[jboss-user] [JBoss Web Services] - JBossWS token references limitations...

mauro.brasil do-not-reply at jboss.com
Wed Mar 2 12:56:13 EST 2011


mauro.brasil [http://community.jboss.org/people/mauro.brasil] created the discussion

"JBossWS token references limitations..."

To view the discussion, visit: http://community.jboss.org/message/590704#590704

--------------------------------------------------------------
Hello there!

I'm trying to improve security on a application suite we have here by adding ws-security encryption. We were using just ws-security's Username Token for authentication, but now we need to encrypt message's content because some sensitive information will be added to it.

We use JBossWS (version "3.1.1.GA") running on " http://jboss-4.2.3.ga/ JBoss-4.2.3.GA" at server side and axis2c/rampartc (versions 1.6.0/1.3.0 respectively) on clients side.

Find a security token reference that is supported/implemented by both sides wasn't so easy as I expected

First try was with "RequireThumbprintReference" that's is axis2c/rampartc most used option on samples. It results on "Currently only SubjectKeyIdentifiers are supported" message on server that I've already tracked to two discutions of this site " http://community.jboss.org/message/534939#534939 http://community.jboss.org/message/534939#534939" and " http://community.jboss.org/message/340764#340764 http://community.jboss.org/message/340764#340764" with no solution.

I've tried "RequireKeyIdentifierReference" that won't work because my certs don't have Key Identifiers, what seems to be normal on cert that were not selt created/signed using keytool.

I'.ve tried "RequireEmbeddedTokenReference" which seems to be unknow to server that shows "Unkown reference element: Embedded".

And I've tried "RequireIssuerSerialReference" that resulted on message "Could not locate certificate by issuer and serial number" from server also present on a discution of this site.

I'm feeling that this could be problems regarding the relative old version of JBoss/JBossWS I'm using right now.

So... my question is: is there a JBoss/JBossWS known combination that works with "RequireIssuerSerialReference" or that accepts "RequireThumbprintReference"?

Thanks a lot and best regards,
Mauro.
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/590704#590704]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20110302/5b867a44/attachment.html 


More information about the jboss-user mailing list