You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Freddy Exposito (JIRA)" <ji...@apache.org> on 2015/06/19 19:20:00 UTC

[jira] [Created] (CXF-6468) Secure Conversation Renew is missing Instance creation

Freddy Exposito created CXF-6468:
------------------------------------

             Summary: Secure Conversation Renew is missing Instance creation
                 Key: CXF-6468
                 URL: https://issues.apache.org/jira/browse/CXF-6468
             Project: CXF
          Issue Type: Bug
    Affects Versions: 3.1.1, 3.0.5
            Reporter: Freddy Exposito
            Priority: Minor
             Fix For: 3.0.6, 3.1.2
         Attachments: cxf-sct-with-instance.patch

Secure Conversation Renew is not working from a .NET client because <ws:Instance> is missing in the SecurityContextToken.
Reading into the standard here -> http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/os/ws-secureconversation-1.4-spec-os.html

says the following: 
"The initial issuance need not contain a wsc:Instance element, however, all subsequent issuances with different keys MUST have a wsc:Instance element with a unique value."
Also a reference seems to be required in the SecurityTokenRefernce according to this: 
"If a specific key instance needs to be referenced, then the global attribute wsc:Instance is included in the <wsse:Reference> sub-element (only when using <wsc:Identifier> references)"
The attached patch works for us



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)