You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by ashish19singh <as...@gmail.com> on 2016/03/26 16:23:40 UTC
SecurityContextToken is refering to wrong SecurityTokenReference
HI,
I am getting below error while accessing WCF service with wshttpbinding
Cannot resolve KeyInfo for verifying signature: KeyInfo
'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = LocalIdKeyIdentifierClause(LocalId =
'uuid-e86a9da2-b8a4-413c-8e48-16126dad54f0-1', Owner = '')
)
', available tokens 'SecurityTokenResolver
(
TokenCount = 1,
TokenEntry[0] = (AllowedReferenceStyle=Internal,
Token=System.ServiceModel.Security.Tokens.SecurityContextSecurityToken,
Parameters=System.ServiceModel.Security.Tokens.SecureConversationSecurityTokenParameters:
InclusionMode: AlwaysToRecipient
I am not sure how Identifier element of SecurityContextToken is referring to
Reference element of SecurityTokenReference.
As per service provider: Id of SecurityContextToken should refer the
Reference element of SecurityTokenReference.
Please help how can we make this change client side.
My Request look like:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/ soap-envelope">
<soap:Header>
<Action
xmlns="http://www.w3.org/2005/08/addressing">http://example.service/GetfileID</Action>
<MessageI D
xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:e53bd47b-6538-47df-8b23-19a82430de6
f</MessageID>
<To
xmlns="http://www.w3.org/2005/08/addressing">https://testexampleservice/exampleService.svc</To>
<ReplyTo xmlns="http://www.w3.org/200 5/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo >
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
ity-secext-1.0.xsd" soap:mustUnderstand="true">
<c:SecurityContextToken xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401
-wss-wssecurity-utility-1.0.xsd"
u:Id="uuid-e86a9da2-b8a4-413c-8e48-16126dad54f0-1">
<c:Identifier>urn:uuid:c4bcae77-3f58-4312-a43a-c1c0553c103c</c:Identifier>
</c:SecurityContextToken>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-utility-1.0.xsd" wsu:Id="G32964ac3-836a-49ea-a360-95a0955e9189">
<wsu:Created>2016-03-26T 13:50:27.220Z</wsu:Created>
<wsu:Expires>2016-03-26T13:55:27.220Z</wsu:Expires>
</wsu:Timesta mp>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
Id="G1a92270a-2297-46d3- 9e54-771837debfd9">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.o
rg/2001/10/xml-exc-c14n#">
<c14nEx:InclusiveNamespaces xmlns:c14nEx="http://www.w3.org/2001/
10/xml-exc-c14n#" PrefixList="soap"/>
</dsig:CanonicalizationMethod>
<dsig:SignatureMethod Al
gorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<dsig:Reference URI="#G32964ac3-836a-49ea-a360-95a0955e9189">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001 /10/xml-exc-c14n#">
<c14nEx:InclusiveNamespaces
xmlns:c14nEx="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
</dsig:Transform>
</dsig:Transforms>
<dsig:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>3/umcmPhDrC8ZQ0yUWzJJQz8QMk=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>nNK+1MjSfVkxTypa8lDu nlGmsS4= </dsig:SignatureValue>
<dsig:KeyInfo Id="G0916089d-f0b9-466b-b641-3cce13e3bf36">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
ity-utility-1.0.xsd" wsu:Id="G58fd702d-c13e-4932-968d-73dec0ce288c">
<wsse:Reference URI="#urn:uuid:c4bcae77-3f58-4312-a43a-c1c0553c103c"
ValueType="http://docs.oasis-open.org/ws-sx/w
s-secureconversation/200512/sct"/>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signa ture>
</wsse:Security>
</soap:Header>
<soap:Body>
<ns2:GetfileID xmlns:ns2="http://example.service/Batch"
xmlns:ns3="http://schemas.microsoft.com/2003/10/Serializatio n/"
xmlns="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd"/>
</soap:Body>
</soap:Envelope>
--
View this message in context: http://cxf.547215.n5.nabble.com/SecurityContextToken-is-refering-to-wrong-SecurityTokenReference-tp5767249.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: SecurityContextToken is refering to wrong SecurityTokenReference
Posted by Colm O hEigeartaigh <co...@apache.org>.
I don't really understand your mail. Is it objecting to the fact that the
Signature Reference is using the "Identifier" Id of the
SecurityContextToken rather than the wsu:Id? Do you have an example of a
message that works?
Colm.
On Sat, Mar 26, 2016 at 3:23 PM, ashish19singh <as...@gmail.com>
wrote:
> HI,
> I am getting below error while accessing WCF service with wshttpbinding
> Cannot resolve KeyInfo for verifying signature: KeyInfo
> 'SecurityKeyIdentifier
> (
> IsReadOnly = False,
> Count = 1,
> Clause[0] = LocalIdKeyIdentifierClause(LocalId =
> 'uuid-e86a9da2-b8a4-413c-8e48-16126dad54f0-1', Owner = '')
> )
> ', available tokens 'SecurityTokenResolver
> (
> TokenCount = 1,
> TokenEntry[0] = (AllowedReferenceStyle=Internal,
> Token=System.ServiceModel.Security.Tokens.SecurityContextSecurityToken,
>
> Parameters=System.ServiceModel.Security.Tokens.SecureConversationSecurityTokenParameters:
> InclusionMode: AlwaysToRecipient
>
> I am not sure how Identifier element of SecurityContextToken is referring
> to
> Reference element of SecurityTokenReference.
> As per service provider: Id of SecurityContextToken should refer the
> Reference element of SecurityTokenReference.
> Please help how can we make this change client side.
>
> My Request look like:
> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/ soap-envelope">
> <soap:Header>
> <Action
> xmlns="http://www.w3.org/2005/08/addressing">
> http://example.service/GetfileID</Action>
> <MessageI D
> xmlns="http://www.w3.org/2005/08/addressing
> ">urn:uuid:e53bd47b-6538-47df-8b23-19a82430de6
> f</MessageID>
> <To
> xmlns="http://www.w3.org/2005/08/addressing">
> https://testexampleservice/exampleService.svc</To>
> <ReplyTo xmlns="http://www.w3.org/200 5/08/addressing">
> <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> </ReplyTo >
> <wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
> ity-secext-1.0.xsd" soap:mustUnderstand="true">
> <c:SecurityContextToken xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc"
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd"
> u:Id="uuid-e86a9da2-b8a4-413c-8e48-16126dad54f0-1">
> <c:Identifier>urn:uuid:c4bcae77-3f58-4312-a43a-c1c0553c103c</c:Identifier>
> </c:SecurityContextToken>
> <wsu:Timestamp
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-utility-1.0.xsd" wsu:Id="G32964ac3-836a-49ea-a360-95a0955e9189">
> <wsu:Created>2016-03-26T 13:50:27.220Z</wsu:Created>
> <wsu:Expires>2016-03-26T13:55:27.220Z</wsu:Expires>
> </wsu:Timesta mp>
> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
> Id="G1a92270a-2297-46d3- 9e54-771837debfd9">
> <dsig:SignedInfo>
> <dsig:CanonicalizationMethod Algorithm="http://www.w3.o
> rg/2001/10/xml-exc-c14n#">
> <c14nEx:InclusiveNamespaces xmlns:c14nEx="http://www.w3.org/2001/
> 10/xml-exc-c14n#" PrefixList="soap"/>
> </dsig:CanonicalizationMethod>
> <dsig:SignatureMethod Al
> gorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
> <dsig:Reference URI="#G32964ac3-836a-49ea-a360-95a0955e9189">
> <dsig:Transforms>
> <dsig:Transform Algorithm="http://www.w3.org/2001 /10/xml-exc-c14n#">
> <c14nEx:InclusiveNamespaces
> xmlns:c14nEx="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
> </dsig:Transform>
> </dsig:Transforms>
> <dsig:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/>
> <dsig:DigestValue>3/umcmPhDrC8ZQ0yUWzJJQz8QMk=</dsig:DigestValue>
> </dsig:Reference>
> </dsig:SignedInfo>
> <dsig:SignatureValue>nNK+1MjSfVkxTypa8lDu nlGmsS4= </dsig:SignatureValue>
> <dsig:KeyInfo Id="G0916089d-f0b9-466b-b641-3cce13e3bf36">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
> ity-utility-1.0.xsd" wsu:Id="G58fd702d-c13e-4932-968d-73dec0ce288c">
> <wsse:Reference URI="#urn:uuid:c4bcae77-3f58-4312-a43a-c1c0553c103c"
> ValueType="http://docs.oasis-open.org/ws-sx/w
> s-secureconversation/200512/sct"/>
> </wsse:SecurityTokenReference>
> </dsig:KeyInfo>
> </dsig:Signa ture>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <ns2:GetfileID xmlns:ns2="http://example.service/Batch"
> xmlns:ns3="http://schemas.microsoft.com/2003/10/Serializatio n/"
> xmlns="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd"/>
> </soap:Body>
> </soap:Envelope>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/SecurityContextToken-is-refering-to-wrong-SecurityTokenReference-tp5767249.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com