Hi dev, I have some question about digital signature reference. I use rampart for generating soap message with SymmetricBinding policy, they generate the soap message as below and when microsoft's wse3.0 receive this message. It return this error back to my console.
"WSE502: The target element referenced by the following id can not be found in the message: Id-11985823. Make sure that the element is present at the time when the signing or encryption operation is performed." Notice wse3.0 tell that the Id-11985823 can not be found but in my soap message it clearly present in signature token. What does i can do for this problem? thank you for your kindness. twl ------------------------------------------------------------------------ ---------- Here is my SOAP message <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" soapenv:mustUnderstand="true"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="Timestamp-6166426"> <wsu:Created>2007-11-19T09:16:23.065Z</wsu:Created> <wsu:Expires>2007-11-22T20:36:23.065Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so ap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-securit y-1.1#ThumbprintSHA1">Xi3VZkuCbzgfoFI2Qr1Gkz6haf4=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>oyFtUYbPYy8JlYCCsmP/n6VYzotMk14bF3pvFVIQ0ibqmveh5V0HPs fBjit4Zg9FY9FMN0lx0iy9KpnDDMWXW+iapcFTfl81XXP5eDU5tpc8iMuedWNlISSVkHf0Nn YIUyQ7pw9JiqYAA4XSslcHBaPrXW/vzKofpwnD0PRImUE=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="derivedKeyId-1114115"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012" /> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>16</wsc:Length> <wsc:Nonce>2VbeA7yLrv/sgvPmqV9JDw==</wsc:Nonce> </wsc:DerivedKeyToken> <xenc:ReferenceList /> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so ap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509- token-profile-1.0#X509v3" wsu:Id="CertId-7979854">MIID2DCCAsCgAwIBAgIKKJGEBAAAAAAAIDANBgkqhkiG9w0B AQUFADASMRAwDgYDVQQDEwdJQkRldkNBMB4XDTA3MDYyNzA1MTUxM1oXDTA4MDYyNzA1MjUx M1owFzEVMBMGA1UEAxMMU0lQQUNsaWVudC0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQC/xUrOHpHEooNR74V+H0cy4RM/PIzNG0DYpO+69soo94ABE0BcLtu4QxEPkZ9D3hExgN0D OIyPg3p7T8wYBK/ypGcUp/e3ZBg2s1E4DKQt6ZygS9+p/o/ueNQkSbBvSYKXm+o8dyXBqour BVE8nMAtqqXebMCsWpTxhktBPdAXXQIDAQABo4IBrTCCAakwDgYDVR0PAQH/BAQDAgTwMEQG CSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMC BzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUi+nAwmxOh3dWDVys8K32ET9NE+EwEwYDVR0lBAww CgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUQwA/Ut9S4xeFQ3GtSJKwH0yOjNUwZQYDVR0fBF4w XDBaoFigVoYoaHR0cDovL2liLWRldi1zcnYvQ2VydEVucm9sbC9JQkRldkNBLmNybIYqZmls ZTovL1xcSUItREVWLVNSVlxDZXJ0RW5yb2xsXElCRGV2Q0EuY3JsMIGUBggrBgEFBQcBAQSB hzCBhDA/BggrBgEFBQcwAoYzaHR0cDovL2liLWRldi1zcnYvQ2VydEVucm9sbC9JQi1ERVYt U1JWX0lCRGV2Q0EuY3J0MEEGCCsGAQUFBzAChjVmaWxlOi8vXFxJQi1ERVYtU1JWXENlcnRF bnJvbGxcSUItREVWLVNSVl9JQkRldkNBLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAJ0IaQT0K 3piyZJWTjWRR6h6ZkEyQLQjdMJJlUSmjPKPTQ/JSgv3py86LhaU0bP//IYEN8kvqejVOtxZf 5+kV1tGr/o3jay7bRt/gFcLJHLlj3iAfWmFRVP2umtaS5P5uLzD13pOfJCkdWEKms2ZJt/0i ERkFDTb3jYPuibMD7nPkS77XovCFbmOcRJYT2N0zGrCa7WSbopbFX4OPZxski/A4M06OpYAl F7v38lrpjWqc/qfAQ2aJXYseJGmzDDd0jOxLWLHtlu9YNKyuesZxKkJqVvyGBO9jSMhT14cw a5XJOuXY6LQMDXIyipFh17TfsK7akre9avyvuEHLWPD9LQ==</wsse:BinarySecurityTok en> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="derivedKeyId-4999541"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012" /> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <f9cwsc:Length>32</wsc:Length> <wsc:Nonce>BY2ND6tlnxKYHDS8+PcHmg==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" Id="Signature-25352765" wsu:Id="Id-11985823"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <ds:Reference URI="#Id-19583390"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>/1/0RJJno+Qcl8s4wcJ84PwKwgk=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-2628939"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>doL49U3f+krfxWP+jsUbi6wmL+c=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-26956311"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>eqbsLithYKIgP758VrdLDGr8/eg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-2780950"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>N8p2mRNQ+/lTBaufxEzPZnuhZdI=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-31658378"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>o6SwMiCtAUqORLDGMXjpg4GUceg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-6166426"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>P/8AowVuRGNVfKNIFkkVLaTyiD0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>A6wlWm9jFyQeammvxQodK5VNh+s=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-29751107"> <wsse:SecurityTokenReference wsu:Id="STRId-32278793"> <wsse:Reference URI="#derivedKeyId-4999541" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-14525019"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#Id-11985823"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>/K8QdsCye7TKDDBPRBE1libbLAw=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>ZDLdiHZ7WMVMyzaLZSKO30LdRokkwOSUnKgIu1whpDQdeLIHxUDb6 lgm98BU4IE3Uo87z0r75ZDoEjIMAg3er2dCs3m8XYddywTaH3Nq91G94CoOotQT2EWEuMRig 1QNyPShmzxjViB8FwM5HtpKUuDVU+bG9yh7lz/LnLX9pVY=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-16471729"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="STRId-16291471"> <wsse:Reference URI="#CertId-7979854" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509- token-profile-1.0#X509v3" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="Id-19583390">http://192.168.99.177:8888/wsewebservice/service.as mx</wsa:To> <wsa:ReplyTo xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="Id-2628939"> <wsa:Address>http://schemas.xmlsoap.org/ws/273c004/08/addressing/role/an onymous</wsa:Address> </wsa:ReplyTo> <wsa:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="Id-26956311">urn:uuid:F20F7B0D983382431C1195463783058</wsa:Messa geID> <wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="Id-2780950">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT< /wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="Id-31658378"> <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst: RequestType> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsa:Address>http://192.168.99.177:8888/wsewebservice/service.asmx</wsa: Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2007-11-19T09:16:22.784Z</wsu:Created> <wsu:Expires>2007-11-19T09:21:22.784Z</wsu:Expires> </wst:Lifetime> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenTy pe> <wst:Entropy> <wst:BinarySecret Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce";>O0ChTFwz/rifmkf PAD4OfTw8pIqLb4oYrhdwIPlZXqLT2sirVLb9Fx2EbOq1wbI+gidDoB1VxLjGnFckUYBM0qq C5YLw0q7wlyqiSi1McLVMA9bnx1gnjrASHA/6PCAeAmb9zLnzfyC7TVFq0NVxjzeYAjAhR/A Tjxw+O5BDV0M0P7hdZ1opuKJR65+uzpG4S/LHDkeCDM0ur4+9MdiSmu/iAgGbpFqIHuEZ4gw jADuEIGUub6aFssqErRBeMx0al1KEUDYs3/ub1Eg/TDesWb/tqrtCY+IQs3DCWvdZGZ5x+a7 DT7shwMwzEJ9QrRE71N/Y/GkeuhQ/je1iqNSVcQ==</wst:BinarySecret> </wst:Entropy> <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK /PSHA1</wst:ComputedKeyAlgorithm> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> ------------------------------------------------------------------------ -------------- Here is my Policy <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:BootstrapPolicy> <wsp:Policy> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:RequireKeyIdentifierReference/> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:EndorsingSupportingTokens> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:RequireThumbprintRefderence/> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss11> <wsp:Policy> <sp:MustSupportRefEncryptedKey/> <sp:RequireSignatureConfirmation/> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefThumbprint/> </sp:Wss11> <sp:Trust10> <wsp:Policy> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> </wsp:Policy> </sp:BootstrapPolicy> </wsp:Policy> </sp:SecureConversationToken> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> Confidentiality and Disclaimer :This e-mail and any attachments hereto (the E-mail) may contain information which is confidential and/or proprietary and transmitted for the sole use of the recipient(s) named above and for the intended purpose only. If you are not the intended recipient of the E-mail, you are hereby notified that any review, copy, retransmission, distribution, or use of the E-mail in any manner for any purpose is strictly prohibited and please notify the sender, delete the original of the E-mail and destroy all copies immediately. Bangkok Bank accepts no responsibility for any mis-transmission or virus contamination of, or interference with, the E-mail, or for any loss or damage that may be incurred as a result of the use of any information contained in the E-mail.
