help: directReference, senderVouches & X509Certificate
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
help: directReference, senderVouches & X509Certificate
by vroom
::
Rate this Message:
I have a integration test coming up and have been trying for a few days to figure out how to format a client-side SOAP message so it will be accepted by a service. The example client message I've been shown requires senderVouches and has the clients' x509 certificate being transferred to the service in the KeyInfo like so: keyInfo x509Data x509Certificate The message I'm generating with senderVouches and directReference places provides: Wsse:securityTokenReference wsse:BinarySecurityToken in header keyInfo SecurityTokenReference Reference to BinarySecurityToken My requirement therefore is to remove the SecurityTokenReference/BinarySecurityToken from the header and add the x509certificate to the KeyInfo. The software stack I'm using is: xFire 1.2.6 Wss4j 1.5.1 openSaml 1.0.1 Xmlsecurity 1.3 I'm trying to get it upgraded but its a very long and tedious process. Will an upgrade supply this functionality? |
|
|
RE: help: directReference, senderVouches & X509Certificate
by Colm O hEigeartaigh
::
Rate this Message:
Hi,
WSS4J does not currently support constructing a KeyInfo object that includes the X509 Cert in x509Data. According to the SOAP Message Security spec: "However, in this specification, the use of <wsse:BinarySecurityToken> is the RECOMMENDED mechanism to carry key material if the key type contains binary data." You have a few other options to use for referring to a Key from a signature: http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHand lerConstants.html#SIG_KEY_ID http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHand lerConstants.html#keyIdentifier Colm. -----Original Message----- From: vroom [mailto:vroom3@...] Sent: 06 November 2009 23:25 To: wss4j-dev@... Subject: help: directReference, senderVouches & X509Certificate I have a integration test coming up and have been trying for a few days to figure out how to format a client-side SOAP message so it will be accepted by a service. The example client message I've been shown requires senderVouches and has the clients' x509 certificate being transferred to the service in the KeyInfo like so: keyInfo x509Data x509Certificate The message I'm generating with senderVouches and directReference places provides: Wsse:securityTokenReference wsse:BinarySecurityToken in header keyInfo SecurityTokenReference Reference to BinarySecurityToken My requirement therefore is to remove the SecurityTokenReference/BinarySecurityToken from the header and add the x509certificate to the KeyInfo. The software stack I'm using is: xFire 1.2.6 Wss4j 1.5.1 openSaml 1.0.1 Xmlsecurity 1.3 I'm trying to get it upgraded but its a very long and tedious process. Will an upgrade supply this functionality? -- View this message in context: http://old.nabble.com/help%3A-directReference%2C-senderVouches---X509Cer tificate-tp26230917p26230917.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscribe@... For additional commands, e-mail: wss4j-dev-help@... --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscribe@... For additional commands, e-mail: wss4j-dev-help@... |
|
|
RE: help: directReference, senderVouches & X509Certificate
by vroom
::
Rate this Message:
Hi, I've tried setting the SIG_KEY_ID to "X509KeyIdentifier" and SKIKeyIdentifier and get an GeneralSecurityError that they are an "Unsupported Key Identification". Is there some other approach you would recommend? Thanks, -- Steve
|
| Free embeddable forum powered by Nabble | Forum Help |
