[jboss-user] [JBossWS] - Re: Error SAP WS-Security client calling JBoss Security WS
lall2
do-not-reply at jboss.com
Wed Sep 3 15:36:01 EDT 2008
Hi enpasos,
thanks for your reply. I did a further test. Taking the request from the SAP system, see a) of my first post, I manually added
ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'
to the <wsse:Reference> element of
| ...
| <ds:KeyInfo>
| <wsse:SecurityTokenReference>
| <wsse:Reference URI="#sap-17"/>
| </wsse:SecurityTokenReference>
| </ds:KeyInfo>
| ...
|
| ----->
|
| ...
| <ds:KeyInfo>
| <wsse:SecurityTokenReference>
| <wsse:Reference URI="#sap-17" ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/>
| </wsse:SecurityTokenReference>
| </ds:KeyInfo>
| ...
|
Using my sniffer tool, I resubmitted this modified request to JBoss and the
WSSecurityException("Inavliad message, Reference element is missing a ValueType") of
org.jboss.ws.extensions.security.element.DirectReference
was gone. But unfortunately, I faced the next exeption:
WSSecurityException("Invalid message, BinarySecurityToken is missing an id") of org.jboss.ws.extensions.security.element.X509Token
So I modified and resent the same request again by adding
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='sap-18'
to the line
| ...
| <wsse:BinarySecurityToken
| ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
| EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
| ...
|
| ----->
|
| ...
| <wsse:BinarySecurityToken
| xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
| wsu:Id='sap-18'
| ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
| EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
| ...
|
Again, after resubmitting the modified request to JBoss, the exception did not occur any more.
However, using this resubmitting method resulted in an expired message error/exception. I am running out of ideas.
The only two things that remain is trying out the latest releases of JBoss and JBossWS native 3.0.3 or rebuilding JBossWS 3.0.x
from the source after commenting out the "Reference element is missing a ValueType" check of org.jboss.ws.extensions.security.element.DirectReference
and the "Invalid message, BinarySecurityToken is missing an id" check of org.jboss.ws.extensions.security.element.X509Token to see what is happening then.
Unfortunately, I have no time to do that at the moment :-(
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4174088#4174088
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4174088
More information about the jboss-user
mailing list