <xenc:CipherData>
>> >
>> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > </xenc:EncryptedData>
>> > </soap:Body>
>> > </soap:Envelope>
>> >
>> >
>> >
>> > Sample java client SOAP:
>> > <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>> > <soapenv:Header>
>> > <wsse:Security
>> > xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> > soapenv:mustUnderstand="1">
>> > <xenc:EncryptedKey Id="EncKeyId-3852606">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
>> > <ds:KeyInfo xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#">
>> > <wsse:SecurityTokenReference>
>> > <ds:X509Data>
>> >
>> <ds:X509IssuerSerial>
>> >
>> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
>> >
>> >
>> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
>> >
>> </ds:X509IssuerSerial>
>> > </ds:X509Data>
>> > </wsse:SecurityTokenReference>
>> > </ds:KeyInfo>
>> > <xenc:CipherData>
>> >
>> >
>> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > <xenc:ReferenceList>
>> > <xenc:DataReference
>> URI="#EncDataId-28472268" />
>> > </xenc:ReferenceList>
>> > </xenc:EncryptedKey>
>> > <wsse:BinarySecurityToken
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > EncodingType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> "
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> >
>> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
>> > <ds:Signature xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#"
>> > Id="Signature-2661678">
>> > <ds:SignedInfo>
>> > <ds:CanonicalizationMethod
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > <ds:SignatureMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> > <ds:Reference URI="#id-28472268">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-29087666">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-21886820">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-28113457">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-22927632">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference
>> URI="#Timestamp-32580443">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
>> > </ds:Reference>
>> > </ds:SignedInfo>
>> > <ds:SignatureValue>
>> >
>> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
>> >
>> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
>> > /ouTIppVwJnvzMom4EQ=
>> > </ds:SignatureValue>
>> > <ds:KeyInfo Id="KeyId-32689826">
>> > <wsse:SecurityTokenReference
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="STRId-3840954">
>> > <wsse:Reference
>> URI="#CertId-1110094"
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > />
>> > </wsse:SecurityTokenReference>
>> > </ds:KeyInfo>
>> > </ds:Signature>
>> > <wsu:Timestamp
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="Timestamp-32580443">
>> > <wsu:Created>2007-03-29T21:36:04.570Z
>> </wsu:Created>
>> > <wsu:Expires>2007-03-29T21:41:04.570Z
>> </wsu:Expires>
>> > </wsu:Timestamp>
>> > </wsse:Security>
>> > <wsa:To
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-21886820">
>> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
>> > <wsa:ReplyTo
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-28113457">
>> > <wsa:Address>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> > </wsa:ReplyTo><wsa:MessageID
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> >
>> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
>> > <wsa:Action
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
>> > </soapenv:Header>
>> > <soapenv:Body
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-28472268">
>> > <xenc:EncryptedData Id="EncDataId-28472268"
>> > Type="http://www.w3.org/2001/04/xmlenc#Content">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
>> > <xenc:CipherData>
>> >
>> >
>> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
>> >
>> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
>> >
>> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
>> >
>> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
>> >
>> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
>> >
>> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
>> > Kn2YHj4Vdt4IEg==</xenc:CipherValue>
>> > </xenc:CipherData>
>> > </xenc:EncryptedData>
>> > </soapenv:Body>
>> > </soapenv:Envelope>
>> >
>> >
>> > Freddy Weishaeupl wrote:
>> >>
>> >> Hi,
>> >>
>> >> currently I'm trying to use a .NET Client to access a Java webservice.
>> At
>> >> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>> >> encrypt
>> >> the SOAP Body of the SOAP request message. At server-side WSS4J is
>> used
>> >> for
>> >> checking the signature and decrypting the SOAP Message.
>> >>
>> >> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
>> >> package.
>> >>
>> >> Unfortunately at server-side I always get the following error message:
>> >>
>> -----------------------------------------------------------------------------------------------------------------
>> >> ...
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
>> URI
>> >> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>> >>
>> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>> >> HmacSHA1"
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
>> >> Request
>> >> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
>> .<init>]
>> >> Created IntegrityHmacSHA1 using HmacSHA1
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.utils.ElementProxy.<init>]
>> setElement("KeyInfo",
>> >> "null")
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>> ]
>> >> Token reference uri:
>> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>> >> org.apache.ws.security.WSSecurityException: Referenced security token
>> >> could
>> >> not be retrieved. (Reference
>> >> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> >> at
>> >>
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>> (SecurityTokenReference.java:179)
>> >> at
>> >>
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
>> SignatureProcessor.java:186)
>> >> ...
>> >>
>> -----------------------------------------------------------------------------------------------------------------------------------------
>> >>
>> >>
>> >> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>> >> combination with WSS4J?
>> >>
>> >> Thanks.
>> >>
>> >> Best Regards
>> >> Freddy
>> >>
>> >> _________________________________________________________________
>> >> Express yourself instantly with MSN Messenger! Download today it's
>> FREE!
>> >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>> >>
>> >>
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
>> Sent from the WSS4J mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
> --
> José Ferreiro
> EPFL Communication Systems engineer
> ing.sys.com.dipl.EPFL
>
>
--
View this message in context: http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9751948
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org