G�rkan, WSS4J implements the WSS profiles described in the OASIS WSS Specification 1.0 and to some sort the SAML profile.
Is this encryption mechanism part of the OASIS WSS profiles? Or is it documented somewhere? Anyhow, to me this seems another proprietary extension of .NET/WSE (or is this someting that is also used in conjunction with secure conversation?). Sometime ago we had a similar problem because .NET/WSE uses a proprietary mechanism to generate a Signature with a Signature key that is constructed from data in UsernameToken - we inserted this algo, pls refer to UsernameTokenSignature (last weekend I updated some inline doc about this topic, pls chek the CVS mail here in the list). However, no official interop was done for this, support is weak because of weak documention, and so on. Interop tests were done for the WSS profiles X.509 and UsernameToken, I'm not aware of interop tests for the SAML profile (does anybody knows about SAML profile interops?). Interop tests for proprietary extensions shall be done on a case by case basis. Often there is no official documentation about the proprietary extensions. If possible use security profiles as specified in OASIS WS Specification 1.0. because this enhances interop to a great extend. Regards, Werner > -----Urspr�ngliche Nachricht----- > Von: G�rkan Vural [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 17. Mai 2005 10:23 > An: [email protected] > Betreff: .net and wss4j interoperatibility > > > .net wse can encrypt data with username token using aes128-cbc with a > key smaller than 128 bits. when i try to decrypt message with wss4j > using the same password (smaller than 16 bytes) it throws an exception > that the key size is smaller than 128. i tried to fill empty > bytes with > spaces but it didn't work. does anyone know how to extend the password > to 128 bits like .net wse does. > > also are there any known issues that will make my work easy while > interoperating .net and wss4j? > > -- > gurkan > > ==========================================================- > Bu e-posta sadece yukarida isimleri belirtilen kisiler > arasinda �zel haberlesme amacini tasimaktadir. Size > yanlislikla ulasmissa l�tfen g�nderen kisiyi bilgilendiriniz > ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez > Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir > hukuksal sorumlulugu kabul etmez. > > This e-mail communication is intended for the private use of > the people named above. If you received this message in > error, please immediately notify the sender and delete it > from your system. The Central Bank of The Republic of Turkey > does not accept legal responsibility for the contents of this message. >
