You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by James Gough <wh...@gmail.com> on 2006/05/17 18:54:25 UTC
[Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little
direction re: signing
I am pretty new to web services and have made a client for an existing
web service that runs on .Net. That is working great, except that the
service is expecting a bit more from the XML I am sending (signing,
authorization, etc.). I have the authorization taken care of, but the
signing has me a bit perplexed. I think from what I have read that I
need to use SAML signatures, based on the output I have gotten from a
working .NET client, which looks like this:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action
wsu:Id="Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">http://tempuri.org/HelloWorld</wsa:Action>
<wsa:MessageID
wsu:Id="Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">uuid:464975ab-6222-49bf-b81c-cd3016a1502a</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To
wsu:Id="Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">http://localhost:8080/WSSecurity/WS.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
<wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
<wsu:Expires>2004-08-09T19:33:34Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5">
<wsse:Username>TheUsername</wsse:Username>
<wsse:Nonce>KjOPCSS5SQJvc9029P/rxQ==</wsse:Nonce>
<wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
</wsse:UsernameToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<Reference
URI="#Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>IXWRYkayo/iB0/bOiK4KDtnmrYw=</DigestValue>
</Reference>
<Reference
URI="#Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>x6vlKIANHj6Hd81Adpf4XmQDeIo=</DigestValue>
</Reference>
<Reference
URI="#Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>1ux8KYy6IslDo3Gxoq/zBbHqsb0=</DigestValue>
</Reference>
<Reference
URI="#Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>PEpOwfTnj5dNg3d+L53foT8OOVI=</DigestValue>
</Reference>
<Reference
URI="#Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>uglj0NHBNZsCEA5hha4ESnibVFo=</DigestValue>
</Reference>
<Reference
URI="#Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>Rbfcq4aZfIqEmbKONgt3EuJaRN4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>1mO22hXYCgelGsWW0AV3w67O9+8=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"
/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
<HelloWorld xmlns="http://tempuri.org/" />
</soap:Body>
</soap:Envelope>
I'm trying to read as much as I can on the subject, but any nudge in the
right direction would be appreciated.
JIm
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little
direction re: signing
Posted by James Gough <wh...@gmail.com>.
Solved part three of my problem, I had the wrong addressing reference
(http://schemas.xmlsoap.org/ws/2004/03/addressing) as opposed to
(http://schemas.xmlsoap.org/ws/2004/08/addressing) which is the correct
one for my implementation.
Now my .wsdd file looks like this:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<!-- ADDRESSING -->
<handler
type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
<parameter name="referencePropertyNames"
value="{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo"/>
</handler>
<!-- SECURITY -->
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp
UsernameTokenSignature"/>
<parameter name="passwordType" value="PasswordDigest"/>
<parameter name="user" value="test"/>
<parameter name="passwordCallbackClass"
value="com.somepackage.security.PWCallback"/>
<parameter name="precisionInMilliseconds" value="false" />
<parameter name="signatureParts"
value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo"/>
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
Thank you all for your efforts-
Jim
James Gough wrote:
> OK, I am using usernametokensignature, usernametoken and timestamp as
> seen in the WSDD file below:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration >
> <requestFlow >
> <!-- ADDRESSING -->
> <handler
> type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
> <parameter name="referencePropertyNames"
> value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo"/>
>
>
> </handler>
> <!-- SECURITY -->
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="Timestamp UsernameToken
> UsernameTokenSignature"/>
> <parameter name="passwordType" value="PasswordDigest"/>
> <parameter name="user" value="test"/>
> <parameter name="passwordCallbackClass"
> value="com.somepackage.security.PWCallback"/>
> <parameter name="precisionInMilliseconds" value="false" />
> <parameter name="signatureParts"
> value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
> </handler>
> </requestFlow >
> </globalConfiguration >
> </deployment>
>
> I still am having some issues.
> -First, I get 2 usernametoken sections in my soap headers, and the one
> set up by usernametokensignature sets the password in text, despite the
> "PasswordType" parameter being set to "PasswordDigest" in the wsdd
> file. I think that just using usernametokensignature would be fine,
> but I need the password set to digest
> -Second, the "ReplyTo" header is in the message as "From", not "ReplyTo"
> -Third, If I try to set any of the addressing elements to be signed in
> the "signatureParts" section, I get a "Element to encrypt/sign not
> found" error
>
> Any help would be greatly appreciated. Thanks!
>
> Jim
>
> Remy Bertrand wrote:
>
>> I tried to make it work with Axis 1.2 and WSS4J 1.1 (and in the opposite
>> configuration : .Net client -> Axis Server).
>
>> This was working with WSE2.0 but i was unable to configure/code in
>> WSE3.0 to
>> make it works. (i don't know what version you use). The verification
>> of the
>> signature (SignatureValue) always fails. Maybe you will be more lucky
>> with
>> WSS4J 1.5...
>
>> Basically, you should configure WSS4J to use UsernameTokenSignature,
>> UsernameToken and Timestamp. (don't forget TimeStamp, which is
>> implicit and
>> mandatory for .Net).
>
>> Rémy
>
>> ----- Original Message ----- From: "Werner Dittmann" <[EMAIL PROTECTED]>
>> To: "James Gough" <[EMAIL PROTECTED]>
>> Cc: <ws...@ws.apache.org>
>> Sent: Wednesday, May 17, 2006 8:30 PM
>> Subject: Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a
>> little direction re: signing
>
>
>>> Its not SAML Signature but the .Net specific way of using a a Signature
>>> based on a username token. WSS4J provides a similar, but not well
>>> tested
>>> way that is modelled after the .Net specific way.
>>> (UsernametokenSignature)
>>>
>>> Regards,
>>> Werner
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little
direction re: signing
Posted by James Gough <wh...@gmail.com>.
Solved part three of my problem, I had the wrong addressing reference
(http://schemas.xmlsoap.org/ws/2004/03/addressing) as opposed to
(http://schemas.xmlsoap.org/ws/2004/08/addressing) which is the correct
one for my implementation.
Now my .wsdd file looks like this:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<!-- ADDRESSING -->
<handler
type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
<parameter name="referencePropertyNames"
value="{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo"/>
</handler>
<!-- SECURITY -->
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp
UsernameTokenSignature"/>
<parameter name="passwordType" value="PasswordDigest"/>
<parameter name="user" value="test"/>
<parameter name="passwordCallbackClass"
value="com.somepackage.security.PWCallback"/>
<parameter name="precisionInMilliseconds" value="false" />
<parameter name="signatureParts"
value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo"/>
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
Thank you all for your efforts-
Jim
James Gough wrote:
> OK, I am using usernametokensignature, usernametoken and timestamp as
> seen in the WSDD file below:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration >
> <requestFlow >
> <!-- ADDRESSING -->
> <handler
> type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
> <parameter name="referencePropertyNames"
> value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo"/>
>
>
> </handler>
> <!-- SECURITY -->
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="Timestamp UsernameToken
> UsernameTokenSignature"/>
> <parameter name="passwordType" value="PasswordDigest"/>
> <parameter name="user" value="test"/>
> <parameter name="passwordCallbackClass"
> value="com.somepackage.security.PWCallback"/>
> <parameter name="precisionInMilliseconds" value="false" />
> <parameter name="signatureParts"
> value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
> </handler>
> </requestFlow >
> </globalConfiguration >
> </deployment>
>
> I still am having some issues.
> -First, I get 2 usernametoken sections in my soap headers, and the one
> set up by usernametokensignature sets the password in text, despite the
> "PasswordType" parameter being set to "PasswordDigest" in the wsdd
> file. I think that just using usernametokensignature would be fine,
> but I need the password set to digest
> -Second, the "ReplyTo" header is in the message as "From", not "ReplyTo"
> -Third, If I try to set any of the addressing elements to be signed in
> the "signatureParts" section, I get a "Element to encrypt/sign not
> found" error
>
> Any help would be greatly appreciated. Thanks!
>
> Jim
>
> Remy Bertrand wrote:
>
>> I tried to make it work with Axis 1.2 and WSS4J 1.1 (and in the opposite
>> configuration : .Net client -> Axis Server).
>
>> This was working with WSE2.0 but i was unable to configure/code in
>> WSE3.0 to
>> make it works. (i don't know what version you use). The verification
>> of the
>> signature (SignatureValue) always fails. Maybe you will be more lucky
>> with
>> WSS4J 1.5...
>
>> Basically, you should configure WSS4J to use UsernameTokenSignature,
>> UsernameToken and Timestamp. (don't forget TimeStamp, which is
>> implicit and
>> mandatory for .Net).
>
>> Rémy
>
>> ----- Original Message ----- From: "Werner Dittmann" <[EMAIL PROTECTED]>
>> To: "James Gough" <[EMAIL PROTECTED]>
>> Cc: <ws...@ws.apache.org>
>> Sent: Wednesday, May 17, 2006 8:30 PM
>> Subject: Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a
>> little direction re: signing
>
>
>>> Its not SAML Signature but the .Net specific way of using a a Signature
>>> based on a username token. WSS4J provides a similar, but not well
>>> tested
>>> way that is modelled after the .Net specific way.
>>> (UsernametokenSignature)
>>>
>>> Regards,
>>> Werner
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little
direction re: signing
Posted by James Gough <wh...@gmail.com>.
OK, I am using usernametokensignature, usernametoken and timestamp as
seen in the WSDD file below:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<!-- ADDRESSING -->
<handler
type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
<parameter name="referencePropertyNames"
value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo"/>
</handler>
<!-- SECURITY -->
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp UsernameToken
UsernameTokenSignature"/>
<parameter name="passwordType" value="PasswordDigest"/>
<parameter name="user" value="test"/>
<parameter name="passwordCallbackClass"
value="com.somepackage.security.PWCallback"/>
<parameter name="precisionInMilliseconds" value="false" />
<parameter name="signatureParts"
value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
I still am having some issues.
-First, I get 2 usernametoken sections in my soap headers, and the one
set up by usernametokensignature sets the password in text, despite the
"PasswordType" parameter being set to "PasswordDigest" in the wsdd
file. I think that just using usernametokensignature would be fine,
but I need the password set to digest
-Second, the "ReplyTo" header is in the message as "From", not "ReplyTo"
-Third, If I try to set any of the addressing elements to be signed in
the "signatureParts" section, I get a "Element to encrypt/sign not
found" error
Any help would be greatly appreciated. Thanks!
Jim
Remy Bertrand wrote:
>I tried to make it work with Axis 1.2 and WSS4J 1.1 (and in the opposite
>configuration : .Net client -> Axis Server).
>This was working with WSE2.0 but i was unable to configure/code in WSE3.0 to
>make it works. (i don't know what version you use). The verification of the
>signature (SignatureValue) always fails. Maybe you will be more lucky with
>WSS4J 1.5...
>Basically, you should configure WSS4J to use UsernameTokenSignature,
>UsernameToken and Timestamp. (don't forget TimeStamp, which is implicit and
>mandatory for .Net).
>Rémy
>----- Original Message -----
>From: "Werner Dittmann" <[EMAIL PROTECTED]>
>To: "James Gough" <[EMAIL PROTECTED]>
>Cc: <ws...@ws.apache.org>
>Sent: Wednesday, May 17, 2006 8:30 PM
>Subject: Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a
>little direction re: signing
>> Its not SAML Signature but the .Net specific way of using a a Signature
>> based on a username token. WSS4J provides a similar, but not well tested
>> way that is modelled after the .Net specific way. (UsernametokenSignature)
>>
>> Regards,
>> Werner
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little
direction re: signing
Posted by James Gough <wh...@gmail.com>.
OK, I am using usernametokensignature, usernametoken and timestamp as
seen in the WSDD file below:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<!-- ADDRESSING -->
<handler
type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
<parameter name="referencePropertyNames"
value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo"/>
</handler>
<!-- SECURITY -->
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp UsernameToken
UsernameTokenSignature"/>
<parameter name="passwordType" value="PasswordDigest"/>
<parameter name="user" value="test"/>
<parameter name="passwordCallbackClass"
value="com.somepackage.security.PWCallback"/>
<parameter name="precisionInMilliseconds" value="false" />
<parameter name="signatureParts"
value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
I still am having some issues.
-First, I get 2 usernametoken sections in my soap headers, and the one
set up by usernametokensignature sets the password in text, despite the
"PasswordType" parameter being set to "PasswordDigest" in the wsdd
file. I think that just using usernametokensignature would be fine,
but I need the password set to digest
-Second, the "ReplyTo" header is in the message as "From", not "ReplyTo"
-Third, If I try to set any of the addressing elements to be signed in
the "signatureParts" section, I get a "Element to encrypt/sign not
found" error
Any help would be greatly appreciated. Thanks!
Jim
Remy Bertrand wrote:
>I tried to make it work with Axis 1.2 and WSS4J 1.1 (and in the opposite
>configuration : .Net client -> Axis Server).
>This was working with WSE2.0 but i was unable to configure/code in WSE3.0 to
>make it works. (i don't know what version you use). The verification of the
>signature (SignatureValue) always fails. Maybe you will be more lucky with
>WSS4J 1.5...
>Basically, you should configure WSS4J to use UsernameTokenSignature,
>UsernameToken and Timestamp. (don't forget TimeStamp, which is implicit and
>mandatory for .Net).
>Rémy
>----- Original Message -----
>From: "Werner Dittmann" <[EMAIL PROTECTED]>
>To: "James Gough" <[EMAIL PROTECTED]>
>Cc: <ws...@ws.apache.org>
>Sent: Wednesday, May 17, 2006 8:30 PM
>Subject: Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a
>little direction re: signing
>> Its not SAML Signature but the .Net specific way of using a a Signature
>> based on a username token. WSS4J provides a similar, but not well tested
>> way that is modelled after the .Net specific way. (UsernametokenSignature)
>>
>> Regards,
>> Werner
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little direction re: signing
Posted by Remy Bertrand <re...@free.fr>.
I tried to make it work with Axis 1.2 and WSS4J 1.1 (and in the opposite
configuration : .Net client -> Axis Server).
This was working with WSE2.0 but i was unable to configure/code in WSE3.0 to
make it works. (i don't know what version you use). The verification of the
signature (SignatureValue) always fails. Maybe you will be more lucky with
WSS4J 1.5...
Basically, you should configure WSS4J to use UsernameTokenSignature,
UsernameToken and Timestamp. (don't forget TimeStamp, which is implicit and
mandatory for .Net).
Rémy
----- Original Message -----
From: "Werner Dittmann" <We...@t-online.de>
To: "James Gough" <wh...@gmail.com>
Cc: <ws...@ws.apache.org>
Sent: Wednesday, May 17, 2006 8:30 PM
Subject: Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a
little direction re: signing
> Its not SAML Signature but the .Net specific way of using a a Signature
> based on a username token. WSS4J provides a similar, but not well tested
> way that is modelled after the .Net specific way. (UsernametokenSignature)
>
> Regards,
> Werner
>
> James Gough wrote:
> > I am pretty new to web services and have made a client for an existing
> > web service that runs on .Net. That is working great, except that the
> > service is expecting a bit more from the XML I am sending (signing,
> > authorization, etc.). I have the authorization taken care of, but the
> > signing has me a bit perplexed. I think from what I have read that I
> > need to use SAML signatures, based on the output I have gotten from a
> > working .NET client, which looks like this:
> >
> > <?xml version="1.0" encoding="utf-8"?>
> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
> >
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
> >
> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
> >
> > <soap:Header>
> > <wsa:Action
> >
wsu:Id="Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">http://tempuri.org/HelloWor
ld</wsa:Action>
> >
> > <wsa:MessageID
> >
wsu:Id="Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">uuid:464975ab-6222-49bf-b81
c-cd3016a1502a</wsa:MessageID>
> >
> > <wsa:ReplyTo wsu:Id="Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
> >
> >
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous
</wsa:Address>
> >
> > </wsa:ReplyTo>
> > <wsa:To
> >
wsu:Id="Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">http://localhost:8080/WSSec
urity/WS.asmx</wsa:To>
> >
> > <wsse:Security soap:mustUnderstand="1">
> > <wsu:Timestamp
> > wsu:Id="Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> > <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> > <wsu:Expires>2004-08-09T19:33:34Z</wsu:Expires>
> > </wsu:Timestamp>
> > <wsse:UsernameToken
> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
> >
> > wsu:Id="SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5">
> > <wsse:Username>TheUsername</wsse:Username>
> > <wsse:Nonce>KjOPCSS5SQJvc9029P/rxQ==</wsse:Nonce>
> > <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> > </wsse:UsernameToken>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
> > <Reference
> > URI="#Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>IXWRYkayo/iB0/bOiK4KDtnmrYw=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>x6vlKIANHj6Hd81Adpf4XmQDeIo=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>1ux8KYy6IslDo3Gxoq/zBbHqsb0=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>PEpOwfTnj5dNg3d+L53foT8OOVI=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>uglj0NHBNZsCEA5hha4ESnibVFo=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>Rbfcq4aZfIqEmbKONgt3EuJaRN4=</DigestValue>
> > </Reference>
> > </SignedInfo>
> >
> > <SignatureValue>1mO22hXYCgelGsWW0AV3w67O9+8=</SignatureValue>
> > <KeyInfo>
> > <wsse:SecurityTokenReference>
> > <wsse:Reference
> > URI="#SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5"
> >
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-
token-profile-1.0#UsernameToken"
> >
> > />
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > </Signature>
> > </wsse:Security>
> > </soap:Header>
> > <soap:Body wsu:Id="Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> > <HelloWorld xmlns="http://tempuri.org/" />
> > </soap:Body>
> > </soap:Envelope>
> >
> > I'm trying to read as much as I can on the subject, but any nudge in the
> > right direction would be appreciated.
> >
> > JIm
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little direction re: signing
Posted by Remy Bertrand <re...@free.fr>.
I tried to make it work with Axis 1.2 and WSS4J 1.1 (and in the opposite
configuration : .Net client -> Axis Server).
This was working with WSE2.0 but i was unable to configure/code in WSE3.0 to
make it works. (i don't know what version you use). The verification of the
signature (SignatureValue) always fails. Maybe you will be more lucky with
WSS4J 1.5...
Basically, you should configure WSS4J to use UsernameTokenSignature,
UsernameToken and Timestamp. (don't forget TimeStamp, which is implicit and
mandatory for .Net).
Rémy
----- Original Message -----
From: "Werner Dittmann" <We...@t-online.de>
To: "James Gough" <wh...@gmail.com>
Cc: <ws...@ws.apache.org>
Sent: Wednesday, May 17, 2006 8:30 PM
Subject: Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a
little direction re: signing
> Its not SAML Signature but the .Net specific way of using a a Signature
> based on a username token. WSS4J provides a similar, but not well tested
> way that is modelled after the .Net specific way. (UsernametokenSignature)
>
> Regards,
> Werner
>
> James Gough wrote:
> > I am pretty new to web services and have made a client for an existing
> > web service that runs on .Net. That is working great, except that the
> > service is expecting a bit more from the XML I am sending (signing,
> > authorization, etc.). I have the authorization taken care of, but the
> > signing has me a bit perplexed. I think from what I have read that I
> > need to use SAML signatures, based on the output I have gotten from a
> > working .NET client, which looks like this:
> >
> > <?xml version="1.0" encoding="utf-8"?>
> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
> >
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
> >
> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
> >
> > <soap:Header>
> > <wsa:Action
> >
wsu:Id="Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">http://tempuri.org/HelloWor
ld</wsa:Action>
> >
> > <wsa:MessageID
> >
wsu:Id="Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">uuid:464975ab-6222-49bf-b81
c-cd3016a1502a</wsa:MessageID>
> >
> > <wsa:ReplyTo wsu:Id="Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
> >
> >
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous
</wsa:Address>
> >
> > </wsa:ReplyTo>
> > <wsa:To
> >
wsu:Id="Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">http://localhost:8080/WSSec
urity/WS.asmx</wsa:To>
> >
> > <wsse:Security soap:mustUnderstand="1">
> > <wsu:Timestamp
> > wsu:Id="Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> > <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> > <wsu:Expires>2004-08-09T19:33:34Z</wsu:Expires>
> > </wsu:Timestamp>
> > <wsse:UsernameToken
> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
> >
> > wsu:Id="SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5">
> > <wsse:Username>TheUsername</wsse:Username>
> > <wsse:Nonce>KjOPCSS5SQJvc9029P/rxQ==</wsse:Nonce>
> > <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> > </wsse:UsernameToken>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
> > <Reference
> > URI="#Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>IXWRYkayo/iB0/bOiK4KDtnmrYw=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>x6vlKIANHj6Hd81Adpf4XmQDeIo=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>1ux8KYy6IslDo3Gxoq/zBbHqsb0=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>PEpOwfTnj5dNg3d+L53foT8OOVI=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>uglj0NHBNZsCEA5hha4ESnibVFo=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> > <DigestValue>Rbfcq4aZfIqEmbKONgt3EuJaRN4=</DigestValue>
> > </Reference>
> > </SignedInfo>
> >
> > <SignatureValue>1mO22hXYCgelGsWW0AV3w67O9+8=</SignatureValue>
> > <KeyInfo>
> > <wsse:SecurityTokenReference>
> > <wsse:Reference
> > URI="#SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5"
> >
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-
token-profile-1.0#UsernameToken"
> >
> > />
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > </Signature>
> > </wsse:Security>
> > </soap:Header>
> > <soap:Body wsu:Id="Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> > <HelloWorld xmlns="http://tempuri.org/" />
> > </soap:Body>
> > </soap:Envelope>
> >
> > I'm trying to read as much as I can on the subject, but any nudge in the
> > right direction would be appreciated.
> >
> > JIm
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little
direction re: signing
Posted by Werner Dittmann <We...@t-online.de>.
Its not SAML Signature but the .Net specific way of using a a Signature
based on a username token. WSS4J provides a similar, but not well tested
way that is modelled after the .Net specific way. (UsernametokenSignature)
Regards,
Werner
James Gough wrote:
> I am pretty new to web services and have made a client for an existing
> web service that runs on .Net. That is working great, except that the
> service is expecting a bit more from the XML I am sending (signing,
> authorization, etc.). I have the authorization taken care of, but the
> signing has me a bit perplexed. I think from what I have read that I
> need to use SAML signatures, based on the output I have gotten from a
> working .NET client, which looks like this:
>
> <?xml version="1.0" encoding="utf-8"?>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>
> <soap:Header>
> <wsa:Action
> wsu:Id="Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">http://tempuri.org/HelloWorld</wsa:Action>
>
> <wsa:MessageID
> wsu:Id="Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">uuid:464975ab-6222-49bf-b81c-cd3016a1502a</wsa:MessageID>
>
> <wsa:ReplyTo wsu:Id="Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
>
> </wsa:ReplyTo>
> <wsa:To
> wsu:Id="Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">http://localhost:8080/WSSecurity/WS.asmx</wsa:To>
>
> <wsse:Security soap:mustUnderstand="1">
> <wsu:Timestamp
> wsu:Id="Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> <wsu:Expires>2004-08-09T19:33:34Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>
> wsu:Id="SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5">
> <wsse:Username>TheUsername</wsse:Username>
> <wsse:Nonce>KjOPCSS5SQJvc9029P/rxQ==</wsse:Nonce>
> <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> </wsse:UsernameToken>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
> <Reference
> URI="#Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>IXWRYkayo/iB0/bOiK4KDtnmrYw=</DigestValue>
> </Reference>
> <Reference
> URI="#Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>x6vlKIANHj6Hd81Adpf4XmQDeIo=</DigestValue>
> </Reference>
> <Reference
> URI="#Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>1ux8KYy6IslDo3Gxoq/zBbHqsb0=</DigestValue>
> </Reference>
> <Reference
> URI="#Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>PEpOwfTnj5dNg3d+L53foT8OOVI=</DigestValue>
> </Reference>
> <Reference
> URI="#Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>uglj0NHBNZsCEA5hha4ESnibVFo=</DigestValue>
> </Reference>
> <Reference
> URI="#Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>Rbfcq4aZfIqEmbKONgt3EuJaRN4=</DigestValue>
> </Reference>
> </SignedInfo>
>
> <SignatureValue>1mO22hXYCgelGsWW0AV3w67O9+8=</SignatureValue>
> <KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference
> URI="#SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"
>
> />
> </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:Body wsu:Id="Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> <HelloWorld xmlns="http://tempuri.org/" />
> </soap:Body>
> </soap:Envelope>
>
> I'm trying to read as much as I can on the subject, but any nudge in the
> right direction would be appreciated.
>
> JIm
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little
direction re: signing
Posted by Werner Dittmann <We...@t-online.de>.
Its not SAML Signature but the .Net specific way of using a a Signature
based on a username token. WSS4J provides a similar, but not well tested
way that is modelled after the .Net specific way. (UsernametokenSignature)
Regards,
Werner
James Gough wrote:
> I am pretty new to web services and have made a client for an existing
> web service that runs on .Net. That is working great, except that the
> service is expecting a bit more from the XML I am sending (signing,
> authorization, etc.). I have the authorization taken care of, but the
> signing has me a bit perplexed. I think from what I have read that I
> need to use SAML signatures, based on the output I have gotten from a
> working .NET client, which looks like this:
>
> <?xml version="1.0" encoding="utf-8"?>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>
> <soap:Header>
> <wsa:Action
> wsu:Id="Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">http://tempuri.org/HelloWorld</wsa:Action>
>
> <wsa:MessageID
> wsu:Id="Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">uuid:464975ab-6222-49bf-b81c-cd3016a1502a</wsa:MessageID>
>
> <wsa:ReplyTo wsu:Id="Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
>
> </wsa:ReplyTo>
> <wsa:To
> wsu:Id="Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">http://localhost:8080/WSSecurity/WS.asmx</wsa:To>
>
> <wsse:Security soap:mustUnderstand="1">
> <wsu:Timestamp
> wsu:Id="Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> <wsu:Expires>2004-08-09T19:33:34Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>
> wsu:Id="SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5">
> <wsse:Username>TheUsername</wsse:Username>
> <wsse:Nonce>KjOPCSS5SQJvc9029P/rxQ==</wsse:Nonce>
> <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> </wsse:UsernameToken>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
> <Reference
> URI="#Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>IXWRYkayo/iB0/bOiK4KDtnmrYw=</DigestValue>
> </Reference>
> <Reference
> URI="#Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>x6vlKIANHj6Hd81Adpf4XmQDeIo=</DigestValue>
> </Reference>
> <Reference
> URI="#Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>1ux8KYy6IslDo3Gxoq/zBbHqsb0=</DigestValue>
> </Reference>
> <Reference
> URI="#Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>PEpOwfTnj5dNg3d+L53foT8OOVI=</DigestValue>
> </Reference>
> <Reference
> URI="#Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>uglj0NHBNZsCEA5hha4ESnibVFo=</DigestValue>
> </Reference>
> <Reference
> URI="#Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
> <DigestValue>Rbfcq4aZfIqEmbKONgt3EuJaRN4=</DigestValue>
> </Reference>
> </SignedInfo>
>
> <SignatureValue>1mO22hXYCgelGsWW0AV3w67O9+8=</SignatureValue>
> <KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference
> URI="#SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"
>
> />
> </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:Body wsu:Id="Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> <HelloWorld xmlns="http://tempuri.org/" />
> </soap:Body>
> </soap:Envelope>
>
> I'm trying to read as much as I can on the subject, but any nudge in the
> right direction would be appreciated.
>
> JIm
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org