users@jax-rpc.java.net

Re: doubt on XWS signature syntax

From: Anne Thomas Manes <atmanes_at_gmail.com>
Date: Thu, 7 Apr 2005 08:10:37 -0700

You need to update the version of .NET WSE you're using. Older
versions use the previous non-standard version of WS-Security. Sun XWS
supports only WS-Security 2004.

Anne

On Apr 5, 2005 1:51 AM, Alessio Cervellin
<alessio.cervellin_at_sun-cs-italy.com> wrote:
> My endpoint, which has signature requirement, is receiving a signed soap message (probably from a .NET platform) which can't be validated.
> By analizing it, I discovered this is due to the syntax of some security tags which are not being accepted from XWS.
>
> First issue:
> incoming message's BinarySecurityToken block looks like this:
>
> <wsse:BinarySecurityToken xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" ...
>
> XWS doesn't accept it, but if I change the wsu namespace declaration and the EncodingType/ValueType attributes to the following format it works fine:
>
> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ...
>
> So:
> - which wsu namespace declaration is valid according to the OASIS WSS specification? (I'd say the second one, so 1 point to XWS)
> - Which EncodingType/ValueType declaration is valid? I've some doubt... shouldn't "wsse:X509v3" be equivalent to "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ? (since the wsse namespace is correctlty declared befoire in the wsse:Security tag)
>
> Second issue:
> incoming message's Signature block looks like this:
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
> ..
>
> And XWS doesn't find it... if I change it to the following, it works fine:
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> ..
>
> I just added the "ds" prefix...
> So:
> - which of the above syntax is correct? Shouldn't XWS accept both?
>
> Thanks for you help.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
> For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net
>
>