You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Freddy Weishaeupl <fr...@hotmail.com> on 2007/03/23 15:17:58 UTC
Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Hi,
currently I'm trying to use a .NET Client to access a Java webservice. At
the .NET side I use the Microsoft WSE 3.0 implementation to sign and encrypt
the SOAP Body of the SOAP request message. At server-side WSS4J is used for
checking the signature and decrypting the SOAP Message.
I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package.
Unfortunately at server-side I always get the following error message:
-----------------------------------------------------------------------------------------------------------------
...
[23.03.2007 14:53:37] [DEBUG]
[org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
"http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
HmacSHA1"
[23.03.2007 14:53:37] [DEBUG]
[org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request
for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
[23.03.2007 14:53:37] [DEBUG]
[org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
Created IntegrityHmacSHA1 using HmacSHA1
[23.03.2007 14:53:37] [DEBUG]
[org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
"null")
[23.03.2007 14:53:37] [DEBUG]
[org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
org.apache.ws.security.WSSecurityException: Referenced security token could
not be retrieved. (Reference
"#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
at
org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
...
-----------------------------------------------------------------------------------------------------------------------------------------
Any ideas what's the problem here? Has anyone already tested WSE3.0 in
combination with WSS4J?
Thanks.
Best Regards
Freddy
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
The request from the .NET client uses a signature that uses the the
key available in the "EncryptedKey" structure to sign using hmac-sha1.
WSS4J doesn't support this at the moment.
Thanks,
Ruchith
On 3/26/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> Hi Ruchith,
>
> thanks for your answer. Here is my the SOAP request message from the .NET
> client side:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:wsse="http://docs
> .oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.
> org/2001/XMLSchema-instance">
> <soap:Header>
> <wsa:Action />
> <wsa:MessageID>
> urn:uuid:336e0fac-2ec9-4764-807f-85f910bb3a43
> </wsa:MessageID>
> <wsa:ReplyTo>
> <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> </wsa:ReplyTo>
> <wsa:To>
> http://lt0085.muc:7511/wss4j/services/simple_webservice
> </wsa:To>
> <wsse:Security soap:mustUnderstand="1">
> <wsu:Timestamp
> wsu:Id="Timestamp-1df6d91a-682a-4c6f-ae3e-f5e633d02bd8">
> <wsu:Created>2007-03-26T07:04:06Z</wsu:Created>
> <wsu:Expires>2007-03-26T07:09:06Z</wsu:Expires>
> </wsu:Timestamp>
> <xenc:EncryptedKey
> Id="SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509Subject
> KeyIdentifier">
> CuJdE1B2dUFd1dkLZSzQ5vj6MYg=
> </wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>
> BLw6Yq5pDJzZ35jlBZr1d4HcjP2+CxDP3teDZlmRH1a9D2kMcav0P5sdDeNiOB2v3oFglbeY0+2bHyx8/CEG09Ib+AWBdmBL5Hd3nA8oPhFXXbKL5wephlTOKZmwMJ83QnPMOaGRmiDEYlIUPzq59P37qTxd9sFzUXksBhga2Cg=
> </xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
> URI="#Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
> <Reference
> URI="#Id-03903826-2208-4b5f-9ffd-954a0a5085a7">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>
> OmO33V9Um/jr91cGFibiz+zUO/E=
> </DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>
> wpxb8M16R3dSGZIU4nTjv4quYxU=
> </SignatureValue>
> <KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference
> URI="#SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf"
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
> />
> </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:Body wsu:Id="Id-03903826-2208-4b5f-9ffd-954a0a5085a7">
> <xenc:EncryptedData
> Id="Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac"
> Type="http://www.w3.org/2001/04/xmlenc#Content"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <xenc:CipherData>
> <xenc:CipherValue>
> Naz3DviV7qFJkcnwgKRpN85TdE5a65mA/NEyQXPVkI4=
> </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soap:Body>
> </soap:Envelope>
>
>
> >From: "Ruchith Fernando" <ru...@gmail.com>
> >To: "Freddy Weishaeupl" <fr...@hotmail.com>
> >CC: wss4j-dev@ws.apache.org
> >Subject: Re: Interop WSE 3.0 and WSS4J - Referenced security token could
> >not be retrieved
> >Date: Sun, 25 Mar 2007 13:05:29 +0530
> >
> >Hi,
> >
> >Can you please post the message that the java service gets from the .NET
> >client?
> >
> >Thanks,
> >Ruchith
> >
> >On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> >>Hi,
> >>
> >>currently I'm trying to use a .NET Client to access a Java webservice. At
> >>the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> >>encrypt
> >>the SOAP Body of the SOAP request message. At server-side WSS4J is used
> >>for
> >>checking the signature and decrypting the SOAP Message.
> >>
> >>I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package.
> >>
> >>Unfortunately at server-side I always get the following error message:
> >>-----------------------------------------------------------------------------------------------------------------
> >>...
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
> >>"http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >>org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> >>HmacSHA1"
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request
> >>for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
> >>Created IntegrityHmacSHA1 using HmacSHA1
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
> >>"null")
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
> >>Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> >>org.apache.ws.security.WSSecurityException: Referenced security token
> >>could
> >>not be retrieved. (Reference
> >>"#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> >> at
> >>org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
> >> at
> >>org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
> >>...
> >>-----------------------------------------------------------------------------------------------------------------------------------------
> >>
> >>
> >>Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> >>combination with WSS4J?
> >>
> >>Thanks.
> >>
> >>Best Regards
> >>Freddy
> >>
> >>_________________________________________________________________
> >>Express yourself instantly with MSN Messenger! Download today it's FREE!
> >>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
> >--
> >www.ruchith.org
> >www.wso2.org
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
>
> _________________________________________________________________
> Don't just search. Find. Check out the new MSN Search!
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by José Ferreiro <jo...@gmail.com>.
Hello Freddy,
In order to interoperate with .net.
YOu should also use timestamp because .net add it by default
<parameter name="action" value="Signature Encrypt" />
then this line in wsdd should include timestamp
<parameter name="action" value="Timestamp Signature Encrypt" />
what i cannot say is where timestamp is it placed...
it could be also
<parameter name="action" value="Signature Timestamp Encrypt" />
or
<parameter name="action" value="Signature Encrypt Timestamp" />
well i see that from the wsdd file you don't give an responseflow.
bcse I know the .net client needs the timestamp from the Java is you send a
responseFlow to the client.
Please let me know if you make it working!
Thank you so much.
On 3/26/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
>
> Hi Jose,
>
> sure here it comes:
>
> server-config.wsdd:
> ...
> <service name="simple_webservice" provider="java:RPC" style="document"
> use="literal">
> <requestFlow>
> <handler
> type="java:
> org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="passwordCallbackClass"
> value="
> com.bmw.security.wss4j.callback.PWCallback" />
> <parameter name="action" value="Signature Encrypt"
> />
> <parameter name="signaturePropFile"
> value="crypto.properties" />
>
> <parameter name="decryptionUser" value="alice" />
> <parameter name="encryptionUser" value="alice" />
> <parameter name="user" value="bob" />
> <parameter name="encryptionKeyIdentifier"
> value="X509KeyIdentifier" />
> <parameter name="decryptionKeyIdentifier"
> value="X509KeyIdentifier" />
> <parameter name="signatureKeyIdentifier"
> value="X509KeyIdentifier" />
> <parameter name="encryptionSymAlgorithm"
> value="
> http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> </handler>
> </requestFlow>
> <parameter name="className"
> value="com.bmw.wss.test.webservice.SimpleWebservice" />
> <parameter name="allowedMethods" value="*" />
> <parameter name="scope" value="application" />
> </service>
> ...
>
> My crypto.properties looks as follows:
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=password
> org.apache.ws.security.crypto.merlin.keystore.alias=alice
> org.apache.ws.security.crypto.merlin.file=interop2.jks
>
> Hope this helps :)
>
>
>
> >From: "José Ferreiro" <jo...@gmail.com>
> >To: "Ruchith Fernando" <ru...@gmail.com>,
> >wss4j-dev@ws.apache.org, freddyweishaeupl@hotmail.com
> >Subject: Re: Interop WSE 3.0 and WSS4J - Referenced security token could
> >not be retrieved
> >Date: Sun, 25 Mar 2007 20:25:38 +0200
> >
> >Hello,
> >
> >I am trying also but having some difficulties with The keygeneration for
> >the
> >.net side.
> >
> >I used keytool to generate the keys.
> >Then I converted the keys from keytool in pfx format.
> >I succeeded to install those keys in windows keystore.
> >
> >Fernando may you tell me how are generated the key for Alice and Bob to
> pfx
> >format?
> >In which format are stored the key in the javakey store, JKS format?
> >
> >
> >Freeddy,
> >May you show me your wssd deployment in the java server side?
> >
> >Thank you in advance to you both.
> >
> >
> >
> >On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
> >>
> >>Hi,
> >>
> >>Can you please post the message that the java service gets from the .NET
> >>client?
> >>
> >>Thanks,
> >>Ruchith
> >>
> >>On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> >> > Hi,
> >> >
> >> > currently I'm trying to use a .NET Client to access a Java
> webservice.
> >>At
> >> > the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> >>encrypt
> >> > the SOAP Body of the SOAP request message. At server-side WSS4J is
> used
> >>for
> >> > checking the signature and decrypting the SOAP Message.
> >> >
> >> > I'm using the interop certificates (Alice&Bob) of the WSS4J
> >>1.5.1package.
> >> >
> >> > Unfortunately at server-side I always get the following error
> message:
> >> >
>
> >>-----------------------------------------------------------------------------------------------------------------
> >> > ...
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
> >>URI
> >> > "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >> >
> >>
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> >> > HmacSHA1"
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
> >>Request
> >> > for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> >>.<init>]
> >> > Created IntegrityHmacSHA1 using HmacSHA1
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [org.apache.xml.security.utils.ElementProxy.<init>]
> >>setElement("KeyInfo",
> >> > "null")
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [
> >>
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> >>]
> >> > Token reference uri:
> >>#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> >> > org.apache.ws.security.WSSecurityException: Referenced security token
> >>could
> >> > not be retrieved. (Reference
> >> > "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> >> > at
> >> >
> >>
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> >>(SecurityTokenReference.java:179)
> >> > at
> >> >
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> >>SignatureProcessor.java:186)
> >> > ...
> >> >
>
> >>-----------------------------------------------------------------------------------------------------------------------------------------
> >> >
> >> >
> >> > Any ideas what's the problem here? Has anyone already tested WSE3.0in
> >> > combination with WSS4J?
> >> >
> >> > Thanks.
> >> >
> >> > Best Regards
> >> > Freddy
> >> >
> >> > _________________________________________________________________
> >> > Express yourself instantly with MSN Messenger! Download today it's
> >>FREE!
> >> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >> >
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >> >
> >> >
> >>
> >>
> >>--
> >>www.ruchith.org
> >>www.wso2.org
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
> >--
> >José Ferreiro
> >EPFL Communication Systems engineer
> >ing.sys.com.dipl.EPFL
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by José Ferreiro <jo...@gmail.com>.
Hello Freddy,
In order to interoperate with .net.
YOu should also use timestamp because .net add it by default
<parameter name="action" value="Signature Encrypt" />
then this line in wsdd should include timestamp
<parameter name="action" value="Timestamp Signature Encrypt" />
what i cannot say is where timestamp is it placed...
it could be also
<parameter name="action" value="Signature Timestamp Encrypt" />
or
<parameter name="action" value="Signature Encrypt Timestamp" />
well i see that from the wsdd file you don't give an responseflow.
bcse I know the .net client needs the timestamp from the Java is you send a
responseFlow to the client.
Please let me know if you make it working!
Thank you so much.
On 3/26/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
>
> Hi Jose,
>
> sure here it comes:
>
> server-config.wsdd:
> ...
> <service name="simple_webservice" provider="java:RPC" style="document"
> use="literal">
> <requestFlow>
> <handler
> type="java:
> org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="passwordCallbackClass"
> value="
> com.bmw.security.wss4j.callback.PWCallback" />
> <parameter name="action" value="Signature Encrypt"
> />
> <parameter name="signaturePropFile"
> value="crypto.properties" />
>
> <parameter name="decryptionUser" value="alice" />
> <parameter name="encryptionUser" value="alice" />
> <parameter name="user" value="bob" />
> <parameter name="encryptionKeyIdentifier"
> value="X509KeyIdentifier" />
> <parameter name="decryptionKeyIdentifier"
> value="X509KeyIdentifier" />
> <parameter name="signatureKeyIdentifier"
> value="X509KeyIdentifier" />
> <parameter name="encryptionSymAlgorithm"
> value="
> http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> </handler>
> </requestFlow>
> <parameter name="className"
> value="com.bmw.wss.test.webservice.SimpleWebservice" />
> <parameter name="allowedMethods" value="*" />
> <parameter name="scope" value="application" />
> </service>
> ...
>
> My crypto.properties looks as follows:
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=password
> org.apache.ws.security.crypto.merlin.keystore.alias=alice
> org.apache.ws.security.crypto.merlin.file=interop2.jks
>
> Hope this helps :)
>
>
>
> >From: "José Ferreiro" <jo...@gmail.com>
> >To: "Ruchith Fernando" <ru...@gmail.com>,
> >wss4j-dev@ws.apache.org, freddyweishaeupl@hotmail.com
> >Subject: Re: Interop WSE 3.0 and WSS4J - Referenced security token could
> >not be retrieved
> >Date: Sun, 25 Mar 2007 20:25:38 +0200
> >
> >Hello,
> >
> >I am trying also but having some difficulties with The keygeneration for
> >the
> >.net side.
> >
> >I used keytool to generate the keys.
> >Then I converted the keys from keytool in pfx format.
> >I succeeded to install those keys in windows keystore.
> >
> >Fernando may you tell me how are generated the key for Alice and Bob to
> pfx
> >format?
> >In which format are stored the key in the javakey store, JKS format?
> >
> >
> >Freeddy,
> >May you show me your wssd deployment in the java server side?
> >
> >Thank you in advance to you both.
> >
> >
> >
> >On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
> >>
> >>Hi,
> >>
> >>Can you please post the message that the java service gets from the .NET
> >>client?
> >>
> >>Thanks,
> >>Ruchith
> >>
> >>On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> >> > Hi,
> >> >
> >> > currently I'm trying to use a .NET Client to access a Java
> webservice.
> >>At
> >> > the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> >>encrypt
> >> > the SOAP Body of the SOAP request message. At server-side WSS4J is
> used
> >>for
> >> > checking the signature and decrypting the SOAP Message.
> >> >
> >> > I'm using the interop certificates (Alice&Bob) of the WSS4J
> >>1.5.1package.
> >> >
> >> > Unfortunately at server-side I always get the following error
> message:
> >> >
>
> >>-----------------------------------------------------------------------------------------------------------------
> >> > ...
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
> >>URI
> >> > "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >> >
> >>
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> >> > HmacSHA1"
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
> >>Request
> >> > for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> >>.<init>]
> >> > Created IntegrityHmacSHA1 using HmacSHA1
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [org.apache.xml.security.utils.ElementProxy.<init>]
> >>setElement("KeyInfo",
> >> > "null")
> >> > [23.03.2007 14:53:37] [DEBUG]
> >> > [
> >>
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> >>]
> >> > Token reference uri:
> >>#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> >> > org.apache.ws.security.WSSecurityException: Referenced security token
> >>could
> >> > not be retrieved. (Reference
> >> > "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> >> > at
> >> >
> >>
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> >>(SecurityTokenReference.java:179)
> >> > at
> >> >
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> >>SignatureProcessor.java:186)
> >> > ...
> >> >
>
> >>-----------------------------------------------------------------------------------------------------------------------------------------
> >> >
> >> >
> >> > Any ideas what's the problem here? Has anyone already tested WSE3.0in
> >> > combination with WSS4J?
> >> >
> >> > Thanks.
> >> >
> >> > Best Regards
> >> > Freddy
> >> >
> >> > _________________________________________________________________
> >> > Express yourself instantly with MSN Messenger! Download today it's
> >>FREE!
> >> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >> >
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >> >
> >> >
> >>
> >>
> >>--
> >>www.ruchith.org
> >>www.wso2.org
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
> >--
> >José Ferreiro
> >EPFL Communication Systems engineer
> >ing.sys.com.dipl.EPFL
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Ruchith Fernando <ru...@gmail.com>.
I think pfx is a PKCS12 keystore with a private key in it. You can
create this sort of a keystore with java keytool by specifying the
"-storetype" to be "PKCS12".
Thanks,
Ruchith
p.s. For some more info on using keystores :
http://wso2.org/library/174
On 3/25/07, José Ferreiro <jo...@gmail.com> wrote:
> Hello,
>
> I am trying also but having some difficulties with The keygeneration for the
> .net side.
>
> I used keytool to generate the keys.
> Then I converted the keys from keytool in pfx format.
> I succeeded to install those keys in windows keystore.
>
> Fernando may you tell me how are generated the key for Alice and Bob to pfx
> format?
> In which format are stored the key in the javakey store, JKS format?
>
>
> Freeddy,
> May you show me your wssd deployment in the java server side?
>
>
> Thank you in advance to you both.
>
>
>
>
> On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > Hi,
> >
> > Can you please post the message that the java service gets from the .NET
> client?
> >
> > Thanks,
> > Ruchith
> >
> > On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> > > Hi,
> > >
> > > currently I'm trying to use a .NET Client to access a Java webservice.
> At
> > > the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> encrypt
> > > the SOAP Body of the SOAP request message. At server-side WSS4J is used
> for
> > > checking the signature and decrypting the SOAP Message.
> > >
> > > I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
> package.
> > >
> > > Unfortunately at server-side I always get the following error message:
> > >
> -----------------------------------------------------------------------------------------------------------------
> > > ...
> > > [23.03.2007 14:53:37] [DEBUG]
> > >
> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>]
> Create URI
> > > "http://www.w3.org/2000/09/xmldsig#hmac-sha1 " class
> "class
> > >
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> > > HmacSHA1"
> > > [23.03.2007 14:53:37] [DEBUG]
> > >
> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID
> ] Request
> > > for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> > > [23.03.2007 14:53:37] [DEBUG]
> > >
> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> .<init>]
> > > Created IntegrityHmacSHA1 using HmacSHA1
> > > [23.03.2007 14:53:37] [DEBUG]
> > > [org.apache.xml.security.utils.ElementProxy.<init>]
> setElement("KeyInfo",
> > > "null")
> > > [23.03.2007 14:53:37] [DEBUG]
> > >
> [org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
> > > Token reference uri:
> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> > > org.apache.ws.security.WSSecurityException : Referenced
> security token could
> > > not be retrieved. (Reference
> > > "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> > > at
> > >
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> (SecurityTokenReference.java:179)
> > > at
> > >
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
> > > ...
> > >
> -----------------------------------------------------------------------------------------------------------------------------------------
> > >
> > >
> > > Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> > > combination with WSS4J?
> > >
> > > Thanks.
> > >
> > > Best Regards
> > > Freddy
> > >
> > >
> _________________________________________________________________
> > > Express yourself instantly with MSN Messenger! Download today it's FREE!
> > >
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
>
> --
> José Ferreiro
> EPFL Communication Systems engineer
> ing.sys.com.dipl.EPFL
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Ruchith Fernando <ru...@gmail.com>.
I think pfx is a PKCS12 keystore with a private key in it. You can
create this sort of a keystore with java keytool by specifying the
"-storetype" to be "PKCS12".
Thanks,
Ruchith
p.s. For some more info on using keystores :
http://wso2.org/library/174
On 3/25/07, José Ferreiro <jo...@gmail.com> wrote:
> Hello,
>
> I am trying also but having some difficulties with The keygeneration for the
> .net side.
>
> I used keytool to generate the keys.
> Then I converted the keys from keytool in pfx format.
> I succeeded to install those keys in windows keystore.
>
> Fernando may you tell me how are generated the key for Alice and Bob to pfx
> format?
> In which format are stored the key in the javakey store, JKS format?
>
>
> Freeddy,
> May you show me your wssd deployment in the java server side?
>
>
> Thank you in advance to you both.
>
>
>
>
> On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > Hi,
> >
> > Can you please post the message that the java service gets from the .NET
> client?
> >
> > Thanks,
> > Ruchith
> >
> > On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> > > Hi,
> > >
> > > currently I'm trying to use a .NET Client to access a Java webservice.
> At
> > > the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> encrypt
> > > the SOAP Body of the SOAP request message. At server-side WSS4J is used
> for
> > > checking the signature and decrypting the SOAP Message.
> > >
> > > I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
> package.
> > >
> > > Unfortunately at server-side I always get the following error message:
> > >
> -----------------------------------------------------------------------------------------------------------------
> > > ...
> > > [23.03.2007 14:53:37] [DEBUG]
> > >
> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>]
> Create URI
> > > "http://www.w3.org/2000/09/xmldsig#hmac-sha1 " class
> "class
> > >
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> > > HmacSHA1"
> > > [23.03.2007 14:53:37] [DEBUG]
> > >
> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID
> ] Request
> > > for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> > > [23.03.2007 14:53:37] [DEBUG]
> > >
> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> .<init>]
> > > Created IntegrityHmacSHA1 using HmacSHA1
> > > [23.03.2007 14:53:37] [DEBUG]
> > > [org.apache.xml.security.utils.ElementProxy.<init>]
> setElement("KeyInfo",
> > > "null")
> > > [23.03.2007 14:53:37] [DEBUG]
> > >
> [org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
> > > Token reference uri:
> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> > > org.apache.ws.security.WSSecurityException : Referenced
> security token could
> > > not be retrieved. (Reference
> > > "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> > > at
> > >
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> (SecurityTokenReference.java:179)
> > > at
> > >
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
> > > ...
> > >
> -----------------------------------------------------------------------------------------------------------------------------------------
> > >
> > >
> > > Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> > > combination with WSS4J?
> > >
> > > Thanks.
> > >
> > > Best Regards
> > > Freddy
> > >
> > >
> _________________________________________________________________
> > > Express yourself instantly with MSN Messenger! Download today it's FREE!
> > >
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
>
> --
> José Ferreiro
> EPFL Communication Systems engineer
> ing.sys.com.dipl.EPFL
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Freddy Weishaeupl <fr...@hotmail.com>.
Hi Jose,
sure here it comes:
server-config.wsdd:
...
<service name="simple_webservice" provider="java:RPC" style="document"
use="literal">
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="com.bmw.security.wss4j.callback.PWCallback" />
<parameter name="action" value="Signature Encrypt" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="decryptionUser" value="alice" />
<parameter name="encryptionUser" value="alice" />
<parameter name="user" value="bob" />
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier" />
<parameter name="decryptionKeyIdentifier"
value="X509KeyIdentifier" />
<parameter name="signatureKeyIdentifier"
value="X509KeyIdentifier" />
<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</handler>
</requestFlow>
<parameter name="className"
value="com.bmw.wss.test.webservice.SimpleWebservice" />
<parameter name="allowedMethods" value="*" />
<parameter name="scope" value="application" />
</service>
...
My crypto.properties looks as follows:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=alice
org.apache.ws.security.crypto.merlin.file=interop2.jks
Hope this helps :)
>From: "JosĂŠ Ferreiro" <jo...@gmail.com>
>To: "Ruchith Fernando" <ru...@gmail.com>,
>wss4j-dev@ws.apache.org, freddyweishaeupl@hotmail.com
>Subject: Re: Interop WSE 3.0 and WSS4J - Referenced security token could
>not be retrieved
>Date: Sun, 25 Mar 2007 20:25:38 +0200
>
>Hello,
>
>I am trying also but having some difficulties with The keygeneration for
>the
>.net side.
>
>I used keytool to generate the keys.
>Then I converted the keys from keytool in pfx format.
>I succeeded to install those keys in windows keystore.
>
>Fernando may you tell me how are generated the key for Alice and Bob to pfx
>format?
>In which format are stored the key in the javakey store, JKS format?
>
>
>Freeddy,
>May you show me your wssd deployment in the java server side?
>
>Thank you in advance to you both.
>
>
>
>On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
>>
>>Hi,
>>
>>Can you please post the message that the java service gets from the .NET
>>client?
>>
>>Thanks,
>>Ruchith
>>
>>On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
>> > Hi,
>> >
>> > currently I'm trying to use a .NET Client to access a Java webservice.
>>At
>> > the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>>encrypt
>> > the SOAP Body of the SOAP request message. At server-side WSS4J is used
>>for
>> > checking the signature and decrypting the SOAP Message.
>> >
>> > I'm using the interop certificates (Alice&Bob) of the WSS4J
>>1.5.1package.
>> >
>> > Unfortunately at server-side I always get the following error message:
>> >
>>-----------------------------------------------------------------------------------------------------------------
>> > ...
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
>>URI
>> > "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>> >
>>org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>> > HmacSHA1"
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
>>Request
>> > for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [org.apache.xml.security.algorithms.implementations.IntegrityHmac
>>.<init>]
>> > Created IntegrityHmacSHA1 using HmacSHA1
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [org.apache.xml.security.utils.ElementProxy.<init>]
>>setElement("KeyInfo",
>> > "null")
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [
>>org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>>]
>> > Token reference uri:
>>#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>> > org.apache.ws.security.WSSecurityException: Referenced security token
>>could
>> > not be retrieved. (Reference
>> > "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> > at
>> >
>>org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>>(SecurityTokenReference.java:179)
>> > at
>> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
>>SignatureProcessor.java:186)
>> > ...
>> >
>>-----------------------------------------------------------------------------------------------------------------------------------------
>> >
>> >
>> > Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>> > combination with WSS4J?
>> >
>> > Thanks.
>> >
>> > Best Regards
>> > Freddy
>> >
>> > _________________________________________________________________
>> > Express yourself instantly with MSN Messenger! Download today it's
>>FREE!
>> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>> >
>> >
>>
>>
>>--
>>www.ruchith.org
>>www.wso2.org
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>--
>JosĂŠ Ferreiro
>EPFL Communication Systems engineer
>ing.sys.com.dipl.EPFL
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Freddy Weishaeupl <fr...@hotmail.com>.
Hi Jose,
sure here it comes:
server-config.wsdd:
...
<service name="simple_webservice" provider="java:RPC" style="document"
use="literal">
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="com.bmw.security.wss4j.callback.PWCallback" />
<parameter name="action" value="Signature Encrypt" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="decryptionUser" value="alice" />
<parameter name="encryptionUser" value="alice" />
<parameter name="user" value="bob" />
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier" />
<parameter name="decryptionKeyIdentifier"
value="X509KeyIdentifier" />
<parameter name="signatureKeyIdentifier"
value="X509KeyIdentifier" />
<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</handler>
</requestFlow>
<parameter name="className"
value="com.bmw.wss.test.webservice.SimpleWebservice" />
<parameter name="allowedMethods" value="*" />
<parameter name="scope" value="application" />
</service>
...
My crypto.properties looks as follows:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=alice
org.apache.ws.security.crypto.merlin.file=interop2.jks
Hope this helps :)
>From: "JosĂŠ Ferreiro" <jo...@gmail.com>
>To: "Ruchith Fernando" <ru...@gmail.com>,
>wss4j-dev@ws.apache.org, freddyweishaeupl@hotmail.com
>Subject: Re: Interop WSE 3.0 and WSS4J - Referenced security token could
>not be retrieved
>Date: Sun, 25 Mar 2007 20:25:38 +0200
>
>Hello,
>
>I am trying also but having some difficulties with The keygeneration for
>the
>.net side.
>
>I used keytool to generate the keys.
>Then I converted the keys from keytool in pfx format.
>I succeeded to install those keys in windows keystore.
>
>Fernando may you tell me how are generated the key for Alice and Bob to pfx
>format?
>In which format are stored the key in the javakey store, JKS format?
>
>
>Freeddy,
>May you show me your wssd deployment in the java server side?
>
>Thank you in advance to you both.
>
>
>
>On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
>>
>>Hi,
>>
>>Can you please post the message that the java service gets from the .NET
>>client?
>>
>>Thanks,
>>Ruchith
>>
>>On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
>> > Hi,
>> >
>> > currently I'm trying to use a .NET Client to access a Java webservice.
>>At
>> > the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>>encrypt
>> > the SOAP Body of the SOAP request message. At server-side WSS4J is used
>>for
>> > checking the signature and decrypting the SOAP Message.
>> >
>> > I'm using the interop certificates (Alice&Bob) of the WSS4J
>>1.5.1package.
>> >
>> > Unfortunately at server-side I always get the following error message:
>> >
>>-----------------------------------------------------------------------------------------------------------------
>> > ...
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
>>URI
>> > "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>> >
>>org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>> > HmacSHA1"
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
>>Request
>> > for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [org.apache.xml.security.algorithms.implementations.IntegrityHmac
>>.<init>]
>> > Created IntegrityHmacSHA1 using HmacSHA1
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [org.apache.xml.security.utils.ElementProxy.<init>]
>>setElement("KeyInfo",
>> > "null")
>> > [23.03.2007 14:53:37] [DEBUG]
>> > [
>>org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>>]
>> > Token reference uri:
>>#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>> > org.apache.ws.security.WSSecurityException: Referenced security token
>>could
>> > not be retrieved. (Reference
>> > "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> > at
>> >
>>org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>>(SecurityTokenReference.java:179)
>> > at
>> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
>>SignatureProcessor.java:186)
>> > ...
>> >
>>-----------------------------------------------------------------------------------------------------------------------------------------
>> >
>> >
>> > Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>> > combination with WSS4J?
>> >
>> > Thanks.
>> >
>> > Best Regards
>> > Freddy
>> >
>> > _________________________________________________________________
>> > Express yourself instantly with MSN Messenger! Download today it's
>>FREE!
>> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>> >
>> >
>>
>>
>>--
>>www.ruchith.org
>>www.wso2.org
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>--
>JosĂŠ Ferreiro
>EPFL Communication Systems engineer
>ing.sys.com.dipl.EPFL
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by José Ferreiro <jo...@gmail.com>.
Hello,
I am trying also but having some difficulties with The keygeneration for the
.net side.
I used keytool to generate the keys.
Then I converted the keys from keytool in pfx format.
I succeeded to install those keys in windows keystore.
Fernando may you tell me how are generated the key for Alice and Bob to pfx
format?
In which format are stored the key in the javakey store, JKS format?
Freeddy,
May you show me your wssd deployment in the java server side?
Thank you in advance to you both.
On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
>
> Hi,
>
> Can you please post the message that the java service gets from the .NET
> client?
>
> Thanks,
> Ruchith
>
> On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> > Hi,
> >
> > currently I'm trying to use a .NET Client to access a Java webservice.
> At
> > the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> encrypt
> > the SOAP Body of the SOAP request message. At server-side WSS4J is used
> for
> > checking the signature and decrypting the SOAP Message.
> >
> > I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1package.
> >
> > Unfortunately at server-side I always get the following error message:
> >
> -----------------------------------------------------------------------------------------------------------------
> > ...
> > [23.03.2007 14:53:37] [DEBUG]
> > [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
> URI
> > "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> > HmacSHA1"
> > [23.03.2007 14:53:37] [DEBUG]
> > [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
> Request
> > for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> > [23.03.2007 14:53:37] [DEBUG]
> > [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> .<init>]
> > Created IntegrityHmacSHA1 using HmacSHA1
> > [23.03.2007 14:53:37] [DEBUG]
> > [org.apache.xml.security.utils.ElementProxy.<init>]
> setElement("KeyInfo",
> > "null")
> > [23.03.2007 14:53:37] [DEBUG]
> > [
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> ]
> > Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> > org.apache.ws.security.WSSecurityException: Referenced security token
> could
> > not be retrieved. (Reference
> > "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> > at
> >
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> (SecurityTokenReference.java:179)
> > at
> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> SignatureProcessor.java:186)
> > ...
> >
> -----------------------------------------------------------------------------------------------------------------------------------------
> >
> >
> > Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> > combination with WSS4J?
> >
> > Thanks.
> >
> > Best Regards
> > Freddy
> >
> > _________________________________________________________________
> > Express yourself instantly with MSN Messenger! Download today it's FREE!
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
The request from the .NET client uses a signature that uses the the
key available in the "EncryptedKey" structure to sign using hmac-sha1.
WSS4J doesn't support this at the moment.
Thanks,
Ruchith
On 3/26/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> Hi Ruchith,
>
> thanks for your answer. Here is my the SOAP request message from the .NET
> client side:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:wsse="http://docs
> .oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.
> org/2001/XMLSchema-instance">
> <soap:Header>
> <wsa:Action />
> <wsa:MessageID>
> urn:uuid:336e0fac-2ec9-4764-807f-85f910bb3a43
> </wsa:MessageID>
> <wsa:ReplyTo>
> <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> </wsa:ReplyTo>
> <wsa:To>
> http://lt0085.muc:7511/wss4j/services/simple_webservice
> </wsa:To>
> <wsse:Security soap:mustUnderstand="1">
> <wsu:Timestamp
> wsu:Id="Timestamp-1df6d91a-682a-4c6f-ae3e-f5e633d02bd8">
> <wsu:Created>2007-03-26T07:04:06Z</wsu:Created>
> <wsu:Expires>2007-03-26T07:09:06Z</wsu:Expires>
> </wsu:Timestamp>
> <xenc:EncryptedKey
> Id="SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509Subject
> KeyIdentifier">
> CuJdE1B2dUFd1dkLZSzQ5vj6MYg=
> </wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>
> BLw6Yq5pDJzZ35jlBZr1d4HcjP2+CxDP3teDZlmRH1a9D2kMcav0P5sdDeNiOB2v3oFglbeY0+2bHyx8/CEG09Ib+AWBdmBL5Hd3nA8oPhFXXbKL5wephlTOKZmwMJ83QnPMOaGRmiDEYlIUPzq59P37qTxd9sFzUXksBhga2Cg=
> </xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
> URI="#Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
> <Reference
> URI="#Id-03903826-2208-4b5f-9ffd-954a0a5085a7">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>
> OmO33V9Um/jr91cGFibiz+zUO/E=
> </DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>
> wpxb8M16R3dSGZIU4nTjv4quYxU=
> </SignatureValue>
> <KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference
> URI="#SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf"
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
> />
> </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:Body wsu:Id="Id-03903826-2208-4b5f-9ffd-954a0a5085a7">
> <xenc:EncryptedData
> Id="Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac"
> Type="http://www.w3.org/2001/04/xmlenc#Content"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <xenc:CipherData>
> <xenc:CipherValue>
> Naz3DviV7qFJkcnwgKRpN85TdE5a65mA/NEyQXPVkI4=
> </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soap:Body>
> </soap:Envelope>
>
>
> >From: "Ruchith Fernando" <ru...@gmail.com>
> >To: "Freddy Weishaeupl" <fr...@hotmail.com>
> >CC: wss4j-dev@ws.apache.org
> >Subject: Re: Interop WSE 3.0 and WSS4J - Referenced security token could
> >not be retrieved
> >Date: Sun, 25 Mar 2007 13:05:29 +0530
> >
> >Hi,
> >
> >Can you please post the message that the java service gets from the .NET
> >client?
> >
> >Thanks,
> >Ruchith
> >
> >On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> >>Hi,
> >>
> >>currently I'm trying to use a .NET Client to access a Java webservice. At
> >>the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> >>encrypt
> >>the SOAP Body of the SOAP request message. At server-side WSS4J is used
> >>for
> >>checking the signature and decrypting the SOAP Message.
> >>
> >>I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package.
> >>
> >>Unfortunately at server-side I always get the following error message:
> >>-----------------------------------------------------------------------------------------------------------------
> >>...
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
> >>"http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >>org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> >>HmacSHA1"
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request
> >>for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
> >>Created IntegrityHmacSHA1 using HmacSHA1
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
> >>"null")
> >>[23.03.2007 14:53:37] [DEBUG]
> >>[org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
> >>Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> >>org.apache.ws.security.WSSecurityException: Referenced security token
> >>could
> >>not be retrieved. (Reference
> >>"#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> >> at
> >>org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
> >> at
> >>org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
> >>...
> >>-----------------------------------------------------------------------------------------------------------------------------------------
> >>
> >>
> >>Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> >>combination with WSS4J?
> >>
> >>Thanks.
> >>
> >>Best Regards
> >>Freddy
> >>
> >>_________________________________________________________________
> >>Express yourself instantly with MSN Messenger! Download today it's FREE!
> >>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
> >--
> >www.ruchith.org
> >www.wso2.org
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
>
> _________________________________________________________________
> Don't just search. Find. Check out the new MSN Search!
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by José Ferreiro <jo...@gmail.com>.
Hello,
I am trying also but having some difficulties with The keygeneration for the
.net side.
I used keytool to generate the keys.
Then I converted the keys from keytool in pfx format.
I succeeded to install those keys in windows keystore.
Fernando may you tell me how are generated the key for Alice and Bob to pfx
format?
In which format are stored the key in the javakey store, JKS format?
Freeddy,
May you show me your wssd deployment in the java server side?
Thank you in advance to you both.
On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
>
> Hi,
>
> Can you please post the message that the java service gets from the .NET
> client?
>
> Thanks,
> Ruchith
>
> On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> > Hi,
> >
> > currently I'm trying to use a .NET Client to access a Java webservice.
> At
> > the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> encrypt
> > the SOAP Body of the SOAP request message. At server-side WSS4J is used
> for
> > checking the signature and decrypting the SOAP Message.
> >
> > I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1package.
> >
> > Unfortunately at server-side I always get the following error message:
> >
> -----------------------------------------------------------------------------------------------------------------
> > ...
> > [23.03.2007 14:53:37] [DEBUG]
> > [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
> URI
> > "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> > HmacSHA1"
> > [23.03.2007 14:53:37] [DEBUG]
> > [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
> Request
> > for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> > [23.03.2007 14:53:37] [DEBUG]
> > [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> .<init>]
> > Created IntegrityHmacSHA1 using HmacSHA1
> > [23.03.2007 14:53:37] [DEBUG]
> > [org.apache.xml.security.utils.ElementProxy.<init>]
> setElement("KeyInfo",
> > "null")
> > [23.03.2007 14:53:37] [DEBUG]
> > [
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> ]
> > Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> > org.apache.ws.security.WSSecurityException: Referenced security token
> could
> > not be retrieved. (Reference
> > "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> > at
> >
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> (SecurityTokenReference.java:179)
> > at
> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> SignatureProcessor.java:186)
> > ...
> >
> -----------------------------------------------------------------------------------------------------------------------------------------
> >
> >
> > Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> > combination with WSS4J?
> >
> > Thanks.
> >
> > Best Regards
> > Freddy
> >
> > _________________________________________________________________
> > Express yourself instantly with MSN Messenger! Download today it's FREE!
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Freddy Weishaeupl <fr...@hotmail.com>.
Hi Ruchith,
thanks for your answer. Here is my the SOAP request message from the .NET
client side:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs
.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.
org/2001/XMLSchema-instance">
<soap:Header>
<wsa:Action />
<wsa:MessageID>
urn:uuid:336e0fac-2ec9-4764-807f-85f910bb3a43
</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>
http://lt0085.muc:7511/wss4j/services/simple_webservice
</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-1df6d91a-682a-4c6f-ae3e-f5e633d02bd8">
<wsu:Created>2007-03-26T07:04:06Z</wsu:Created>
<wsu:Expires>2007-03-26T07:09:06Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey
Id="SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509Subject
KeyIdentifier">
CuJdE1B2dUFd1dkLZSzQ5vj6MYg=
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
BLw6Yq5pDJzZ35jlBZr1d4HcjP2+CxDP3teDZlmRH1a9D2kMcav0P5sdDeNiOB2v3oFglbeY0+2bHyx8/CEG09Ib+AWBdmBL5Hd3nA8oPhFXXbKL5wephlTOKZmwMJ83QnPMOaGRmiDEYlIUPzq59P37qTxd9sFzUXksBhga2Cg=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<Reference
URI="#Id-03903826-2208-4b5f-9ffd-954a0a5085a7">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>
OmO33V9Um/jr91cGFibiz+zUO/E=
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
wpxb8M16R3dSGZIU4nTjv4quYxU=
</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-03903826-2208-4b5f-9ffd-954a0a5085a7">
<xenc:EncryptedData
Id="Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData>
<xenc:CipherValue>
Naz3DviV7qFJkcnwgKRpN85TdE5a65mA/NEyQXPVkI4=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
>From: "Ruchith Fernando" <ru...@gmail.com>
>To: "Freddy Weishaeupl" <fr...@hotmail.com>
>CC: wss4j-dev@ws.apache.org
>Subject: Re: Interop WSE 3.0 and WSS4J - Referenced security token could
>not be retrieved
>Date: Sun, 25 Mar 2007 13:05:29 +0530
>
>Hi,
>
>Can you please post the message that the java service gets from the .NET
>client?
>
>Thanks,
>Ruchith
>
>On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
>>Hi,
>>
>>currently I'm trying to use a .NET Client to access a Java webservice. At
>>the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>>encrypt
>>the SOAP Body of the SOAP request message. At server-side WSS4J is used
>>for
>>checking the signature and decrypting the SOAP Message.
>>
>>I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package.
>>
>>Unfortunately at server-side I always get the following error message:
>>-----------------------------------------------------------------------------------------------------------------
>>...
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
>>"http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>>org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>>HmacSHA1"
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request
>>for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
>>Created IntegrityHmacSHA1 using HmacSHA1
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
>>"null")
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
>>Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>>org.apache.ws.security.WSSecurityException: Referenced security token
>>could
>>not be retrieved. (Reference
>>"#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> at
>>org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
>> at
>>org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
>>...
>>-----------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>>Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>>combination with WSS4J?
>>
>>Thanks.
>>
>>Best Regards
>>Freddy
>>
>>_________________________________________________________________
>>Express yourself instantly with MSN Messenger! Download today it's FREE!
>>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>--
>www.ruchith.org
>www.wso2.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Freddy Weishaeupl <fr...@hotmail.com>.
Hi Ruchith,
thanks for your answer. Here is my the SOAP request message from the .NET
client side:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs
.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.
org/2001/XMLSchema-instance">
<soap:Header>
<wsa:Action />
<wsa:MessageID>
urn:uuid:336e0fac-2ec9-4764-807f-85f910bb3a43
</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>
http://lt0085.muc:7511/wss4j/services/simple_webservice
</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-1df6d91a-682a-4c6f-ae3e-f5e633d02bd8">
<wsu:Created>2007-03-26T07:04:06Z</wsu:Created>
<wsu:Expires>2007-03-26T07:09:06Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey
Id="SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509Subject
KeyIdentifier">
CuJdE1B2dUFd1dkLZSzQ5vj6MYg=
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
BLw6Yq5pDJzZ35jlBZr1d4HcjP2+CxDP3teDZlmRH1a9D2kMcav0P5sdDeNiOB2v3oFglbeY0+2bHyx8/CEG09Ib+AWBdmBL5Hd3nA8oPhFXXbKL5wephlTOKZmwMJ83QnPMOaGRmiDEYlIUPzq59P37qTxd9sFzUXksBhga2Cg=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<Reference
URI="#Id-03903826-2208-4b5f-9ffd-954a0a5085a7">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>
OmO33V9Um/jr91cGFibiz+zUO/E=
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
wpxb8M16R3dSGZIU4nTjv4quYxU=
</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-03903826-2208-4b5f-9ffd-954a0a5085a7">
<xenc:EncryptedData
Id="Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData>
<xenc:CipherValue>
Naz3DviV7qFJkcnwgKRpN85TdE5a65mA/NEyQXPVkI4=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
>From: "Ruchith Fernando" <ru...@gmail.com>
>To: "Freddy Weishaeupl" <fr...@hotmail.com>
>CC: wss4j-dev@ws.apache.org
>Subject: Re: Interop WSE 3.0 and WSS4J - Referenced security token could
>not be retrieved
>Date: Sun, 25 Mar 2007 13:05:29 +0530
>
>Hi,
>
>Can you please post the message that the java service gets from the .NET
>client?
>
>Thanks,
>Ruchith
>
>On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
>>Hi,
>>
>>currently I'm trying to use a .NET Client to access a Java webservice. At
>>the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>>encrypt
>>the SOAP Body of the SOAP request message. At server-side WSS4J is used
>>for
>>checking the signature and decrypting the SOAP Message.
>>
>>I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package.
>>
>>Unfortunately at server-side I always get the following error message:
>>-----------------------------------------------------------------------------------------------------------------
>>...
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
>>"http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>>org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>>HmacSHA1"
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request
>>for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
>>Created IntegrityHmacSHA1 using HmacSHA1
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
>>"null")
>>[23.03.2007 14:53:37] [DEBUG]
>>[org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
>>Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>>org.apache.ws.security.WSSecurityException: Referenced security token
>>could
>>not be retrieved. (Reference
>>"#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> at
>>org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
>> at
>>org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
>>...
>>-----------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>>Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>>combination with WSS4J?
>>
>>Thanks.
>>
>>Best Regards
>>Freddy
>>
>>_________________________________________________________________
>>Express yourself instantly with MSN Messenger! Download today it's FREE!
>>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>--
>www.ruchith.org
>www.wso2.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Can you please post the message that the java service gets from the .NET client?
Thanks,
Ruchith
On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> Hi,
>
> currently I'm trying to use a .NET Client to access a Java webservice. At
> the .NET side I use the Microsoft WSE 3.0 implementation to sign and encrypt
> the SOAP Body of the SOAP request message. At server-side WSS4J is used for
> checking the signature and decrypting the SOAP Message.
>
> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package.
>
> Unfortunately at server-side I always get the following error message:
> -----------------------------------------------------------------------------------------------------------------
> ...
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> HmacSHA1"
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request
> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
> Created IntegrityHmacSHA1 using HmacSHA1
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
> "null")
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
> Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> org.apache.ws.security.WSSecurityException: Referenced security token could
> not be retrieved. (Reference
> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> at
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
> ...
> -----------------------------------------------------------------------------------------------------------------------------------------
>
>
> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> combination with WSS4J?
>
> Thanks.
>
> Best Regards
> Freddy
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not
be retrieved
Posted by hunterg1 <gh...@tier1innovation.com>.
Thanks Jose,
I am using mutualCertifciate10 Security. Below is the output while the .NET
service is trying to process the request. I am also using axis2, so have
included the settings I used.
.NET processing message:
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"
/>
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"
/>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.MutualCertificate10Assertion+ServiceInputFilter"
/>
<processingStep description="Exception thrown: Referenced security token
could not be retrieved"> at
Microsoft.Web.Services3.Security.EncryptedKey.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)</processingStep>
AXIS2 outflow settings:
<module ref="addressing-1.1.1" />
<module ref="rampart" />
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>client</user>
<passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
<signaturePropFile>client.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<signatureParts>{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
<encryptionKeyIdentifier>X509KeyIdentifier</encryptionKeyIdentifier>
<encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</encryptionKeyTransportAlgorithm>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</encryptionSymAlgorithm>
<encryptionUser>service</encryptionUser>
</action>
</parameter>
client.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.file=testkeystore.jks
José Ferreiro wrote:
>
> Hello,
>
> Are you using mutualCertificate10Security or mutualCertificate11Security
> in
> VS.NET 2005?
> Can you show your Axis deployement wsdd file?
>
> Thank you
>
> José
>
>
> On 3/30/07, hunterg1 <gh...@tier1innovation.com> wrote:
>>
>>
>> I should add that the .NET client example SOAP works, and the java client
>> example SOAP does not.
>>
>> hunterg1 wrote:
>> >
>> > I am having the same issue. Can anybody help me with this? I am using
>> a
>> > java client to a .NET service using WSE3.0. I get the same error of
>> > 'Referenced security token could not be retrieved' from the .NET
>> service.
>> > I have tried everything, even comparing a .NET client SOAP message to
>> my
>> > java client SOAP message. I am completely stuck now, can anybody
>> please
>> > help? I included the entire sample SOAP messages for both types of
>> > clients below.
>> >
>> > Sample .NET client SOAP:
>> > <soap:Envelope
>> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> > xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> ">
>> > <soap:Header>
>> > <wsa:Action
>> > wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
>> http://services.test.org/HelloWorld</wsa:Action>
>> > <wsa:MessageID
>> >
>> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
>> > <wsa:ReplyTo
>> wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>> >
>> > <wsa:Address>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> > </wsa:ReplyTo>
>> > <wsa:To
>> > wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
>> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
>> > <wsse:Security soap:mustUnderstand="1">
>> > <wsu:Timestamp
>> > wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
>> > <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
>> > <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
>> > </wsu:Timestamp>
>> > <wsse:BinarySecurityToken
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > EncodingType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> "
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> >
>> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
>> > <xenc:EncryptedKey
>> > Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
>> > <ds:DigestMethod
>> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> > </xenc:EncryptionMethod>
>> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <wsse:SecurityTokenReference>
>> > <X509Data>
>> > <X509IssuerSerial>
>> > <X509IssuerName>CN=Root Agency</X509IssuerName>
>> >
>> >
>> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
>> > </X509IssuerSerial>
>> > </X509Data>
>> > </wsse:SecurityTokenReference>
>> > </KeyInfo>
>> > <xenc:CipherData>
>> >
>> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > <xenc:ReferenceList>
>> > <xenc:DataReference
>> > URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
>> > </xenc:ReferenceList>
>> > </xenc:EncryptedKey>
>> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <SignedInfo>
>> > <ds:CanonicalizationMethod
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
>> > <SignatureMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> > <Reference
>> URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
>> > </Reference>
>> > <Reference
>> > URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
>> > </Reference>
>> > </SignedInfo>
>> >
>> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
>> > <KeyInfo>
>> > <wsse:SecurityTokenReference>
>> > <wsse:Reference
>> > URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > />
>> > </wsse:SecurityTokenReference>
>> > </KeyInfo>
>> > </Signature>
>> > </wsse:Security>
>> > </soap:Header>
>> > <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
>> > <xenc:EncryptedData
>> > Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
>> > Type="http://www.w3.org/2001/04/xmlenc#Content"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
>> > <xenc:CipherData>
>> >
>> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > </xenc:EncryptedData>
>> > </soap:Body>
>> > </soap:Envelope>
>> >
>> >
>> >
>> > Sample java client SOAP:
>> > <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>> > <soapenv:Header>
>> > <wsse:Security
>> > xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> > soapenv:mustUnderstand="1">
>> > <xenc:EncryptedKey Id="EncKeyId-3852606">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
>> > <ds:KeyInfo xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#">
>> > <wsse:SecurityTokenReference>
>> > <ds:X509Data>
>> >
>> <ds:X509IssuerSerial>
>> >
>> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
>> >
>> >
>> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
>> >
>> </ds:X509IssuerSerial>
>> > </ds:X509Data>
>> > </wsse:SecurityTokenReference>
>> > </ds:KeyInfo>
>> > <xenc:CipherData>
>> >
>> >
>> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > <xenc:ReferenceList>
>> > <xenc:DataReference
>> URI="#EncDataId-28472268" />
>> > </xenc:ReferenceList>
>> > </xenc:EncryptedKey>
>> > <wsse:BinarySecurityToken
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > EncodingType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> "
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> >
>> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
>> > <ds:Signature xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#"
>> > Id="Signature-2661678">
>> > <ds:SignedInfo>
>> > <ds:CanonicalizationMethod
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > <ds:SignatureMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> > <ds:Reference URI="#id-28472268">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-29087666">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-21886820">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-28113457">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-22927632">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference
>> URI="#Timestamp-32580443">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
>> > </ds:Reference>
>> > </ds:SignedInfo>
>> > <ds:SignatureValue>
>> >
>> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
>> >
>> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
>> > /ouTIppVwJnvzMom4EQ=
>> > </ds:SignatureValue>
>> > <ds:KeyInfo Id="KeyId-32689826">
>> > <wsse:SecurityTokenReference
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="STRId-3840954">
>> > <wsse:Reference
>> URI="#CertId-1110094"
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > />
>> > </wsse:SecurityTokenReference>
>> > </ds:KeyInfo>
>> > </ds:Signature>
>> > <wsu:Timestamp
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="Timestamp-32580443">
>> > <wsu:Created>2007-03-29T21:36:04.570Z
>> </wsu:Created>
>> > <wsu:Expires>2007-03-29T21:41:04.570Z
>> </wsu:Expires>
>> > </wsu:Timestamp>
>> > </wsse:Security>
>> > <wsa:To
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-21886820">
>> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
>> > <wsa:ReplyTo
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-28113457">
>> > <wsa:Address>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> > </wsa:ReplyTo><wsa:MessageID
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> >
>> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
>> > <wsa:Action
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
>> > </soapenv:Header>
>> > <soapenv:Body
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-28472268">
>> > <xenc:EncryptedData Id="EncDataId-28472268"
>> > Type="http://www.w3.org/2001/04/xmlenc#Content">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
>> > <xenc:CipherData>
>> >
>> >
>> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
>> >
>> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
>> >
>> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
>> >
>> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
>> >
>> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
>> >
>> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
>> > Kn2YHj4Vdt4IEg==</xenc:CipherValue>
>> > </xenc:CipherData>
>> > </xenc:EncryptedData>
>> > </soapenv:Body>
>> > </soapenv:Envelope>
>> >
>> >
>> > Freddy Weishaeupl wrote:
>> >>
>> >> Hi,
>> >>
>> >> currently I'm trying to use a .NET Client to access a Java webservice.
>> At
>> >> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>> >> encrypt
>> >> the SOAP Body of the SOAP request message. At server-side WSS4J is
>> used
>> >> for
>> >> checking the signature and decrypting the SOAP Message.
>> >>
>> >> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
>> >> package.
>> >>
>> >> Unfortunately at server-side I always get the following error message:
>> >>
>> -----------------------------------------------------------------------------------------------------------------
>> >> ...
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
>> URI
>> >> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>> >>
>> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>> >> HmacSHA1"
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
>> >> Request
>> >> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
>> .<init>]
>> >> Created IntegrityHmacSHA1 using HmacSHA1
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.utils.ElementProxy.<init>]
>> setElement("KeyInfo",
>> >> "null")
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>> ]
>> >> Token reference uri:
>> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>> >> org.apache.ws.security.WSSecurityException: Referenced security token
>> >> could
>> >> not be retrieved. (Reference
>> >> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> >> at
>> >>
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>> (SecurityTokenReference.java:179)
>> >> at
>> >>
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
>> SignatureProcessor.java:186)
>> >> ...
>> >>
>> -----------------------------------------------------------------------------------------------------------------------------------------
>> >>
>> >>
>> >> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>> >> combination with WSS4J?
>> >>
>> >> Thanks.
>> >>
>> >> Best Regards
>> >> Freddy
>> >>
>> >> _________________________________________________________________
>> >> Express yourself instantly with MSN Messenger! Download today it's
>> FREE!
>> >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>> >>
>> >>
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
>> Sent from the WSS4J mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
> --
> José Ferreiro
> EPFL Communication Systems engineer
> ing.sys.com.dipl.EPFL
>
>
--
View this message in context: http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9751948
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not
be retrieved
Posted by hunterg1 <gh...@tier1innovation.com>.
Thanks Jose,
I am using mutualCertifciate10 Security. Below is the output while the .NET
service is trying to process the request. I am also using axis2, so have
included the settings I used.
.NET processing message:
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"
/>
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"
/>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.MutualCertificate10Assertion+ServiceInputFilter"
/>
<processingStep description="Exception thrown: Referenced security token
could not be retrieved"> at
Microsoft.Web.Services3.Security.EncryptedKey.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)</processingStep>
AXIS2 outflow settings:
<module ref="addressing-1.1.1" />
<module ref="rampart" />
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>client</user>
<passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
<signaturePropFile>client.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<signatureParts>{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo;{}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
<encryptionKeyIdentifier>X509KeyIdentifier</encryptionKeyIdentifier>
<encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</encryptionKeyTransportAlgorithm>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</encryptionSymAlgorithm>
<encryptionUser>service</encryptionUser>
</action>
</parameter>
client.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.file=testkeystore.jks
José Ferreiro wrote:
>
> Hello,
>
> Are you using mutualCertificate10Security or mutualCertificate11Security
> in
> VS.NET 2005?
> Can you show your Axis deployement wsdd file?
>
> Thank you
>
> José
>
>
> On 3/30/07, hunterg1 <gh...@tier1innovation.com> wrote:
>>
>>
>> I should add that the .NET client example SOAP works, and the java client
>> example SOAP does not.
>>
>> hunterg1 wrote:
>> >
>> > I am having the same issue. Can anybody help me with this? I am using
>> a
>> > java client to a .NET service using WSE3.0. I get the same error of
>> > 'Referenced security token could not be retrieved' from the .NET
>> service.
>> > I have tried everything, even comparing a .NET client SOAP message to
>> my
>> > java client SOAP message. I am completely stuck now, can anybody
>> please
>> > help? I included the entire sample SOAP messages for both types of
>> > clients below.
>> >
>> > Sample .NET client SOAP:
>> > <soap:Envelope
>> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> > xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> ">
>> > <soap:Header>
>> > <wsa:Action
>> > wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
>> http://services.test.org/HelloWorld</wsa:Action>
>> > <wsa:MessageID
>> >
>> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
>> > <wsa:ReplyTo
>> wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>> >
>> > <wsa:Address>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> > </wsa:ReplyTo>
>> > <wsa:To
>> > wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
>> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
>> > <wsse:Security soap:mustUnderstand="1">
>> > <wsu:Timestamp
>> > wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
>> > <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
>> > <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
>> > </wsu:Timestamp>
>> > <wsse:BinarySecurityToken
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > EncodingType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> "
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> >
>> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
>> > <xenc:EncryptedKey
>> > Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
>> > <ds:DigestMethod
>> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> > </xenc:EncryptionMethod>
>> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <wsse:SecurityTokenReference>
>> > <X509Data>
>> > <X509IssuerSerial>
>> > <X509IssuerName>CN=Root Agency</X509IssuerName>
>> >
>> >
>> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
>> > </X509IssuerSerial>
>> > </X509Data>
>> > </wsse:SecurityTokenReference>
>> > </KeyInfo>
>> > <xenc:CipherData>
>> >
>> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > <xenc:ReferenceList>
>> > <xenc:DataReference
>> > URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
>> > </xenc:ReferenceList>
>> > </xenc:EncryptedKey>
>> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <SignedInfo>
>> > <ds:CanonicalizationMethod
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
>> > <SignatureMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> > <Reference
>> URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
>> > </Reference>
>> > <Reference
>> > URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
>> > </Reference>
>> > <Reference
>> URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
>> > <Transforms>
>> > <Transform
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > </Transforms>
>> > <DigestMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >
>> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
>> > </Reference>
>> > </SignedInfo>
>> >
>> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
>> > <KeyInfo>
>> > <wsse:SecurityTokenReference>
>> > <wsse:Reference
>> > URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > />
>> > </wsse:SecurityTokenReference>
>> > </KeyInfo>
>> > </Signature>
>> > </wsse:Security>
>> > </soap:Header>
>> > <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
>> > <xenc:EncryptedData
>> > Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
>> > Type="http://www.w3.org/2001/04/xmlenc#Content"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
>> > <xenc:CipherData>
>> >
>> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > </xenc:EncryptedData>
>> > </soap:Body>
>> > </soap:Envelope>
>> >
>> >
>> >
>> > Sample java client SOAP:
>> > <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>> > <soapenv:Header>
>> > <wsse:Security
>> > xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> > soapenv:mustUnderstand="1">
>> > <xenc:EncryptedKey Id="EncKeyId-3852606">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
>> > <ds:KeyInfo xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#">
>> > <wsse:SecurityTokenReference>
>> > <ds:X509Data>
>> >
>> <ds:X509IssuerSerial>
>> >
>> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
>> >
>> >
>> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
>> >
>> </ds:X509IssuerSerial>
>> > </ds:X509Data>
>> > </wsse:SecurityTokenReference>
>> > </ds:KeyInfo>
>> > <xenc:CipherData>
>> >
>> >
>> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
>> > </xenc:CipherData>
>> > <xenc:ReferenceList>
>> > <xenc:DataReference
>> URI="#EncDataId-28472268" />
>> > </xenc:ReferenceList>
>> > </xenc:EncryptedKey>
>> > <wsse:BinarySecurityToken
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > EncodingType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> "
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> >
>> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
>> > <ds:Signature xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#"
>> > Id="Signature-2661678">
>> > <ds:SignedInfo>
>> > <ds:CanonicalizationMethod
>> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>> > <ds:SignatureMethod
>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> > <ds:Reference URI="#id-28472268">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-29087666">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-21886820">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-28113457">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference URI="#id-22927632">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
>> > </ds:Reference>
>> > <ds:Reference
>> URI="#Timestamp-32580443">
>> > <ds:Transforms>
>> > <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>> > />
>> > </ds:Transforms>
>> > <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> > />
>> >
>> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
>> > </ds:Reference>
>> > </ds:SignedInfo>
>> > <ds:SignatureValue>
>> >
>> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
>> >
>> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
>> > /ouTIppVwJnvzMom4EQ=
>> > </ds:SignatureValue>
>> > <ds:KeyInfo Id="KeyId-32689826">
>> > <wsse:SecurityTokenReference
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="STRId-3840954">
>> > <wsse:Reference
>> URI="#CertId-1110094"
>> > ValueType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> "
>> > />
>> > </wsse:SecurityTokenReference>
>> > </ds:KeyInfo>
>> > </ds:Signature>
>> > <wsu:Timestamp
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="Timestamp-32580443">
>> > <wsu:Created>2007-03-29T21:36:04.570Z
>> </wsu:Created>
>> > <wsu:Expires>2007-03-29T21:41:04.570Z
>> </wsu:Expires>
>> > </wsu:Timestamp>
>> > </wsse:Security>
>> > <wsa:To
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-21886820">
>> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
>> > <wsa:ReplyTo
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-28113457">
>> > <wsa:Address>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> > </wsa:ReplyTo><wsa:MessageID
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> >
>> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
>> > <wsa:Action
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
>> > </soapenv:Header>
>> > <soapenv:Body
>> > xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> > wsu:Id="id-28472268">
>> > <xenc:EncryptedData Id="EncDataId-28472268"
>> > Type="http://www.w3.org/2001/04/xmlenc#Content">
>> > <xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
>> > <xenc:CipherData>
>> >
>> >
>> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
>> >
>> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
>> >
>> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
>> >
>> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
>> >
>> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
>> >
>> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
>> > Kn2YHj4Vdt4IEg==</xenc:CipherValue>
>> > </xenc:CipherData>
>> > </xenc:EncryptedData>
>> > </soapenv:Body>
>> > </soapenv:Envelope>
>> >
>> >
>> > Freddy Weishaeupl wrote:
>> >>
>> >> Hi,
>> >>
>> >> currently I'm trying to use a .NET Client to access a Java webservice.
>> At
>> >> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>> >> encrypt
>> >> the SOAP Body of the SOAP request message. At server-side WSS4J is
>> used
>> >> for
>> >> checking the signature and decrypting the SOAP Message.
>> >>
>> >> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
>> >> package.
>> >>
>> >> Unfortunately at server-side I always get the following error message:
>> >>
>> -----------------------------------------------------------------------------------------------------------------
>> >> ...
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
>> URI
>> >> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>> >>
>> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>> >> HmacSHA1"
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
>> >> Request
>> >> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
>> .<init>]
>> >> Created IntegrityHmacSHA1 using HmacSHA1
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [org.apache.xml.security.utils.ElementProxy.<init>]
>> setElement("KeyInfo",
>> >> "null")
>> >> [23.03.2007 14:53:37] [DEBUG]
>> >> [
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>> ]
>> >> Token reference uri:
>> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>> >> org.apache.ws.security.WSSecurityException: Referenced security token
>> >> could
>> >> not be retrieved. (Reference
>> >> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> >> at
>> >>
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
>> (SecurityTokenReference.java:179)
>> >> at
>> >>
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
>> SignatureProcessor.java:186)
>> >> ...
>> >>
>> -----------------------------------------------------------------------------------------------------------------------------------------
>> >>
>> >>
>> >> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>> >> combination with WSS4J?
>> >>
>> >> Thanks.
>> >>
>> >> Best Regards
>> >> Freddy
>> >>
>> >> _________________________________________________________________
>> >> Express yourself instantly with MSN Messenger! Download today it's
>> FREE!
>> >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>> >>
>> >>
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
>> Sent from the WSS4J mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
> --
> José Ferreiro
> EPFL Communication Systems engineer
> ing.sys.com.dipl.EPFL
>
>
--
View this message in context: http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9751948
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by José Ferreiro <jo...@gmail.com>.
Hello,
Are you using mutualCertificate10Security or mutualCertificate11Security in
VS.NET 2005?
Can you show your Axis deployement wsdd file?
Thank you
José
On 3/30/07, hunterg1 <gh...@tier1innovation.com> wrote:
>
>
> I should add that the .NET client example SOAP works, and the java client
> example SOAP does not.
>
> hunterg1 wrote:
> >
> > I am having the same issue. Can anybody help me with this? I am using
> a
> > java client to a .NET service using WSE3.0. I get the same error of
> > 'Referenced security token could not be retrieved' from the .NET
> service.
> > I have tried everything, even comparing a .NET client SOAP message to my
> > java client SOAP message. I am completely stuck now, can anybody please
> > help? I included the entire sample SOAP messages for both types of
> > clients below.
> >
> > Sample .NET client SOAP:
> > <soap:Envelope
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> > <soap:Header>
> > <wsa:Action
> > wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> http://services.test.org/HelloWorld</wsa:Action>
> > <wsa:MessageID
> >
> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
> > <wsa:ReplyTo wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> >
> > <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> > </wsa:ReplyTo>
> > <wsa:To
> > wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> > <wsse:Security soap:mustUnderstand="1">
> > <wsu:Timestamp
> > wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> > <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
> > <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
> > </wsu:Timestamp>
> > <wsse:BinarySecurityToken
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >
> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> > <xenc:EncryptedKey
> > Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
> > <ds:DigestMethod
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> > </xenc:EncryptionMethod>
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <wsse:SecurityTokenReference>
> > <X509Data>
> > <X509IssuerSerial>
> > <X509IssuerName>CN=Root Agency</X509IssuerName>
> >
> >
> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
> > </X509IssuerSerial>
> > </X509Data>
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > <xenc:CipherData>
> >
> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> > URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
> > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <Reference
> URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
> > </Reference>
> > </SignedInfo>
> >
> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
> > <KeyInfo>
> > <wsse:SecurityTokenReference>
> > <wsse:Reference
> > URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > />
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > </Signature>
> > </wsse:Security>
> > </soap:Header>
> > <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> > <xenc:EncryptedData
> > Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
> > Type="http://www.w3.org/2001/04/xmlenc#Content"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > <xenc:CipherData>
> >
> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </soap:Body>
> > </soap:Envelope>
> >
> >
> >
> > Sample java client SOAP:
> > <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> > <soapenv:Header>
> > <wsse:Security
> > xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > soapenv:mustUnderstand="1">
> > <xenc:EncryptedKey Id="EncKeyId-3852606">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
> > <ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#">
> > <wsse:SecurityTokenReference>
> > <ds:X509Data>
> >
> <ds:X509IssuerSerial>
> >
> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
> >
> >
> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
> >
> </ds:X509IssuerSerial>
> > </ds:X509Data>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> >
> >
> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> URI="#EncDataId-28472268" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <wsse:BinarySecurityToken
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> >
> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> > <ds:Signature xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#"
> > Id="Signature-2661678">
> > <ds:SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > <ds:SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <ds:Reference URI="#id-28472268">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-29087666">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-21886820">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-28113457">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-22927632">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference
> URI="#Timestamp-32580443">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
> > </ds:Reference>
> > </ds:SignedInfo>
> > <ds:SignatureValue>
> >
> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
> >
> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
> > /ouTIppVwJnvzMom4EQ=
> > </ds:SignatureValue>
> > <ds:KeyInfo Id="KeyId-32689826">
> > <wsse:SecurityTokenReference
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="STRId-3840954">
> > <wsse:Reference
> URI="#CertId-1110094"
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > />
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > </ds:Signature>
> > <wsu:Timestamp
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="Timestamp-32580443">
> > <wsu:Created>2007-03-29T21:36:04.570Z
> </wsu:Created>
> > <wsu:Expires>2007-03-29T21:41:04.570Z
> </wsu:Expires>
> > </wsu:Timestamp>
> > </wsse:Security>
> > <wsa:To
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-21886820">
> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> > <wsa:ReplyTo
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-28113457">
> > <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> > </wsa:ReplyTo><wsa:MessageID
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >
> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
> > <wsa:Action
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
> > </soapenv:Header>
> > <soapenv:Body
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-28472268">
> > <xenc:EncryptedData Id="EncDataId-28472268"
> > Type="http://www.w3.org/2001/04/xmlenc#Content">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > <xenc:CipherData>
> >
> >
> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
> >
> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
> >
> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
> >
> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
> >
> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
> >
> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
> > Kn2YHj4Vdt4IEg==</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
> >
> > Freddy Weishaeupl wrote:
> >>
> >> Hi,
> >>
> >> currently I'm trying to use a .NET Client to access a Java webservice.
> At
> >> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> >> encrypt
> >> the SOAP Body of the SOAP request message. At server-side WSS4J is used
> >> for
> >> checking the signature and decrypting the SOAP Message.
> >>
> >> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
> >> package.
> >>
> >> Unfortunately at server-side I always get the following error message:
> >>
> -----------------------------------------------------------------------------------------------------------------
> >> ...
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
> URI
> >> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >>
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> >> HmacSHA1"
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
> >> Request
> >> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> .<init>]
> >> Created IntegrityHmacSHA1 using HmacSHA1
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.utils.ElementProxy.<init>]
> setElement("KeyInfo",
> >> "null")
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> ]
> >> Token reference uri:
> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> >> org.apache.ws.security.WSSecurityException: Referenced security token
> >> could
> >> not be retrieved. (Reference
> >> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> >> at
> >>
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> (SecurityTokenReference.java:179)
> >> at
> >> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> SignatureProcessor.java:186)
> >> ...
> >>
> -----------------------------------------------------------------------------------------------------------------------------------------
> >>
> >>
> >> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> >> combination with WSS4J?
> >>
> >> Thanks.
> >>
> >> Best Regards
> >> Freddy
> >>
> >> _________________________________________________________________
> >> Express yourself instantly with MSN Messenger! Download today it's
> FREE!
> >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by José Ferreiro <jo...@gmail.com>.
Hello,
Are you using mutualCertificate10Security or mutualCertificate11Security in
VS.NET 2005?
Can you show your Axis deployement wsdd file?
Thank you
José
On 3/30/07, hunterg1 <gh...@tier1innovation.com> wrote:
>
>
> I should add that the .NET client example SOAP works, and the java client
> example SOAP does not.
>
> hunterg1 wrote:
> >
> > I am having the same issue. Can anybody help me with this? I am using
> a
> > java client to a .NET service using WSE3.0. I get the same error of
> > 'Referenced security token could not be retrieved' from the .NET
> service.
> > I have tried everything, even comparing a .NET client SOAP message to my
> > java client SOAP message. I am completely stuck now, can anybody please
> > help? I included the entire sample SOAP messages for both types of
> > clients below.
> >
> > Sample .NET client SOAP:
> > <soap:Envelope
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> > <soap:Header>
> > <wsa:Action
> > wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> http://services.test.org/HelloWorld</wsa:Action>
> > <wsa:MessageID
> >
> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
> > <wsa:ReplyTo wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> >
> > <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> > </wsa:ReplyTo>
> > <wsa:To
> > wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> > <wsse:Security soap:mustUnderstand="1">
> > <wsu:Timestamp
> > wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> > <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
> > <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
> > </wsu:Timestamp>
> > <wsse:BinarySecurityToken
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >
> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> > <xenc:EncryptedKey
> > Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
> > <ds:DigestMethod
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> > </xenc:EncryptionMethod>
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <wsse:SecurityTokenReference>
> > <X509Data>
> > <X509IssuerSerial>
> > <X509IssuerName>CN=Root Agency</X509IssuerName>
> >
> >
> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
> > </X509IssuerSerial>
> > </X509Data>
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > <xenc:CipherData>
> >
> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> > URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
> > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <Reference
> URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
> > </Reference>
> > </SignedInfo>
> >
> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
> > <KeyInfo>
> > <wsse:SecurityTokenReference>
> > <wsse:Reference
> > URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > />
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > </Signature>
> > </wsse:Security>
> > </soap:Header>
> > <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> > <xenc:EncryptedData
> > Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
> > Type="http://www.w3.org/2001/04/xmlenc#Content"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > <xenc:CipherData>
> >
> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </soap:Body>
> > </soap:Envelope>
> >
> >
> >
> > Sample java client SOAP:
> > <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> > <soapenv:Header>
> > <wsse:Security
> > xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > soapenv:mustUnderstand="1">
> > <xenc:EncryptedKey Id="EncKeyId-3852606">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
> > <ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#">
> > <wsse:SecurityTokenReference>
> > <ds:X509Data>
> >
> <ds:X509IssuerSerial>
> >
> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
> >
> >
> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
> >
> </ds:X509IssuerSerial>
> > </ds:X509Data>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> >
> >
> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> URI="#EncDataId-28472268" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <wsse:BinarySecurityToken
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> >
> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> > <ds:Signature xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#"
> > Id="Signature-2661678">
> > <ds:SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > <ds:SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <ds:Reference URI="#id-28472268">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-29087666">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-21886820">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-28113457">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-22927632">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference
> URI="#Timestamp-32580443">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
> > </ds:Reference>
> > </ds:SignedInfo>
> > <ds:SignatureValue>
> >
> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
> >
> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
> > /ouTIppVwJnvzMom4EQ=
> > </ds:SignatureValue>
> > <ds:KeyInfo Id="KeyId-32689826">
> > <wsse:SecurityTokenReference
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="STRId-3840954">
> > <wsse:Reference
> URI="#CertId-1110094"
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > />
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > </ds:Signature>
> > <wsu:Timestamp
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="Timestamp-32580443">
> > <wsu:Created>2007-03-29T21:36:04.570Z
> </wsu:Created>
> > <wsu:Expires>2007-03-29T21:41:04.570Z
> </wsu:Expires>
> > </wsu:Timestamp>
> > </wsse:Security>
> > <wsa:To
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-21886820">
> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> > <wsa:ReplyTo
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-28113457">
> > <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> > </wsa:ReplyTo><wsa:MessageID
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >
> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
> > <wsa:Action
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
> > </soapenv:Header>
> > <soapenv:Body
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-28472268">
> > <xenc:EncryptedData Id="EncDataId-28472268"
> > Type="http://www.w3.org/2001/04/xmlenc#Content">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > <xenc:CipherData>
> >
> >
> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
> >
> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
> >
> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
> >
> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
> >
> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
> >
> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
> > Kn2YHj4Vdt4IEg==</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
> >
> > Freddy Weishaeupl wrote:
> >>
> >> Hi,
> >>
> >> currently I'm trying to use a .NET Client to access a Java webservice.
> At
> >> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> >> encrypt
> >> the SOAP Body of the SOAP request message. At server-side WSS4J is used
> >> for
> >> checking the signature and decrypting the SOAP Message.
> >>
> >> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
> >> package.
> >>
> >> Unfortunately at server-side I always get the following error message:
> >>
> -----------------------------------------------------------------------------------------------------------------
> >> ...
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
> URI
> >> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >>
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> >> HmacSHA1"
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
> >> Request
> >> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> .<init>]
> >> Created IntegrityHmacSHA1 using HmacSHA1
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.utils.ElementProxy.<init>]
> setElement("KeyInfo",
> >> "null")
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> ]
> >> Token reference uri:
> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> >> org.apache.ws.security.WSSecurityException: Referenced security token
> >> could
> >> not be retrieved. (Reference
> >> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> >> at
> >>
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> (SecurityTokenReference.java:179)
> >> at
> >> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> SignatureProcessor.java:186)
> >> ...
> >>
> -----------------------------------------------------------------------------------------------------------------------------------------
> >>
> >>
> >> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> >> combination with WSS4J?
> >>
> >> Thanks.
> >>
> >> Best Regards
> >> Freddy
> >>
> >> _________________________________________________________________
> >> Express yourself instantly with MSN Messenger! Download today it's
> FREE!
> >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by José Ferreiro <jo...@gmail.com>.
Hello,
Are you using mutualCertificate10Security or mutualCertificate11Security in
VS.NET 2005?
Can you show your Axis deployement wsdd file?
Thank you
José
On 3/30/07, hunterg1 <gh...@tier1innovation.com> wrote:
>
>
> I should add that the .NET client example SOAP works, and the java client
> example SOAP does not.
>
> hunterg1 wrote:
> >
> > I am having the same issue. Can anybody help me with this? I am using
> a
> > java client to a .NET service using WSE3.0. I get the same error of
> > 'Referenced security token could not be retrieved' from the .NET
> service.
> > I have tried everything, even comparing a .NET client SOAP message to my
> > java client SOAP message. I am completely stuck now, can anybody please
> > help? I included the entire sample SOAP messages for both types of
> > clients below.
> >
> > Sample .NET client SOAP:
> > <soap:Envelope
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> > <soap:Header>
> > <wsa:Action
> > wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> http://services.test.org/HelloWorld</wsa:Action>
> > <wsa:MessageID
> >
> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
> > <wsa:ReplyTo wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> >
> > <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> > </wsa:ReplyTo>
> > <wsa:To
> > wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> > <wsse:Security soap:mustUnderstand="1">
> > <wsu:Timestamp
> > wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> > <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
> > <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
> > </wsu:Timestamp>
> > <wsse:BinarySecurityToken
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >
> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> > <xenc:EncryptedKey
> > Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
> > <ds:DigestMethod
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> > </xenc:EncryptionMethod>
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <wsse:SecurityTokenReference>
> > <X509Data>
> > <X509IssuerSerial>
> > <X509IssuerName>CN=Root Agency</X509IssuerName>
> >
> >
> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
> > </X509IssuerSerial>
> > </X509Data>
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > <xenc:CipherData>
> >
> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> > URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
> > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <Reference
> URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
> > </Reference>
> > <Reference
> URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >
> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
> > </Reference>
> > </SignedInfo>
> >
> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
> > <KeyInfo>
> > <wsse:SecurityTokenReference>
> > <wsse:Reference
> > URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > />
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > </Signature>
> > </wsse:Security>
> > </soap:Header>
> > <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> > <xenc:EncryptedData
> > Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
> > Type="http://www.w3.org/2001/04/xmlenc#Content"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > <xenc:CipherData>
> >
> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </soap:Body>
> > </soap:Envelope>
> >
> >
> >
> > Sample java client SOAP:
> > <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> > <soapenv:Header>
> > <wsse:Security
> > xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > soapenv:mustUnderstand="1">
> > <xenc:EncryptedKey Id="EncKeyId-3852606">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
> > <ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#">
> > <wsse:SecurityTokenReference>
> > <ds:X509Data>
> >
> <ds:X509IssuerSerial>
> >
> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
> >
> >
> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
> >
> </ds:X509IssuerSerial>
> > </ds:X509Data>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > <xenc:CipherData>
> >
> >
> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> URI="#EncDataId-28472268" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <wsse:BinarySecurityToken
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> >
> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> > <ds:Signature xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#"
> > Id="Signature-2661678">
> > <ds:SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > <ds:SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <ds:Reference URI="#id-28472268">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-29087666">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-21886820">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-28113457">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-22927632">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference
> URI="#Timestamp-32580443">
> > <ds:Transforms>
> > <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > />
> > </ds:Transforms>
> > <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> > />
> >
> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
> > </ds:Reference>
> > </ds:SignedInfo>
> > <ds:SignatureValue>
> >
> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
> >
> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
> > /ouTIppVwJnvzMom4EQ=
> > </ds:SignatureValue>
> > <ds:KeyInfo Id="KeyId-32689826">
> > <wsse:SecurityTokenReference
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="STRId-3840954">
> > <wsse:Reference
> URI="#CertId-1110094"
> > ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "
> > />
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > </ds:Signature>
> > <wsu:Timestamp
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="Timestamp-32580443">
> > <wsu:Created>2007-03-29T21:36:04.570Z
> </wsu:Created>
> > <wsu:Expires>2007-03-29T21:41:04.570Z
> </wsu:Expires>
> > </wsu:Timestamp>
> > </wsse:Security>
> > <wsa:To
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-21886820">
> http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> > <wsa:ReplyTo
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-28113457">
> > <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> > </wsa:ReplyTo><wsa:MessageID
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >
> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
> > <wsa:Action
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
> > </soapenv:Header>
> > <soapenv:Body
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-28472268">
> > <xenc:EncryptedData Id="EncDataId-28472268"
> > Type="http://www.w3.org/2001/04/xmlenc#Content">
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > <xenc:CipherData>
> >
> >
> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
> >
> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
> >
> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
> >
> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
> >
> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
> >
> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
> > Kn2YHj4Vdt4IEg==</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
> >
> > Freddy Weishaeupl wrote:
> >>
> >> Hi,
> >>
> >> currently I'm trying to use a .NET Client to access a Java webservice.
> At
> >> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> >> encrypt
> >> the SOAP Body of the SOAP request message. At server-side WSS4J is used
> >> for
> >> checking the signature and decrypting the SOAP Message.
> >>
> >> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
> >> package.
> >>
> >> Unfortunately at server-side I always get the following error message:
> >>
> -----------------------------------------------------------------------------------------------------------------
> >> ...
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create
> URI
> >> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> >>
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> >> HmacSHA1"
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
> >> Request
> >> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.algorithms.implementations.IntegrityHmac
> .<init>]
> >> Created IntegrityHmacSHA1 using HmacSHA1
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [org.apache.xml.security.utils.ElementProxy.<init>]
> setElement("KeyInfo",
> >> "null")
> >> [23.03.2007 14:53:37] [DEBUG]
> >> [
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> ]
> >> Token reference uri:
> #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> >> org.apache.ws.security.WSSecurityException: Referenced security token
> >> could
> >> not be retrieved. (Reference
> >> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> >> at
> >>
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement
> (SecurityTokenReference.java:179)
> >> at
> >> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> SignatureProcessor.java:186)
> >> ...
> >>
> -----------------------------------------------------------------------------------------------------------------------------------------
> >>
> >>
> >> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> >> combination with WSS4J?
> >>
> >> Thanks.
> >>
> >> Best Regards
> >> Freddy
> >>
> >> _________________________________________________________________
> >> Express yourself instantly with MSN Messenger! Download today it's
> FREE!
> >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not
be retrieved
Posted by hunterg1 <gh...@tier1innovation.com>.
I should add that the .NET client example SOAP works, and the java client
example SOAP does not.
hunterg1 wrote:
>
> I am having the same issue. Can anybody help me with this? I am using a
> java client to a .NET service using WSE3.0. I get the same error of
> 'Referenced security token could not be retrieved' from the .NET service.
> I have tried everything, even comparing a .NET client SOAP message to my
> java client SOAP message. I am completely stuck now, can anybody please
> help? I included the entire sample SOAP messages for both types of
> clients below.
>
> Sample .NET client SOAP:
> <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <soap:Header>
> <wsa:Action
> wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">http://services.test.org/HelloWorld</wsa:Action>
> <wsa:MessageID
> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
> <wsa:ReplyTo wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> </wsa:ReplyTo>
> <wsa:To
> wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> <wsse:Security soap:mustUnderstand="1">
> <wsu:Timestamp
> wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
> <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:BinarySecurityToken
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> <xenc:EncryptedKey
> Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
> <ds:DigestMethod
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> </xenc:EncryptionMethod>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <X509Data>
> <X509IssuerSerial>
> <X509IssuerName>CN=Root Agency</X509IssuerName>
>
> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
> </X509IssuerSerial>
> </X509Data>
> </wsse:SecurityTokenReference>
> </KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
> URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <Reference URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
> </Reference>
> <Reference URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
> </Reference>
> <Reference URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
> </Reference>
> <Reference URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
> </Reference>
> <Reference
> URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
> </Reference>
> <Reference URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
> <KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference
> URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> />
> </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> <xenc:EncryptedData
> Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
> Type="http://www.w3.org/2001/04/xmlenc#Content"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> <xenc:CipherData>
> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soap:Body>
> </soap:Envelope>
>
>
>
> Sample java client SOAP:
> <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
> <xenc:EncryptedKey Id="EncKeyId-3852606">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <ds:X509Data>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
>
> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
>
> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#EncDataId-28472268" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <wsse:BinarySecurityToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> Id="Signature-2661678">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <ds:Reference URI="#id-28472268">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-29087666">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-21886820">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-28113457">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-22927632">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#Timestamp-32580443">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
> /ouTIppVwJnvzMom4EQ=
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-32689826">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="STRId-3840954">
> <wsse:Reference URI="#CertId-1110094"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> />
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> <wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="Timestamp-32580443">
> <wsu:Created>2007-03-29T21:36:04.570Z</wsu:Created>
> <wsu:Expires>2007-03-29T21:41:04.570Z</wsu:Expires>
> </wsu:Timestamp>
> </wsse:Security>
> <wsa:To
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-21886820">http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> <wsa:ReplyTo
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-28113457">
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> </wsa:ReplyTo><wsa:MessageID
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
> <wsa:Action
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
> </soapenv:Header>
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-28472268">
> <xenc:EncryptedData Id="EncDataId-28472268"
> Type="http://www.w3.org/2001/04/xmlenc#Content">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> <xenc:CipherData>
>
> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
> Kn2YHj4Vdt4IEg==</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
> Freddy Weishaeupl wrote:
>>
>> Hi,
>>
>> currently I'm trying to use a .NET Client to access a Java webservice. At
>> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>> encrypt
>> the SOAP Body of the SOAP request message. At server-side WSS4J is used
>> for
>> checking the signature and decrypting the SOAP Message.
>>
>> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
>> package.
>>
>> Unfortunately at server-side I always get the following error message:
>> -----------------------------------------------------------------------------------------------------------------
>> ...
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
>> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>> HmacSHA1"
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
>> Request
>> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
>> Created IntegrityHmacSHA1 using HmacSHA1
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
>> "null")
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
>> Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>> org.apache.ws.security.WSSecurityException: Referenced security token
>> could
>> not be retrieved. (Reference
>> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> at
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
>> at
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
>> ...
>> -----------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>> combination with WSS4J?
>>
>> Thanks.
>>
>> Best Regards
>> Freddy
>>
>> _________________________________________________________________
>> Express yourself instantly with MSN Messenger! Download today it's FREE!
>> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not
be retrieved
Posted by hunterg1 <gh...@tier1innovation.com>.
I should add that the .NET client example SOAP works, and the java client
example SOAP does not.
hunterg1 wrote:
>
> I am having the same issue. Can anybody help me with this? I am using a
> java client to a .NET service using WSE3.0. I get the same error of
> 'Referenced security token could not be retrieved' from the .NET service.
> I have tried everything, even comparing a .NET client SOAP message to my
> java client SOAP message. I am completely stuck now, can anybody please
> help? I included the entire sample SOAP messages for both types of
> clients below.
>
> Sample .NET client SOAP:
> <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <soap:Header>
> <wsa:Action
> wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">http://services.test.org/HelloWorld</wsa:Action>
> <wsa:MessageID
> wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
> <wsa:ReplyTo wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> </wsa:ReplyTo>
> <wsa:To
> wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> <wsse:Security soap:mustUnderstand="1">
> <wsu:Timestamp
> wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> <wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
> <wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:BinarySecurityToken
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> <xenc:EncryptedKey
> Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
> <ds:DigestMethod
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> </xenc:EncryptionMethod>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <X509Data>
> <X509IssuerSerial>
> <X509IssuerName>CN=Root Agency</X509IssuerName>
>
> <X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
> </X509IssuerSerial>
> </X509Data>
> </wsse:SecurityTokenReference>
> </KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
> URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <Reference URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
> </Reference>
> <Reference URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
> </Reference>
> <Reference URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
> </Reference>
> <Reference URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
> </Reference>
> <Reference
> URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
> </Reference>
> <Reference URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
> <KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference
> URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> />
> </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
> <xenc:EncryptedData
> Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
> Type="http://www.w3.org/2001/04/xmlenc#Content"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> <xenc:CipherData>
> <xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soap:Body>
> </soap:Envelope>
>
>
>
> Sample java client SOAP:
> <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
> <xenc:EncryptedKey Id="EncKeyId-3852606">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <ds:X509Data>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
>
> <ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
>
> <xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#EncDataId-28472268" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <wsse:BinarySecurityToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> Id="Signature-2661678">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <ds:Reference URI="#id-28472268">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-29087666">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-21886820">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-28113457">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-22927632">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#Timestamp-32580443">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> />
> <ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
> bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
> /ouTIppVwJnvzMom4EQ=
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-32689826">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="STRId-3840954">
> <wsse:Reference URI="#CertId-1110094"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> />
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> <wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="Timestamp-32580443">
> <wsu:Created>2007-03-29T21:36:04.570Z</wsu:Created>
> <wsu:Expires>2007-03-29T21:41:04.570Z</wsu:Expires>
> </wsu:Timestamp>
> </wsse:Security>
> <wsa:To
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-21886820">http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
> <wsa:ReplyTo
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-28113457">
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> </wsa:ReplyTo><wsa:MessageID
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
> <wsa:Action
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
> </soapenv:Header>
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-28472268">
> <xenc:EncryptedData Id="EncDataId-28472268"
> Type="http://www.w3.org/2001/04/xmlenc#Content">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> <xenc:CipherData>
>
> <xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
> oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
> EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
> aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
> ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
> oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
> Kn2YHj4Vdt4IEg==</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
> Freddy Weishaeupl wrote:
>>
>> Hi,
>>
>> currently I'm trying to use a .NET Client to access a Java webservice. At
>> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
>> encrypt
>> the SOAP Body of the SOAP request message. At server-side WSS4J is used
>> for
>> checking the signature and decrypting the SOAP Message.
>>
>> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1
>> package.
>>
>> Unfortunately at server-side I always get the following error message:
>> -----------------------------------------------------------------------------------------------------------------
>> ...
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
>> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
>> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
>> HmacSHA1"
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID]
>> Request
>> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
>> Created IntegrityHmacSHA1 using HmacSHA1
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
>> "null")
>> [23.03.2007 14:53:37] [DEBUG]
>> [org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
>> Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
>> org.apache.ws.security.WSSecurityException: Referenced security token
>> could
>> not be retrieved. (Reference
>> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
>> at
>> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
>> at
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
>> ...
>> -----------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
>> combination with WSS4J?
>>
>> Thanks.
>>
>> Best Regards
>> Freddy
>>
>> _________________________________________________________________
>> Express yourself instantly with MSN Messenger! Download today it's FREE!
>> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746894
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not
be retrieved
Posted by hunterg1 <gh...@tier1innovation.com>.
I am having the same issue. Can anybody help me with this? I am using a
java client to a .NET service using WSE3.0. I get the same error of
'Referenced security token could not be retrieved' from the .NET service. I
have tried everything, even comparing a .NET client SOAP message to my java
client SOAP message. I am completely stuck now, can anybody please help? I
included the entire sample SOAP messages for both types of clients below.
Sample .NET client SOAP:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action
wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">http://services.test.org/HelloWorld</wsa:Action>
<wsa:MessageID
wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To
wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
<wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
<wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
<xenc:EncryptedKey
Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=Root Agency</X509IssuerName>
<X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
</Reference>
<Reference URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
</Reference>
<Reference URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
</Reference>
<Reference URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
</Reference>
<Reference
URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
</Reference>
<Reference URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
<xenc:EncryptedData Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<xenc:CipherData>
<xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
Sample java client SOAP:
<soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<xenc:EncryptedKey Id="EncKeyId-3852606">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
<ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-28472268" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-2661678">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-28472268">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-29087666">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-21886820">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-28113457">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-22927632">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-32580443">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
/ouTIppVwJnvzMom4EQ=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-32689826">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-3840954">
<wsse:Reference URI="#CertId-1110094"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-32580443">
<wsu:Created>2007-03-29T21:36:04.570Z</wsu:Created>
<wsu:Expires>2007-03-29T21:41:04.570Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:To
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-21886820">http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
<wsa:ReplyTo
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-28113457">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo><wsa:MessageID
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
<wsa:Action
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
</soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-28472268">
<xenc:EncryptedData Id="EncDataId-28472268"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<xenc:CipherData>
<xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
Kn2YHj4Vdt4IEg==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
Freddy Weishaeupl wrote:
>
> Hi,
>
> currently I'm trying to use a .NET Client to access a Java webservice. At
> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> encrypt
> the SOAP Body of the SOAP request message. At server-side WSS4J is used
> for
> checking the signature and decrypting the SOAP Message.
>
> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package.
>
> Unfortunately at server-side I always get the following error message:
> -----------------------------------------------------------------------------------------------------------------
> ...
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> HmacSHA1"
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request
> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
> Created IntegrityHmacSHA1 using HmacSHA1
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
> "null")
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
> Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> org.apache.ws.security.WSSecurityException: Referenced security token
> could
> not be retrieved. (Reference
> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> at
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
> ...
> -----------------------------------------------------------------------------------------------------------------------------------------
>
>
> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> combination with WSS4J?
>
> Thanks.
>
> Best Regards
> Freddy
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746790
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not be retrieved
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Can you please post the message that the java service gets from the .NET client?
Thanks,
Ruchith
On 3/23/07, Freddy Weishaeupl <fr...@hotmail.com> wrote:
> Hi,
>
> currently I'm trying to use a .NET Client to access a Java webservice. At
> the .NET side I use the Microsoft WSE 3.0 implementation to sign and encrypt
> the SOAP Body of the SOAP request message. At server-side WSS4J is used for
> checking the signature and decrypting the SOAP Message.
>
> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package.
>
> Unfortunately at server-side I always get the following error message:
> -----------------------------------------------------------------------------------------------------------------
> ...
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> HmacSHA1"
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request
> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
> Created IntegrityHmacSHA1 using HmacSHA1
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
> "null")
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
> Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> org.apache.ws.security.WSSecurityException: Referenced security token could
> not be retrieved. (Reference
> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> at
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
> ...
> -----------------------------------------------------------------------------------------------------------------------------------------
>
>
> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> combination with WSS4J?
>
> Thanks.
>
> Best Regards
> Freddy
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Interop WSE 3.0 and WSS4J - Referenced security token could not
be retrieved
Posted by hunterg1 <gh...@tier1innovation.com>.
I am having the same issue. Can anybody help me with this? I am using a
java client to a .NET service using WSE3.0. I get the same error of
'Referenced security token could not be retrieved' from the .NET service. I
have tried everything, even comparing a .NET client SOAP message to my java
client SOAP message. I am completely stuck now, can anybody please help? I
included the entire sample SOAP messages for both types of clients below.
Sample .NET client SOAP:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action
wsu:Id="Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">http://services.test.org/HelloWorld</wsa:Action>
<wsa:MessageID
wsu:Id="Id-26d2ba57-461a-40a3-903d-91667379e0f0">urn:uuid:da2cc8c7-916a-4070-bd3a-f4bd2cf9deb1</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To
wsu:Id="Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
<wsu:Created>2007-03-29T20:55:50Z</wsu:Created>
<wsu:Expires>2007-03-29T21:00:50Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
<xenc:EncryptedKey
Id="SecurityToken-ac1a4381-842f-4b28-a09b-6905daa7fb20"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=Root Agency</X509IssuerName>
<X509SerialNumber>115941452602315739450622432474596853575</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>TYcinGZA7is3p+qeJzO2qXShZMmthR8wvCLlILYRhIc9gYs1PWgYBcSzHFD8ERFmljU14LpGImjwV8BrTKG8Y+34WsWzvdWm7NcKCxGef35g2+CMr5ULa4K66oJAI7PrKObStZbMZbMIhMLiN1mxywshMopN4TQLqsyo5yHWuQc=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#Enc-d8146786-88aa-4856-9006-924cec39cc6a" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-079dc0cf-49b1-44b0-a07a-30e53ada2080">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>7J8sLlF2RVOpwxDip4fhfYdnppo=</DigestValue>
</Reference>
<Reference URI="#Id-26d2ba57-461a-40a3-903d-91667379e0f0">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>yfJDR/07H2ZoL78tlSbktJ4s3OI=</DigestValue>
</Reference>
<Reference URI="#Id-d57998cf-75ae-4bb8-aa68-4304eb2d4335">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>RF9LksVSwjOwlc0cqJXGIU0fZN8=</DigestValue>
</Reference>
<Reference URI="#Id-c5c4d5cf-cf41-4bc9-b712-f89091cc706c">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>Vuln7MwcXRbHO/5VlDu2ZdCchas=</DigestValue>
</Reference>
<Reference
URI="#Timestamp-dc7023d6-abea-4b20-8535-d70b6e4ba684">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>3xGYQOw+IBvdgBw4XGMUPHPDhgM=</DigestValue>
</Reference>
<Reference URI="#Id-7d197a0b-5908-468d-9c22-40cda8025a71">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>PwbqXRImnXhh4Tog9CF1f32EjOQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>T31FfjdvEMzuKcn/5PkZkHZ4SF4Hh74+SOPWjQWExDLRbrKzZGy5BMuijglUZrbLt6HPa8VhoLCla/tWc7PqKzX/6wONpeAy0YiX83x6z5b7hdEv9gSLdPiShDyIyIxKQ6uGMKq9SA9xdA/SWRKLgqDdlUxIsHJFAqxpLGbLK6c=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-53dd7ba0-3646-4c80-858b-445ba0ecafca"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-7d197a0b-5908-468d-9c22-40cda8025a71">
<xenc:EncryptedData Id="Enc-d8146786-88aa-4856-9006-924cec39cc6a"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<xenc:CipherData>
<xenc:CipherValue>Aa4g0Q+p9UYLRxiOM9vooenXWqYkoQu4yZ7vEzvEhpVmA9/JMPlrnKU2psZcVn5zbmNpV3ZbNj+BkA9FeUzqwZY2PWhK2e/QdXCjpGVYnvw=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
Sample java client SOAP:
<soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<xenc:EncryptedKey Id="EncKeyId-3852606">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Root Agency</ds:X509IssuerName>
<ds:X509SerialNumber>115941452602315739450622432474596853575</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>CnHrkj5imyG0q/I1I2qzrkEPUgmFvecUhqo3y9u7dlfVAEZ3TYP1KvLL5Ibfx9w8sbi1ZJ+4H6bimKQO4NH34oXot1+M7RC7pOQgKMtkiiUV/ePUu+EIivctgp8O5wxQd6Xz/pVlgt5KMurfu/GidwkOSmEo7c4zoAII6MxHcsQ=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-28472268" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-1110094">MIIBtjCCAWSgAwIBAgIQ0xuOOJAk36FLgEkAGKXh2zAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MDkxMTE3MjYyNVoXDTM5MTIzMTIzNTk1OVowGTEXMBUGA1UEAxMOU2VydmljZUNsaWVudDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvhyC+jEPujhtiS8vN2mucQacr8V64A3LKip+vAgGf00WwfsUG1cAY8xEJowWCt+imLTHHdREeLJqZ7ND3Bhc/YX/ENTU6WnCk+RRtyi2QjXDQTZopeKvxPISPMW26eIKoDY8eLDYKkJdQIscAmTElPUr/yAkb7uWOsDRcaELPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAESRFHKWt94RYik/49D8FY8Xxsrl2KFuMz9isMsjYTHIc0GZAL70JSDkoS/BSkBXcsAc+LYTBYoxNyjRFzQoTEQ==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-2661678">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-28472268">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>qKODJw3FD0Y3ux551lLvFDQxdac=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-29087666">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>lI8Dwho3Ll5S5IGRZKGBN5N36WY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-21886820">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>eedOjqxbQodrUoTPkDG7TCGesS0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-28113457">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>k1/s6GPu+FAQ3LsWSRLKj896lZs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-22927632">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>F0v2H6ovbR7M4PUjsBytnt6X3UU=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-32580443">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>JamToNJwKmHPNznZPItnQ/mCfHU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
JhjlwVhaZ2bzuZin4Wj7iLlQWpj/JRtbrHiqCOvjVNmonIEYMjRWd3KwTuuZxiA0Gu6HxCerFErn
bVDLpsATQhBZaRQXxezHvV3kmpRXC/AA0ev0FkdB0hk5SBftQvK2zobLtb9SbKqkyXFtq8SrsksS
/ouTIppVwJnvzMom4EQ=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-32689826">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-3840954">
<wsse:Reference URI="#CertId-1110094"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-32580443">
<wsu:Created>2007-03-29T21:36:04.570Z</wsu:Created>
<wsu:Expires>2007-03-29T21:41:04.570Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:To
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-21886820">http://dc32740/WebServiceNewSecuritySignandEncrypt/Service.asmx</wsa:To>
<wsa:ReplyTo
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-28113457">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo><wsa:MessageID
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-22927632">urn:uuid:971DF6D2EC1A63EE631175204164091</wsa:MessageID>
<wsa:Action
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-29087666">http://services.test.org/HelloWorld</wsa:Action>
</soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-28472268">
<xenc:EncryptedData Id="EncDataId-28472268"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<xenc:CipherData>
<xenc:CipherValue>+Fvu4fGMhAuSRXa3Zm0vrXPTsqJOKfj9njAmoOgJDwsgfP1wR/ZAXTpceHVWdbtfzV0fpt8Ya/Sd
oSa+vWsx2EuQJsS1z0sC80XMAFCrdISpX3N+OBK7qAThpJtnVH0ywsOeoyhuye3c+CFrABf9+Td9
EwkzBRuFkicfRh6X3Db2Lv2hFxjjXnFPIM2t37w5ZkXgBVdY8bIgppuOMdLfKy+SagUDcF0r9YXu
aLAcuEd/fuoQmdxnvBk9FHGQZnOQ2jHXQqy3kGEU450pqPUnSnb6FRNEspEhrlIw/XzrIO4QunG3
ztJOnkvq99PCJ27UExrgGUQ/giSIUU5pK9oM0xiJLAHq/abaZeCk1sbUBq5woMm1kO6Ff6cpHa7s
oaDKLaAwt40Jr9iSEt45C4roaT27xZobPLEr5aZmPWA60GAhjEMj0qC2WTaHwyU9HRGWnQEaKxrg
Kn2YHj4Vdt4IEg==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
Freddy Weishaeupl wrote:
>
> Hi,
>
> currently I'm trying to use a .NET Client to access a Java webservice. At
> the .NET side I use the Microsoft WSE 3.0 implementation to sign and
> encrypt
> the SOAP Body of the SOAP request message. At server-side WSS4J is used
> for
> checking the signature and decrypting the SOAP Message.
>
> I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package.
>
> Unfortunately at server-side I always get the following error message:
> -----------------------------------------------------------------------------------------------------------------
> ...
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI
> "http://www.w3.org/2000/09/xmldsig#hmac-sha1" class "class
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity
> HmacSHA1"
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request
> for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>]
> Created IntegrityHmacSHA1 using HmacSHA1
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo",
> "null")
> [23.03.2007 14:53:37] [DEBUG]
> [org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement]
> Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832
> org.apache.ws.security.WSSecurityException: Referenced security token
> could
> not be retrieved. (Reference
> "#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832")
> at
> org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179)
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
> ...
> -----------------------------------------------------------------------------------------------------------------------------------------
>
>
> Any ideas what's the problem here? Has anyone already tested WSE3.0 in
> combination with WSS4J?
>
> Thanks.
>
> Best Regards
> Freddy
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Interop-WSE-3.0-and-WSS4J---Referenced-security-token-could-not-be-retrieved-tf3454147.html#a9746790
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org