You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "Walters, Jay M" <jm...@bu.edu> on 2014/01/17 03:22:16 UTC
CXF client/WCF server interop
I have a third party MS WCF Webservice which is using some variant of STS, that I have been trying to call from a CXF client. This is WSDL first.
I have been trying the simple STS examples I find on the website and around the network, I am not close to getting this type of packet with the off the internet examples to reproduce this soap envelope which is sent to the STS server by a Metro client or a C# client.
Is this secure conversation? I expect there is a working example in the source if somebody could point me towards it?
Thanks in advance.
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">http://hostname:8030/SecurityTokenService/username</To>
<Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">uuid:fqef</MessageID>
<wsse:Security S:mustUnderstand="true">
<wsu:Timestamp xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_5">
<wsu:Created>2014-01-17T02:00:30Z</wsu:Created>
<wsu:Expires>2014-01-17T02:05:30Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5002">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">fjkqefq=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>akjefefe</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>24</ns19:Length>
<ns19:Nonce>xyzzy</ns19:Nonce>
</ns19:DerivedKeyToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_4">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>32</ns19:Length>
<ns19:Nonce>xyzzy</ns19:Nonce>
</ns19:DerivedKeyToken>
<xenc:ReferenceList xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/">
<xenc:DataReference URI="#_5010"/>
<xenc:DataReference URI="#_5011"/>
<xenc:DataReference URI="#_5012"/>
</xenc:ReferenceList>
<xenc:EncryptedData xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5012" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>abc</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedData xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5011" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>eqef</xenc:CipherValue></xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5008">
<xenc:EncryptedData xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5010" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>bgdwd </xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
RE: CXF client/WCF server interop
Posted by "Walters, Jay M" <jm...@bu.edu>.
Does the WSDL need to go anyplace special or does the client just grab the server wsdl and dynamically hook everything up?
________________________________________
From: Colm O hEigeartaigh [coheigea@apache.org]
Sent: Friday, January 17, 2014 10:53 AM
To: users@cxf.apache.org
Subject: Re: CXF client/WCF server interop
Here is a test in CXF that uses WS-Trust with SecureConversation:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java?view=markup
Here is the WSDL + security policy:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/DoubleIt.wsdl?view=markup
Colm.
On Fri, Jan 17, 2014 at 3:01 PM, Walters, Jay M <jm...@bu.edu> wrote:
> Hoping this is what you want. Even I can take a guess that
> SecureConversation looks to be part of my future, though I would appreciate
> any pointer to a specific example I can work with.
>
> Thanks
>
> <wsp:Policy wsu:Id="SomethingServiceHttp_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:SecureConversationToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <sp:RequireDerivedKeys/>
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body/>
> <sp:Header Name="To" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="From" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="FaultTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="ReplyTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="MessageID" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="RelatesTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="Action" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body/>
> </sp:EncryptedParts>
> <sp:SymmetricBinding>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:IssuedToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
> <Issuer xmlns="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <Address xmlns="
> http://www.w3.org/2005/08/addressing">
> http://hostname/SecurityTokenService/username</Address>
> <Metadata xmlns="
> http://www.w3.org/2005/08/addressing">
> <Metadata xmlns="
> http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance">
> <wsx:MetadataSection xmlns="">
> <wsx:MetadataReference>
> <Address xmlns="
> http://www.w3.org/2005/08/addressing">
> http://hostname/SecurityTokenService/mex</Address>
> </wsx:MetadataReference>
> </wsx:MetadataSection>
> </Metadata>
> </Metadata>
> </Issuer>
> <sp:RequestSecurityTokenTemplate>
> <trust:TokenType xmlns:trust="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512">
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
> </trust:TokenType>
> <trust:KeyType xmlns:trust="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512">
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
> </trust:KeyType>
> <app:EpCode xmlns:app="
> http://www.foobar.com/app/ws-trust/2010/11">epCode</app:EpCode>
> </sp:RequestSecurityTokenTemplate>
> <wsp:Policy>
> <sp:RequireDerivedKeys/>
> <sp:RequireInternalReference/>
> </wsp:Policy>
> </sp:IssuedToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:EncryptSignature/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11>
> <wsp:Policy/>
> </sp:Wss11>
> <sp:Trust13>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust13>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> <sp:MustNotSendAmend/>
> </wsp:Policy>
> </sp:SecureConversationToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:EncryptSignature/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy/>
> </sp:Wss11>
> <sp:Trust13 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust13>
> <wsaw:UsingAddressing/>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> ________________________________________
> From: Colm O hEigeartaigh [coheig@gmail.com]
> Sent: Friday, January 17, 2014 4:51 AM
> To: users@cxf.apache.org
> Subject: Re: CXF client/WCF server interop
>
> Could you paste the security policy of the service + I will take a look?
>
> Colm.
>
>
> On Fri, Jan 17, 2014 at 2:22 AM, Walters, Jay M <jm...@bu.edu> wrote:
>
> > I have a third party MS WCF Webservice which is using some variant of
> STS,
> > that I have been trying to call from a CXF client. This is WSDL first.
> >
> > I have been trying the simple STS examples I find on the website and
> > around the network, I am not close to getting this type of packet with
> the
> > off the internet examples to reproduce this soap envelope which is sent
> to
> > the STS server by a Metro client or a C# client.
> >
> > Is this secure conversation? I expect there is a working example in the
> > source if somebody could point me towards it?
> >
> > Thanks in advance.
> >
> > <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
> > xmlns:wsse11="
> > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> > xmlns:wsse="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="
> > http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="
> > http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:xenc="
> > http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="
> > http://www.w3.org/2001/10/xml-exc-c14n#">
> > <S:Header>
> > <To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">
> > http://hostname:8030/SecurityTokenService/username</To>
> > <Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">
> > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
> > <ReplyTo xmlns="http://www.w3.org/2005/08/addressing"
> wsu:Id="_5005">
> > <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> > </ReplyTo>
> > <MessageID xmlns="http://www.w3.org/2005/08/addressing"
> > wsu:Id="_5004">uuid:fqef</MessageID>
> > <wsse:Security S:mustUnderstand="true">
> > <wsu:Timestamp xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_5">
> > <wsu:Created>2014-01-17T02:00:30Z</wsu:Created>
> > <wsu:Expires>2014-01-17T02:05:30Z</wsu:Expires>
> > </wsu:Timestamp>
> > <xenc:EncryptedKey xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5002">
> > <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
> > <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> "
> > xsi:type="KeyInfoType">
> > <wsse:SecurityTokenReference>
> > <wsse:KeyIdentifier ValueType="
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
> "
> > EncodingType="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> > ">fjkqefq=</wsse:KeyIdentifier>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> > <xenc:CipherValue>akjefefe</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedKey>
> > <ns19:DerivedKeyToken xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_5002" ValueType="
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > "/>
> > </wsse:SecurityTokenReference>
> > <ns19:Offset>0</ns19:Offset>
> > <ns19:Length>24</ns19:Length>
> > <ns19:Nonce>xyzzy</ns19:Nonce>
> > </ns19:DerivedKeyToken>
> > <ns19:DerivedKeyToken xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_4">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_5002" ValueType="
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > "/>
> > </wsse:SecurityTokenReference>
> > <ns19:Offset>0</ns19:Offset>
> > <ns19:Length>32</ns19:Length>
> > <ns19:Nonce>xyzzy</ns19:Nonce>
> > </ns19:DerivedKeyToken>
> > <xenc:ReferenceList xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/">
> > <xenc:DataReference URI="#_5010"/>
> > <xenc:DataReference URI="#_5011"/>
> > <xenc:DataReference URI="#_5012"/>
> > </xenc:ReferenceList>
> > <xenc:EncryptedData xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5012" Type="
> > http://www.w3.org/2001/04/xmlenc#Element">
> > <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> > <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> "
> > xsi:type="KeyInfoType">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_4"/>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> > <xenc:CipherValue>abc</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > <xenc:EncryptedData xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5011" Type="
> > http://www.w3.org/2001/04/xmlenc#Element">
> > <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> > <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> "
> > xsi:type="KeyInfoType">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_4"/>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> >
> >
> <xenc:CipherData><xenc:CipherValue>eqef</xenc:CipherValue></xenc:CipherData>
> > </xenc:EncryptedData>
> > </wsse:Security>
> > </S:Header>
> > <S:Body wsu:Id="_5008">
> > <xenc:EncryptedData xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5010" Type="
> > http://www.w3.org/2001/04/xmlenc#Content">
> > <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> > <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:type="KeyInfoType">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_4"/>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> > <xenc:CipherValue>bgdwd </xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </S:Body>
> > </S:Envelope>
> >
> >
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF client/WCF server interop
Posted by Colm O hEigeartaigh <co...@apache.org>.
Here is a test in CXF that uses WS-Trust with SecureConversation:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java?view=markup
Here is the WSDL + security policy:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/DoubleIt.wsdl?view=markup
Colm.
On Fri, Jan 17, 2014 at 3:01 PM, Walters, Jay M <jm...@bu.edu> wrote:
> Hoping this is what you want. Even I can take a guess that
> SecureConversation looks to be part of my future, though I would appreciate
> any pointer to a specific example I can work with.
>
> Thanks
>
> <wsp:Policy wsu:Id="SomethingServiceHttp_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:SecureConversationToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <sp:RequireDerivedKeys/>
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body/>
> <sp:Header Name="To" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="From" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="FaultTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="ReplyTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="MessageID" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="RelatesTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="Action" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body/>
> </sp:EncryptedParts>
> <sp:SymmetricBinding>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:IssuedToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
> <Issuer xmlns="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <Address xmlns="
> http://www.w3.org/2005/08/addressing">
> http://hostname/SecurityTokenService/username</Address>
> <Metadata xmlns="
> http://www.w3.org/2005/08/addressing">
> <Metadata xmlns="
> http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance">
> <wsx:MetadataSection xmlns="">
> <wsx:MetadataReference>
> <Address xmlns="
> http://www.w3.org/2005/08/addressing">
> http://hostname/SecurityTokenService/mex</Address>
> </wsx:MetadataReference>
> </wsx:MetadataSection>
> </Metadata>
> </Metadata>
> </Issuer>
> <sp:RequestSecurityTokenTemplate>
> <trust:TokenType xmlns:trust="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512">
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
> </trust:TokenType>
> <trust:KeyType xmlns:trust="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512">
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
> </trust:KeyType>
> <app:EpCode xmlns:app="
> http://www.foobar.com/app/ws-trust/2010/11">epCode</app:EpCode>
> </sp:RequestSecurityTokenTemplate>
> <wsp:Policy>
> <sp:RequireDerivedKeys/>
> <sp:RequireInternalReference/>
> </wsp:Policy>
> </sp:IssuedToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:EncryptSignature/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11>
> <wsp:Policy/>
> </sp:Wss11>
> <sp:Trust13>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust13>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> <sp:MustNotSendAmend/>
> </wsp:Policy>
> </sp:SecureConversationToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:EncryptSignature/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy/>
> </sp:Wss11>
> <sp:Trust13 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust13>
> <wsaw:UsingAddressing/>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> ________________________________________
> From: Colm O hEigeartaigh [coheig@gmail.com]
> Sent: Friday, January 17, 2014 4:51 AM
> To: users@cxf.apache.org
> Subject: Re: CXF client/WCF server interop
>
> Could you paste the security policy of the service + I will take a look?
>
> Colm.
>
>
> On Fri, Jan 17, 2014 at 2:22 AM, Walters, Jay M <jm...@bu.edu> wrote:
>
> > I have a third party MS WCF Webservice which is using some variant of
> STS,
> > that I have been trying to call from a CXF client. This is WSDL first.
> >
> > I have been trying the simple STS examples I find on the website and
> > around the network, I am not close to getting this type of packet with
> the
> > off the internet examples to reproduce this soap envelope which is sent
> to
> > the STS server by a Metro client or a C# client.
> >
> > Is this secure conversation? I expect there is a working example in the
> > source if somebody could point me towards it?
> >
> > Thanks in advance.
> >
> > <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
> > xmlns:wsse11="
> > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> > xmlns:wsse="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="
> > http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="
> > http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:xenc="
> > http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="
> > http://www.w3.org/2001/10/xml-exc-c14n#">
> > <S:Header>
> > <To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">
> > http://hostname:8030/SecurityTokenService/username</To>
> > <Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">
> > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
> > <ReplyTo xmlns="http://www.w3.org/2005/08/addressing"
> wsu:Id="_5005">
> > <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> > </ReplyTo>
> > <MessageID xmlns="http://www.w3.org/2005/08/addressing"
> > wsu:Id="_5004">uuid:fqef</MessageID>
> > <wsse:Security S:mustUnderstand="true">
> > <wsu:Timestamp xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_5">
> > <wsu:Created>2014-01-17T02:00:30Z</wsu:Created>
> > <wsu:Expires>2014-01-17T02:05:30Z</wsu:Expires>
> > </wsu:Timestamp>
> > <xenc:EncryptedKey xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5002">
> > <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
> > <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> "
> > xsi:type="KeyInfoType">
> > <wsse:SecurityTokenReference>
> > <wsse:KeyIdentifier ValueType="
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
> "
> > EncodingType="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> > ">fjkqefq=</wsse:KeyIdentifier>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> > <xenc:CipherValue>akjefefe</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedKey>
> > <ns19:DerivedKeyToken xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_5002" ValueType="
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > "/>
> > </wsse:SecurityTokenReference>
> > <ns19:Offset>0</ns19:Offset>
> > <ns19:Length>24</ns19:Length>
> > <ns19:Nonce>xyzzy</ns19:Nonce>
> > </ns19:DerivedKeyToken>
> > <ns19:DerivedKeyToken xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_4">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_5002" ValueType="
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > "/>
> > </wsse:SecurityTokenReference>
> > <ns19:Offset>0</ns19:Offset>
> > <ns19:Length>32</ns19:Length>
> > <ns19:Nonce>xyzzy</ns19:Nonce>
> > </ns19:DerivedKeyToken>
> > <xenc:ReferenceList xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/">
> > <xenc:DataReference URI="#_5010"/>
> > <xenc:DataReference URI="#_5011"/>
> > <xenc:DataReference URI="#_5012"/>
> > </xenc:ReferenceList>
> > <xenc:EncryptedData xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5012" Type="
> > http://www.w3.org/2001/04/xmlenc#Element">
> > <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> > <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> "
> > xsi:type="KeyInfoType">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_4"/>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> > <xenc:CipherValue>abc</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > <xenc:EncryptedData xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5011" Type="
> > http://www.w3.org/2001/04/xmlenc#Element">
> > <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> > <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> "
> > xsi:type="KeyInfoType">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_4"/>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> >
> >
> <xenc:CipherData><xenc:CipherValue>eqef</xenc:CipherValue></xenc:CipherData>
> > </xenc:EncryptedData>
> > </wsse:Security>
> > </S:Header>
> > <S:Body wsu:Id="_5008">
> > <xenc:EncryptedData xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5010" Type="
> > http://www.w3.org/2001/04/xmlenc#Content">
> > <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> > <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:type="KeyInfoType">
> > <wsse:SecurityTokenReference>
> > <wsse:Reference URI="#_4"/>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> > <xenc:CipherValue>bgdwd </xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </S:Body>
> > </S:Envelope>
> >
> >
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: CXF client/WCF server interop
Posted by "Walters, Jay M" <jm...@bu.edu>.
Hoping this is what you want. Even I can take a guess that SecureConversation looks to be part of my future, though I would appreciate any pointer to a specific example I can work with.
Thanks
<wsp:Policy wsu:Id="SomethingServiceHttp_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<Issuer xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<Address xmlns="http://www.w3.org/2005/08/addressing">http://hostname/SecurityTokenService/username</Address>
<Metadata xmlns="http://www.w3.org/2005/08/addressing">
<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<wsx:MetadataSection xmlns="">
<wsx:MetadataReference>
<Address xmlns="http://www.w3.org/2005/08/addressing">http://hostname/SecurityTokenService/mex</Address>
</wsx:MetadataReference>
</wsx:MetadataSection>
</Metadata>
</Metadata>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<trust:TokenType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</trust:TokenType>
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
<app:EpCode xmlns:app="http://www.foobar.com/app/ws-trust/2010/11">epCode</app:EpCode>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11>
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
</wsp:Policy>
</sp:BootstrapPolicy>
<sp:MustNotSendAmend/>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
________________________________________
From: Colm O hEigeartaigh [coheig@gmail.com]
Sent: Friday, January 17, 2014 4:51 AM
To: users@cxf.apache.org
Subject: Re: CXF client/WCF server interop
Could you paste the security policy of the service + I will take a look?
Colm.
On Fri, Jan 17, 2014 at 2:22 AM, Walters, Jay M <jm...@bu.edu> wrote:
> I have a third party MS WCF Webservice which is using some variant of STS,
> that I have been trying to call from a CXF client. This is WSDL first.
>
> I have been trying the simple STS examples I find on the website and
> around the network, I am not close to getting this type of packet with the
> off the internet examples to reproduce this soap envelope which is sent to
> the STS server by a Metro client or a C# client.
>
> Is this secure conversation? I expect there is a working example in the
> source if somebody could point me towards it?
>
> Thanks in advance.
>
> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="
> http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="
> http://www.w3.org/2001/10/xml-exc-c14n#">
> <S:Header>
> <To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">
> http://hostname:8030/SecurityTokenService/username</To>
> <Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
> <ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">
> <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> </ReplyTo>
> <MessageID xmlns="http://www.w3.org/2005/08/addressing"
> wsu:Id="_5004">uuid:fqef</MessageID>
> <wsse:Security S:mustUnderstand="true">
> <wsu:Timestamp xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_5">
> <wsu:Created>2014-01-17T02:00:30Z</wsu:Created>
> <wsu:Expires>2014-01-17T02:05:30Z</wsu:Expires>
> </wsu:Timestamp>
> <xenc:EncryptedKey xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5002">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> ">fjkqefq=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>akjefefe</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedKey>
> <ns19:DerivedKeyToken xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_5002" ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "/>
> </wsse:SecurityTokenReference>
> <ns19:Offset>0</ns19:Offset>
> <ns19:Length>24</ns19:Length>
> <ns19:Nonce>xyzzy</ns19:Nonce>
> </ns19:DerivedKeyToken>
> <ns19:DerivedKeyToken xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_4">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_5002" ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "/>
> </wsse:SecurityTokenReference>
> <ns19:Offset>0</ns19:Offset>
> <ns19:Length>32</ns19:Length>
> <ns19:Nonce>xyzzy</ns19:Nonce>
> </ns19:DerivedKeyToken>
> <xenc:ReferenceList xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/">
> <xenc:DataReference URI="#_5010"/>
> <xenc:DataReference URI="#_5011"/>
> <xenc:DataReference URI="#_5012"/>
> </xenc:ReferenceList>
> <xenc:EncryptedData xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5012" Type="
> http://www.w3.org/2001/04/xmlenc#Element">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_4"/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>abc</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> <xenc:EncryptedData xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5011" Type="
> http://www.w3.org/2001/04/xmlenc#Element">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_4"/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
>
> <xenc:CipherData><xenc:CipherValue>eqef</xenc:CipherValue></xenc:CipherData>
> </xenc:EncryptedData>
> </wsse:Security>
> </S:Header>
> <S:Body wsu:Id="_5008">
> <xenc:EncryptedData xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5010" Type="
> http://www.w3.org/2001/04/xmlenc#Content">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_4"/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>bgdwd </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </S:Body>
> </S:Envelope>
>
>
Re: CXF client/WCF server interop
Posted by Colm O hEigeartaigh <co...@gmail.com>.
Could you paste the security policy of the service + I will take a look?
Colm.
On Fri, Jan 17, 2014 at 2:22 AM, Walters, Jay M <jm...@bu.edu> wrote:
> I have a third party MS WCF Webservice which is using some variant of STS,
> that I have been trying to call from a CXF client. This is WSDL first.
>
> I have been trying the simple STS examples I find on the website and
> around the network, I am not close to getting this type of packet with the
> off the internet examples to reproduce this soap envelope which is sent to
> the STS server by a Metro client or a C# client.
>
> Is this secure conversation? I expect there is a working example in the
> source if somebody could point me towards it?
>
> Thanks in advance.
>
> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="
> http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="
> http://www.w3.org/2001/10/xml-exc-c14n#">
> <S:Header>
> <To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">
> http://hostname:8030/SecurityTokenService/username</To>
> <Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
> <ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">
> <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> </ReplyTo>
> <MessageID xmlns="http://www.w3.org/2005/08/addressing"
> wsu:Id="_5004">uuid:fqef</MessageID>
> <wsse:Security S:mustUnderstand="true">
> <wsu:Timestamp xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_5">
> <wsu:Created>2014-01-17T02:00:30Z</wsu:Created>
> <wsu:Expires>2014-01-17T02:05:30Z</wsu:Expires>
> </wsu:Timestamp>
> <xenc:EncryptedKey xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5002">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> ">fjkqefq=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>akjefefe</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedKey>
> <ns19:DerivedKeyToken xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_5002" ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "/>
> </wsse:SecurityTokenReference>
> <ns19:Offset>0</ns19:Offset>
> <ns19:Length>24</ns19:Length>
> <ns19:Nonce>xyzzy</ns19:Nonce>
> </ns19:DerivedKeyToken>
> <ns19:DerivedKeyToken xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_4">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_5002" ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "/>
> </wsse:SecurityTokenReference>
> <ns19:Offset>0</ns19:Offset>
> <ns19:Length>32</ns19:Length>
> <ns19:Nonce>xyzzy</ns19:Nonce>
> </ns19:DerivedKeyToken>
> <xenc:ReferenceList xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/">
> <xenc:DataReference URI="#_5010"/>
> <xenc:DataReference URI="#_5011"/>
> <xenc:DataReference URI="#_5012"/>
> </xenc:ReferenceList>
> <xenc:EncryptedData xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5012" Type="
> http://www.w3.org/2001/04/xmlenc#Element">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_4"/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>abc</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> <xenc:EncryptedData xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5011" Type="
> http://www.w3.org/2001/04/xmlenc#Element">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_4"/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
>
> <xenc:CipherData><xenc:CipherValue>eqef</xenc:CipherValue></xenc:CipherData>
> </xenc:EncryptedData>
> </wsse:Security>
> </S:Header>
> <S:Body wsu:Id="_5008">
> <xenc:EncryptedData xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5010" Type="
> http://www.w3.org/2001/04/xmlenc#Content">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_4"/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>bgdwd </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </S:Body>
> </S:Envelope>
>
>
Re: CXF client/WCF server interop
Posted by Colm O hEigeartaigh <co...@apache.org>.
Could you paste the security policy of the service + I will take a look?
Colm.
On Fri, Jan 17, 2014 at 2:22 AM, Walters, Jay M <jm...@bu.edu> wrote:
> I have a third party MS WCF Webservice which is using some variant of STS,
> that I have been trying to call from a CXF client. This is WSDL first.
>
> I have been trying the simple STS examples I find on the website and
> around the network, I am not close to getting this type of packet with the
> off the internet examples to reproduce this soap envelope which is sent to
> the STS server by a Metro client or a C# client.
>
> Is this secure conversation? I expect there is a working example in the
> source if somebody could point me towards it?
>
> Thanks in advance.
>
> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="
> http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="
> http://www.w3.org/2001/10/xml-exc-c14n#">
> <S:Header>
> <To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">
> http://hostname:8030/SecurityTokenService/username</To>
> <Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
> <ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">
> <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> </ReplyTo>
> <MessageID xmlns="http://www.w3.org/2005/08/addressing"
> wsu:Id="_5004">uuid:fqef</MessageID>
> <wsse:Security S:mustUnderstand="true">
> <wsu:Timestamp xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_5">
> <wsu:Created>2014-01-17T02:00:30Z</wsu:Created>
> <wsu:Expires>2014-01-17T02:05:30Z</wsu:Expires>
> </wsu:Timestamp>
> <xenc:EncryptedKey xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5002">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> ">fjkqefq=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>akjefefe</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedKey>
> <ns19:DerivedKeyToken xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_5002" ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "/>
> </wsse:SecurityTokenReference>
> <ns19:Offset>0</ns19:Offset>
> <ns19:Length>24</ns19:Length>
> <ns19:Nonce>xyzzy</ns19:Nonce>
> </ns19:DerivedKeyToken>
> <ns19:DerivedKeyToken xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_4">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_5002" ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "/>
> </wsse:SecurityTokenReference>
> <ns19:Offset>0</ns19:Offset>
> <ns19:Length>32</ns19:Length>
> <ns19:Nonce>xyzzy</ns19:Nonce>
> </ns19:DerivedKeyToken>
> <xenc:ReferenceList xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/">
> <xenc:DataReference URI="#_5010"/>
> <xenc:DataReference URI="#_5011"/>
> <xenc:DataReference URI="#_5012"/>
> </xenc:ReferenceList>
> <xenc:EncryptedData xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5012" Type="
> http://www.w3.org/2001/04/xmlenc#Element">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_4"/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>abc</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> <xenc:EncryptedData xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5011" Type="
> http://www.w3.org/2001/04/xmlenc#Element">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_4"/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
>
> <xenc:CipherData><xenc:CipherValue>eqef</xenc:CipherValue></xenc:CipherData>
> </xenc:EncryptedData>
> </wsse:Security>
> </S:Header>
> <S:Body wsu:Id="_5008">
> <xenc:EncryptedData xmlns:ns20="
> http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5010" Type="
> http://www.w3.org/2001/04/xmlenc#Content">
> <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="KeyInfoType">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#_4"/>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>bgdwd </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </S:Body>
> </S:Envelope>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com