You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ws.apache.org by CIZERON, STÉPHANE <ST...@bouyguestelecom.fr> on 2013/07/25 16:44:38 UTC

BST signature problem

Hi,
Since 1.6.x, it's impossible to sing BST with the key word Token.
When we use the STRTransform keyword, the signed element is not the BST but a SecurityTokenReference.

When we declare signatureParts, we can use :
{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken

The fwk doesn't find the element in the DOM because in SignatureAction.java, the BST is append at the end.
I modify SignatureAction.java for testing and put wsSign.prependBSTElementToHeader(reqData.getSecHeader()); at line 70
, just after wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader());
and it works, the BST is found and the signed element is the BST and not the SecurityTokenReference.

Could tell me if it's a valid workaround ? And if a new release can contains this update ?
wsSign.prependBSTElementToHeader(reqData.getSecHeader());

Best regards
Stéphane

________________________________

L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne peut être tenue responsable de son contenu ni de ses pièces jointes. Toute utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire de ce message, merci de le détruire et d'avertir l'expéditeur.

The integrity of this message cannot be guaranteed on the Internet. The company that sent this message cannot therefore be held liable for its content nor attachments. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender.