You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Benjamin Coiffe <bc...@inforsense.com> on 2008/03/04 14:17:02 UTC

SAML signed token rejected

Hi all,

I use CXF 2.0.4, opensaml 1.1b and wss4j 1.5 to generate and send a SOAP
message containing a signed sender-vouches SAML token to a secured Web
Service deployed on a Web Logic Server.
In order to do it, I set the action of the wss4joutinterceptor to
"SAMLToken Signature" instead of "SAMLTokenSigned" and I configure the
rest nicely: the signature only sign the saml assertion. If I use the
action "SAMLTokenSigned", it is exactly the same message but the body is
signed as well (I don't understand why though).

Anyway, when I send my token out, the token is rejected (the certificate
and issuer and everything else on the server side is good though). The
only difference I spotted when looking at a saml signed token generated
with web logic is that they sign the BinarySecurity token and have an
extra XML tag in the transform reference of the signature:
<exc14n:InclusiveNamespaces
xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" />
( this is useless though since the prefixlist is empty...).

I am a bit confused and don't really know what to think. In addition, I
can not find in the specs the section about this. Any help would be
appreciated. 
Thanks,


Benjamin Coiffe