You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by Montebove Luciano <L....@finsiel.it> on 2006/07/11 16:34:44 UTC

Problem with SAML token with "sender vouches" option

I'm trying to use a SAML token with WSS4J with the "sender vouches"
option.
I followed the configuration tips in the interop files but while the
client generate the assertion and sign both the assertion and the body
of the message, server side I can verify only the body sign while I get
always an error for the assertion sign:
 
16:08:51,515 WARN  [Reference] Verification failed for URI
"#STRSAMLId-136"
16:08:51,515 INFO  [Reference] Verification successful for URI "#id-137"
16:08:51,531 INFO  [STDOUT] org.apache.ws.security.WSSecurityException:
The sign
ature verification failed
16:08:51,531 INFO  [STDOUT]     at
org.apache.ws.security.processor.SignaturePro
cessor.verifyXMLSignature(SignatureProcessor.java:327)
 
My Axis configuration client side is:
   <requestFlow >
    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
                    <parameter name="action" value="Timestamp
SAMLTokenSigned"/>
                    <parameter name="samlPropFile"
value="saml3.properties"/>
                    <parameter name="signatureKeyIdentifier"
                               value="DirectReference"/>
</handler>
   </requestFlow >
 
and server side is:
   <requestFlow>
   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
    <parameter name="action" value="Timestamp Signature
SAMLTokenUnsigned"/>
    <parameter name="signaturePropFile" value="pa-crypto.properties" />
   </handler>
  </requestFlow>
 
Quite strange if I use the "keyHolder" option (with little changes to
the Axis configuration as described in interop files)  all works fine
with the same keystore.
 
Thanks
 
Luciano Montebove