So the following goto me past the problem of the java webservice failing to validate the request: <globalConfiguration> <parameter name="enableNamespacePrefixOptimization" value="false"/>
But now the .NET client is failing to validate the response because the WSE SecurityInputFilter is trying to validate the signature of the element with the id id-12374346 however for a SAML Assertion it is comparing against the AssertionID and not the wsu:Id. <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; AssertionID="c3d50b725586474de4e411e597933763" IssueInstant="2005-06-23T15:53:51.125Z" Issuer="CN=www.foo.com, OU=Other, OU=PKI, OU=XxX, O=U.S. Government, C=US" MajorVersion="1" MinorVersion="1" wsu:Id="id-12374346"> If these ids contained the same value then I think this would work. Is this something that could be done in WSS4J? Anyone know what code adds the wsu:Id attribute to the assertion? Ted --- Ted Toth <[EMAIL PROTECTED]> wrote: > I'm confused I've read the postings regarding the > Axis > fix (AXIS-1624) for this issue but am still seeing > this problem when my .Net client calls my Axis > srvice. > > Client side: > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> > > server side: > <CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > > I'm using Axis 1.2.1 and I see that the default for > optimizePrefixes in NSStack.java is true but there > is > a constructor that overrides this value. I'm > assuming > that the constructor that overrides optimizePrefixes > is used but I don't know where so I can't be sure. > is > there something I need to do to insure NSStack > doesn't > optimize the namespaces and cause signature > validation > to fail? I've seen some mention of WSSConfig do I > need > to do something with it? > > Ted > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
