Brian, never seen such a behaviour, also not during the interop tests last year.
WSS4J uses the standard Object ID (OID) "2.5.29.14" to get the SKI value (refer to Merlin.java, getSKIBytesFromCert). Can you somehow get the request generated by .NET/WSE2 - just curious what they generated as SKI in such a case - if the real SKI is not available. Regards, Werner > -----Urspr�ngliche Nachricht----- > Von: Brian Nielsen [mailto:[EMAIL PROTECTED] > Gesendet: Montag, 16. Mai 2005 23:01 > An: [email protected] > Betreff: X509 Subject Key Identifer and interoperability > > > I have a service that I've created with axis/wss4j, and the > certificates are > created with openssl (I've attached the certificate to this > mail). I've > tested the service with an axis/wss4j without any problems, > but when I tried > calling from .NET/WSE2 I ran into problems. From .NET/WSE2 I can only > generate a request that has a "SecurityTokenReference" with a > "KeyIdentifier" childelement for the "Subject Key Identifier" > (SKI), like in > the spec [1]. But the server-side runs into problems with an > exception, and > then i tried to run an axis/wss4j client with SKI and didn't > even get to > send the request due to the same reason. I've looked around > and found that > my certificat doesn't contain a SKI, so in a way it's fair > that wss4j gives > an exception, but then I wonder how .NET/WSE2 does create a > request with it. > From the RFC [2] it does seem like I should go back and > create a new set of > certifcates: > > <quote section="4.2.1.2 Subject Key Identifier"> > To assist applications in identifying the appropriate end entity > certificate, this extension SHOULD be included in all end entity > certificates. > </quote> > > Has anyone dealt with the same problems, and do you think my > certificates > are to blame and last how can .NET/WSE2 do it. > > Thanks for any advice. > > > Regards > Brian > > > [1] > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-t oken-profile-1 .0.pdf [2] http://www.faqs.org/rfcs/rfc3280.html
