You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Brian Woo <br...@sjrb.ca> on 2006/04/19 22:59:39 UTC
SAMLToken sample problem...
Hi all,
I am trying to run the sample SAML code (STScenario1.java) and I am having some trouble:
- Using Crypto Engine [org.apache.ws.security.saml.SAMLIssuerImpl]
- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
Exception in thread "main" AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: No client transport named 'http' found!
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:No client transport named 'http' found!
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:170)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at org.apache.ws.axis.oasis.ping.PingBindingStub.ping(PingBindingStub.java:159)
at org.apache.ws.axis.oasis.STScenario1.main(STScenario1.java:93)
{http://xml.apache.org/axis/}hostname:bwoo.rsc.eng.shaw.ca
No client transport named 'http' found!
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:170)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at org.apache.ws.axis.oasis.ping.PingBindingStub.ping(PingBindingStub.java:159)
at org.apache.ws.axis.oasis.STScenario1.main(STScenario1.java:93)
Now, I have made some minor changes to the code which I don't think they are the cause of this:
1) I have modified STScenario1.java to load up the deployment descriptor:
EngineConfiguration config = new FileProvider("saml_client.wsdd");
PingServiceLocator service = new PingServiceLocator(config);
saml_client.wsdd is just a simple (copied from the example):
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<service name="STPing1">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="samlPropFile" value="saml.properties"/>
<parameter name="action" value="Timestamp SAMLTokenUnsigned"/>
</handler>
</requestFlow>
</service>
</deployment>
2) I had a compile issue and I have took out param.setOmittable(true) and param.setNillable(true) from the stub (PingBindingStub.java). I don't know why these 2 lines are there but I suspect wsdl2java is buggy. the ParameterDesc class shouldn't have these 2 public methods anymore.
I am really close to get this example to run but I don't know why this error has come up. Can someone give me some guidance?
Thanks in advance,
Brian
RE: Verification failed for URI "#id-19537476"
Posted by Soumadeep <so...@infravio.com>.
I did trace the problem area and what I found is that it's failing because
the verification fails in the following section of the XMLSignature.java
code
if (!this.getSignedInfo()
.verify(this._followManifestsDuringValidation)) {
return false;
}
Any thoughts??
Soumadeep
-----Original Message-----
From: Soumadeep [mailto:soumadeep@infravio.com]
Sent: Thursday, April 20, 2006 7:27 PM
To: Guy Rixon
Cc: wss4j-dev@ws.apache.org
Subject: RE: Verification failed for URI "#id-19537476"
Hi there,
Thanks for the info. I tried switching to 1.2.1 and it's still the same.
In fact did a request soap(client-jmeter) and the pre verification
soap(soap parser) comparison, both are exactly the same... so there is no
chance that the soap messages are different.
Soumadeep
-----Original Message-----
From: Guy Rixon [mailto:gtr@ast.cam.ac.uk]
Sent: Thursday, April 20, 2006 3:27 PM
To: Soumadeep
Cc: wss4j-dev@ws.apache.org
Subject: Re: Verification failed for URI "#id-19537476"
This error means that the ds:DigestValue element in your ds:Reference no
longer matches the body of the SOAP message when that body is processed
according to the stated transform. Most probably, something has messed with
the SOAP body since the signature.
That something could be Axis itself; Axis 1.3 has unresolved problems in
its
deserialization code, even for trivial bodies. Axis 1.2.1 seems not to have
these problems.
On Thu, 20 Apr 2006, Soumadeep wrote:
> I get this error during signature verification. Any thoughts?
>
> ERROR:
> ======
> WARN - Reference.verify(?) | Verification failed for URI "#id-19537476"
> DEBUG - Manifest.verifyReferences(?) | The Reference has Type
> org.apache.ws.security.WSSecurityException: The signature verification
> failed
> at
> org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity
> Engine.java:634)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:327)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:250)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:198)
>
>
> SIGNED MESSAGE
> ===============
>
> <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
> <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
>
>
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Verification failed for URI "#id-19537476"
Posted by Soumadeep <so...@infravio.com>.
I did trace the problem area and what I found is that it's failing because
the verification fails in the following section of the XMLSignature.java
code
if (!this.getSignedInfo()
.verify(this._followManifestsDuringValidation)) {
return false;
}
Any thoughts??
Soumadeep
-----Original Message-----
From: Soumadeep [mailto:soumadeep@infravio.com]
Sent: Thursday, April 20, 2006 7:27 PM
To: Guy Rixon
Cc: wss4j-dev@ws.apache.org
Subject: RE: Verification failed for URI "#id-19537476"
Hi there,
Thanks for the info. I tried switching to 1.2.1 and it's still the same.
In fact did a request soap(client-jmeter) and the pre verification
soap(soap parser) comparison, both are exactly the same... so there is no
chance that the soap messages are different.
Soumadeep
-----Original Message-----
From: Guy Rixon [mailto:gtr@ast.cam.ac.uk]
Sent: Thursday, April 20, 2006 3:27 PM
To: Soumadeep
Cc: wss4j-dev@ws.apache.org
Subject: Re: Verification failed for URI "#id-19537476"
This error means that the ds:DigestValue element in your ds:Reference no
longer matches the body of the SOAP message when that body is processed
according to the stated transform. Most probably, something has messed with
the SOAP body since the signature.
That something could be Axis itself; Axis 1.3 has unresolved problems in
its
deserialization code, even for trivial bodies. Axis 1.2.1 seems not to have
these problems.
On Thu, 20 Apr 2006, Soumadeep wrote:
> I get this error during signature verification. Any thoughts?
>
> ERROR:
> ======
> WARN - Reference.verify(?) | Verification failed for URI "#id-19537476"
> DEBUG - Manifest.verifyReferences(?) | The Reference has Type
> org.apache.ws.security.WSSecurityException: The signature verification
> failed
> at
> org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity
> Engine.java:634)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:327)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:250)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:198)
>
>
> SIGNED MESSAGE
> ===============
>
> <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
> <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
>
>
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Verification failed for URI "#id-19537476"
Posted by Soumadeep <so...@infravio.com>.
Hi there,
Thanks for the info. I tried switching to 1.2.1 and it's still the same.
In fact did a request soap(client-jmeter) and the pre verification
soap(soap parser) comparison, both are exactly the same... so there is no
chance that the soap messages are different.
Soumadeep
-----Original Message-----
From: Guy Rixon [mailto:gtr@ast.cam.ac.uk]
Sent: Thursday, April 20, 2006 3:27 PM
To: Soumadeep
Cc: wss4j-dev@ws.apache.org
Subject: Re: Verification failed for URI "#id-19537476"
This error means that the ds:DigestValue element in your ds:Reference no
longer matches the body of the SOAP message when that body is processed
according to the stated transform. Most probably, something has messed with
the SOAP body since the signature.
That something could be Axis itself; Axis 1.3 has unresolved problems in
its
deserialization code, even for trivial bodies. Axis 1.2.1 seems not to have
these problems.
On Thu, 20 Apr 2006, Soumadeep wrote:
> I get this error during signature verification. Any thoughts?
>
> ERROR:
> ======
> WARN - Reference.verify(?) | Verification failed for URI "#id-19537476"
> DEBUG - Manifest.verifyReferences(?) | The Reference has Type
> org.apache.ws.security.WSSecurityException: The signature verification
> failed
> at
> org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity
> Engine.java:634)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:327)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:250)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:198)
>
>
> SIGNED MESSAGE
> ===============
>
> <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
> <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
>
>
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Verification failed for URI "#id-19537476"
Posted by Soumadeep <so...@infravio.com>.
Hi there,
Thanks for the info. I tried switching to 1.2.1 and it's still the same.
In fact did a request soap(client-jmeter) and the pre verification
soap(soap parser) comparison, both are exactly the same... so there is no
chance that the soap messages are different.
Soumadeep
-----Original Message-----
From: Guy Rixon [mailto:gtr@ast.cam.ac.uk]
Sent: Thursday, April 20, 2006 3:27 PM
To: Soumadeep
Cc: wss4j-dev@ws.apache.org
Subject: Re: Verification failed for URI "#id-19537476"
This error means that the ds:DigestValue element in your ds:Reference no
longer matches the body of the SOAP message when that body is processed
according to the stated transform. Most probably, something has messed with
the SOAP body since the signature.
That something could be Axis itself; Axis 1.3 has unresolved problems in
its
deserialization code, even for trivial bodies. Axis 1.2.1 seems not to have
these problems.
On Thu, 20 Apr 2006, Soumadeep wrote:
> I get this error during signature verification. Any thoughts?
>
> ERROR:
> ======
> WARN - Reference.verify(?) | Verification failed for URI "#id-19537476"
> DEBUG - Manifest.verifyReferences(?) | The Reference has Type
> org.apache.ws.security.WSSecurityException: The signature verification
> failed
> at
> org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity
> Engine.java:634)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:327)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:250)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:198)
>
>
> SIGNED MESSAGE
> ===============
>
> <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
> <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
>
>
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Verification failed for URI "#id-19537476"
Posted by Guy Rixon <gt...@ast.cam.ac.uk>.
This error means that the ds:DigestValue element in your ds:Reference no
longer matches the body of the SOAP message when that body is processed
according to the stated transform. Most probably, something has messed with
the SOAP body since the signature.
That something could be Axis itself; Axis 1.3 has unresolved problems in its
deserialization code, even for trivial bodies. Axis 1.2.1 seems not to have
these problems.
On Thu, 20 Apr 2006, Soumadeep wrote:
> I get this error during signature verification. Any thoughts?
>
> ERROR:
> ======
> WARN - Reference.verify(?) | Verification failed for URI "#id-19537476"
> DEBUG - Manifest.verifyReferences(?) | The Reference has Type
> org.apache.ws.security.WSSecurityException: The signature verification
> failed
> at
> org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity
> Engine.java:634)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:327)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:250)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:198)
>
>
> SIGNED MESSAGE
> ===============
>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
> <ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
> <ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
>
>
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Verification failed for URI "#id-19537476"
Posted by Guy Rixon <gt...@ast.cam.ac.uk>.
This error means that the ds:DigestValue element in your ds:Reference no
longer matches the body of the SOAP message when that body is processed
according to the stated transform. Most probably, something has messed with
the SOAP body since the signature.
That something could be Axis itself; Axis 1.3 has unresolved problems in its
deserialization code, even for trivial bodies. Axis 1.2.1 seems not to have
these problems.
On Thu, 20 Apr 2006, Soumadeep wrote:
> I get this error during signature verification. Any thoughts?
>
> ERROR:
> ======
> WARN - Reference.verify(?) | Verification failed for URI "#id-19537476"
> DEBUG - Manifest.verifyReferences(?) | The Reference has Type
> org.apache.ws.security.WSSecurityException: The signature verification
> failed
> at
> org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity
> Engine.java:634)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:327)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:250)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:198)
>
>
> SIGNED MESSAGE
> ===============
>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
> <ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#id-19537476">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
> HKfG/oziXA==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-11423854">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=dims</ds:X509IssuerName>
>
> <ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
> mber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soapenv:Header>
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" wsu:Id="id-19537476">
> <ns1:getVersion xmlns:ns1="http://axis.apache.org"
> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> </ns1:getVersion>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
>
>
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Verification failed for URI "#id-19537476"
Posted by Soumadeep <so...@infravio.com>.
I get this error during signature verification. Any thoughts?
ERROR:
======
WARN - Reference.verify(?) | Verification failed for URI "#id-19537476"
DEBUG - Manifest.verifyReferences(?) | The Reference has Type
org.apache.ws.security.WSSecurityException: The signature verification
failed
at
org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity
Engine.java:634)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:327)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:250)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:198)
SIGNED MESSAGE
===============
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
hod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#id-19537476">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
HKfG/oziXA==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-11423854">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=dims</ds:X509IssuerName>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
mber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="id-19537476">
<ns1:getVersion xmlns:ns1="http://axis.apache.org"
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
</ns1:getVersion>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
hod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#id-19537476">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
HKfG/oziXA==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-11423854">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=dims</ds:X509IssuerName>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
mber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="id-19537476">
<ns1:getVersion xmlns:ns1="http://axis.apache.org"
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
</ns1:getVersion>
</soapenv:Body>
</soapenv:Envelope>
Verification failed for URI "#id-19537476"
Posted by Soumadeep <so...@infravio.com>.
I get this error during signature verification. Any thoughts?
ERROR:
======
WARN - Reference.verify(?) | Verification failed for URI "#id-19537476"
DEBUG - Manifest.verifyReferences(?) | The Reference has Type
org.apache.ws.security.WSSecurityException: The signature verification
failed
at
org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity
Engine.java:634)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:327)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:250)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:198)
SIGNED MESSAGE
===============
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
hod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#id-19537476">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
HKfG/oziXA==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-11423854">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=dims</ds:X509IssuerName>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
mber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="id-19537476">
<ns1:getVersion xmlns:ns1="http://axis.apache.org"
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
</ns1:getVersion>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
hod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#id-19537476">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>fE1tW8/x1/+9YexmIxFSIGegJhw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
JOL2vQgyK1fj//5Tpi+3VO/TbSQE+0IxipWeAYSPrGikirfRL4Nrrfz/en8eExBG1Z164EBsh6Ef
HKfG/oziXA==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-11423854">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="STRId-30817849"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=dims</ds:X509IssuerName>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNu
mber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="id-19537476">
<ns1:getVersion xmlns:ns1="http://axis.apache.org"
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
</ns1:getVersion>
</soapenv:Body>
</soapenv:Envelope>