users@jax-rpc.java.net
Re: doubt on XWS signature syntax
This message
: [
Message body
] [ More options (
top
,
bottom
) ]
Related messages
: [
Next message
] [
Previous message
] [
In reply to
] [
Next in thread
]
Contemporary messages sorted
: [
by date
] [
by thread
] [
by subject
] [
by author
] [
by messages with attachments
]
From
: V B Kumar Jayanti <
Vbkumar.Jayanti_at_Sun.COM
>
Date
: Tue, 05 Apr 2005 16:29:10 +0530
Alessio Cervellin wrote:
>My endpoint, which has signature requirement, is receiving a signed soap message (probably from a .NET platform) which can't be validated.
>By analizing it, I discovered this is due to the syntax of some security tags which are not being accepted from XWS.
>
>First issue:
>incoming message's BinarySecurityToken block looks like this:
>
><wsse:BinarySecurityToken xmlns:wsu="
http://schemas.xmlsoap.org/ws/2003/06/utility
" EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" ...
>
>XWS doesn't accept it, but if I change the wsu namespace declaration and the EncodingType/ValueType attributes to the following format it works fine:
>
><wsse:BinarySecurityToken xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
" EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#Base64Binary
" ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
" ...
>
>So:
>- which wsu namespace declaration is valid according to the OASIS WSS specification? (I'd say the second one, so 1 point to XWS)
>
>- Which EncodingType/ValueType declaration is valid? I've some doubt... shouldn't "wsse:X509v3" be equivalent to "
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
" ? (since the wsse namespace is correctlty declared befoire in the wsse:Security tag)
>
wsse NS is
"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
and not
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0
So +1 to XWS again. "wsse:x509v3" is not acceptable.
>
>Second issue:
>incoming message's Signature block looks like this:
> <Signature xmlns="
http://www.w3.org/2000/09/xmldsig
#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n
#"></CanonicalizationMethod>
> <SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1
"></SignatureMethod>
>..
>
>And XWS doesn't find it... if I change it to the following, it works fine:
> <ds:Signature xmlns:ds="
http://www.w3.org/2000/09/xmldsig
#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n
#"></ds:CanonicalizationMethod>
> <ds:SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1
"></ds:SignatureMethod>
>..
>
>I just added the "ds" prefix...
>So:
>- which of the above syntax is correct? Shouldn't XWS accept both?
>
>
We should accept both. Can you paste the error that you get here.
thanks...
>Thanks for you help.
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
>For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net
>
>
>
This message
: [
Message body
]
Next message
:
Alessio Cervellin: "Re: doubt on XWS signature syntax"
Previous message
:
Baker, Brad \(Contr\): "RE: Handler help"
In reply to
:
Alessio Cervellin: "doubt on XWS signature syntax"
Next in thread
:
Alessio Cervellin: "Re: doubt on XWS signature syntax"
Contemporary messages sorted
: [
by date
] [
by thread
] [
by subject
] [
by author
] [
by messages with attachments
]