You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by W Strater <ws...@yahoo.com> on 2007/07/16 15:18:30 UTC
Glassfish/Tango SecurityTokenReference Compatibility
I am trying to process a RequestSecurityTokenResponse response from a Tango/WSIT using WSSecurityEngine.processSecurityHeader and I am getting a schema violation in a SecurityTokenReference while processing DerivedKeyToken.
The 2 XML snippets:
<wsse:SecurityTokenReference>
98NJSduf4U2nkayvyLa883vlwH8'>http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">98NJSduf4U2nkayvyLa883vlwH8=
</wsse:SecurityTokenReference>
<wsc:Offset>0</wsc:Offset>
<wsc:Length>16</wsc:Length>
<wsc:Nonce>4XUJHPIItkdKUoXn5LeTPYnL</wsc:Nonce>
</wsc:DerivedKeyToken>
<wsse:SecurityTokenReference>
98NJSduf4U2nkayvyLa883vlwH8'>http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">98NJSduf4U2nkayvyLa883vlwH8=
</wsse:SecurityTokenReference>
<wsc:Offset>0</wsc:Offset>
<wsc:Length>16</wsc:Length>
<wsc:Nonce>XNyCAb834PB3p/wN5zV5x7q+</wsc:Nonce>
</wsc:DerivedKeyToken>
It appears that the DerivedKeyTokenProcessor.extractSecret assumes that there will only be a Reference. There are instances in the same XML document where a SecurityTokenReference within an EncryptedData does contain a Reference.
The stack trace:
testSTSResponse1(sts.test.ProcessSampleMessages)org.apache.ws.security.WSSecurityException: General security error (Bad element, expected "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference" while got "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier")
at org.apache.ws.security.message.token.Reference.<init>(Reference.java:60)
at org.apache.ws.security.message.token.SecurityTokenReference.getReference(SecurityTokenReference.java:127)
at org.apache.ws.security.processor.DerivedKeyTokenProcessor.extractSecret(DerivedKeyTokenProcessor.java:117)
at org.apache.ws.security.processor.DerivedKeyTokenProcessor.handleToken(DerivedKeyTokenProcessor.java:65)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
I am not sure if I am doing something fundamentally wrong or I have a compatibility issue. I am trying to validate the message level security and decrypt message.
Wes.