[jboss-user] [JBossWS] - Re: Error SAP WS-Security client calling JBoss Security WS

lall2 do-not-reply at jboss.com
Wed Sep 3 15:36:01 EDT 2008 

Hi enpasos,

thanks for your reply. I did a further test. Taking the request from the SAP system, see a) of my first post, I manually added 
ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'
to the <wsse:Reference> element of


  | ...
  |   <ds:KeyInfo>
  |     <wsse:SecurityTokenReference>
  | 	<wsse:Reference URI="#sap-17"/>
  |     </wsse:SecurityTokenReference>
  |   </ds:KeyInfo>
  | ...
  | 
  | ----->
  | 
  | ...
  |   <ds:KeyInfo>
  |     <wsse:SecurityTokenReference>
  | 	<wsse:Reference URI="#sap-17" ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/>
  |     </wsse:SecurityTokenReference>
  |   </ds:KeyInfo>
  | ...
  | 

Using my sniffer tool, I resubmitted this modified request to JBoss and the

WSSecurityException("Inavliad message, Reference element is missing a ValueType") of
org.jboss.ws.extensions.security.element.DirectReference

 was gone. But unfortunately, I faced the next exeption:

WSSecurityException("Invalid message, BinarySecurityToken is missing an id") of org.jboss.ws.extensions.security.element.X509Token

So I modified and resent the same request again by adding

xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='sap-18'

to the line


  | ...
  | <wsse:BinarySecurityToken 
  |    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"  
  |    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
  | ...
  | 
  | ----->
  | 
  | ...
  | <wsse:BinarySecurityToken 
  |    xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' 
  |    wsu:Id='sap-18'
  |    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"   
  |    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
  | ...
  | 

Again, after resubmitting the modified request to JBoss, the exception did not occur any more.
However, using this resubmitting method resulted in an expired message error/exception. I am running out of ideas.

The only two things that remain is trying out the latest releases of JBoss and JBossWS native 3.0.3 or rebuilding JBossWS 3.0.x
from the source after commenting out the "Reference element is missing a ValueType" check of org.jboss.ws.extensions.security.element.DirectReference
and the "Invalid message, BinarySecurityToken is missing an id" check of org.jboss.ws.extensions.security.element.X509Token to see what is happening then.

Unfortunately, I have no time to do that at the moment :-(


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4174088#4174088

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4174088

More information about the jboss-user mailing list