You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Xavier Toth <tx...@gmail.com> on 2006/07/26 19:08:12 UTC

java client .net service signature cert identifier problem

I've gotten a .net client (WSE3.0) to talk to my Java (WSS4J) service
and now I'm trying to go the other way but have had no success. This
may be a simplistic view but it appears to me that WSE3.0 wants to see
a BinarySecurityToken but none of the signatureKeyIdentifier values
cause the generation of one. I've made sure that the certificate in my
keystore that I'm using to sign the message is in the correct place in
XP (Local Computer/Trusted People) and matches the service policy on
.net as the exception seems to indicate that might be the issue. Has
anyone else got experience calling a .net service?

< Failed: Error calling JWSSMessage web service at
https://192.168.25.20:443/JWSSMsgService/JWSSMsgService.asmx.
System.Web.Services.Protocols.SoapHeaderException: Server unavailable,
please try later ---> System.ApplicationException: WSE841: An error
occured processing an outgoing fault response. --->
System.Web.Services.Protocols.SoapHeaderException: Referenced security
token could not be retrieved ---> WSE590: Failed to resolve the
following Key Info <KeyInfo Id="KeyId-3532515"
xmlns="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">A7dko6gk50Yi62eSPFfVd8yq9YI=</wsse:KeyIdentifier></wsse:SecurityTokenReference></KeyInfo>.

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: java client .net service signature cert identifier problem

Posted by Robert Maier <ro...@gmail.com>.

Hi,

I'm not very familiar with .net, but if your problem comes from the fact
that no BinarySecurityToken is generated for the certificate of the sender,
try including
  <parameter name="signatureKeyIdentifier" value="DirectReference"/>"
in the client wsdd file or programatically
  <requestHandler>.setOption(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
where you replace <requestHandler> with the appropriate variable

Either of these should result in the sender digital certificate being
included in the SOAP Request.

For debugging purposes, you can add SOAP monitor in the handler chain and
see the SOAP messages flow back and forth.

Hope this helps,
Robert.

On 7/26/06, Xavier Toth <tx...@gmail.com> wrote:
>
> I've gotten a .net client (WSE3.0) to talk to my Java (WSS4J) service
> and now I'm trying to go the other way but have had no success. This
> may be a simplistic view but it appears to me that WSE3.0 wants to see
> a BinarySecurityToken but none of the signatureKeyIdentifier values
> cause the generation of one. I've made sure that the certificate in my
> keystore that I'm using to sign the message is in the correct place in
> XP (Local Computer/Trusted People) and matches the service policy on
> .net as the exception seems to indicate that might be the issue. Has
> anyone else got experience calling a .net service?
>
> < Failed: Error calling JWSSMessage web service at
> https://192.168.25.20:443/JWSSMsgService/JWSSMsgService.asmx.
> System.Web.Services.Protocols.SoapHeaderException: Server unavailable,
> please try later ---> System.ApplicationException: WSE841: An error
> occured processing an outgoing fault response. --->
> System.Web.Services.Protocols.SoapHeaderException: Referenced security
> token could not be retrieved ---> WSE590: Failed to resolve the
> following Key Info <KeyInfo Id="KeyId-3532515"
> xmlns="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "><wsse:KeyIdentifier
> ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier
> "
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> ">A7dko6gk50Yi62eSPFfVd8yq9YI=</wsse:KeyIdentifier></wsse:SecurityTokenReference></KeyInfo>.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

Re: java client .net service signature cert identifier problem

Posted by Robert Maier <ro...@gmail.com>.

Hi,

I'm not very familiar with .net, but if your problem comes from the fact
that no BinarySecurityToken is generated for the certificate of the sender,
try including
  <parameter name="signatureKeyIdentifier" value="DirectReference"/>"
in the client wsdd file or programatically
  <requestHandler>.setOption(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
where you replace <requestHandler> with the appropriate variable

Either of these should result in the sender digital certificate being
included in the SOAP Request.

For debugging purposes, you can add SOAP monitor in the handler chain and
see the SOAP messages flow back and forth.

Hope this helps,
Robert.

On 7/26/06, Xavier Toth <tx...@gmail.com> wrote:
>
> I've gotten a .net client (WSE3.0) to talk to my Java (WSS4J) service
> and now I'm trying to go the other way but have had no success. This
> may be a simplistic view but it appears to me that WSE3.0 wants to see
> a BinarySecurityToken but none of the signatureKeyIdentifier values
> cause the generation of one. I've made sure that the certificate in my
> keystore that I'm using to sign the message is in the correct place in
> XP (Local Computer/Trusted People) and matches the service policy on
> .net as the exception seems to indicate that might be the issue. Has
> anyone else got experience calling a .net service?
>
> < Failed: Error calling JWSSMessage web service at
> https://192.168.25.20:443/JWSSMsgService/JWSSMsgService.asmx.
> System.Web.Services.Protocols.SoapHeaderException: Server unavailable,
> please try later ---> System.ApplicationException: WSE841: An error
> occured processing an outgoing fault response. --->
> System.Web.Services.Protocols.SoapHeaderException: Referenced security
> token could not be retrieved ---> WSE590: Failed to resolve the
> following Key Info <KeyInfo Id="KeyId-3532515"
> xmlns="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "><wsse:KeyIdentifier
> ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier
> "
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> ">A7dko6gk50Yi62eSPFfVd8yq9YI=</wsse:KeyIdentifier></wsse:SecurityTokenReference></KeyInfo>.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>