Could you display an example as I have not seen either descriptor or
programmatic interface to accomodate Subject within Rampart
//I have seen programmatic interface for Subject within OpenSaml-2.3.0 as in
this case for Single Element
String singleElementFile =
"/data/org/opensaml/saml2/core/impl/Subject.xml";
org.opensaml.saml2.core.Subject subject = (Subject)
unmarshallElement(singleElementFile);
//populate the attributes for Single Element Subject
//or populate multiple elements
String childElementsFile =
"/data/org/opensaml/saml2/core/impl/SubjectChildElements.xml";
org.opensaml.saml2.core.Subject subject = (Subject)
unmarshallElement(childElementsFile);
log.debug(subject nameIdentitifer="+subject.getNameID());
log.debug("SubjectConfirmation Count not ",
subject.getSubjectConfirmations().size());
https://spaces.internet2.edu/display/OpenSAML/Home
Rückgespräch?
Martin
______________________________________________
Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung
Ez az
üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy
jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának
készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és
semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek
könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet
ezen üzenet tartalma miatt.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
> To: [email protected]
> Subject: Antwort: RE: Antwort: RE: WCF interoperatibility AXIS: signature or
> decryption was invalid
> From: [email protected]
> Date: Tue, 12 Oct 2010 12:13:07 +0200
>
> Hi Tom,
>
> I don't know how you create the certificate.
> I have generated the WCF certifcate by coding, It's a X509 certificate
> version 3.
> "
> X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
>
> // self-signed
> certGen.SetIssuerDN(dnName);
> certGen.SetPublicKey(keyPair.Public);
>
> certGen.SetSignatureAlgorithm("SHA1withRSA");
> // add extensions
> certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier,
> true, new AuthorityKeyIdentifierStructure(keyPair.Public));
> certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, true
> , new SubjectKeyIdentifierStructure(keyPair.Public));
> certGen.AddExtension(X509Extensions.BasicConstraints, true,
> new BasicConstraints(false));
> certGen.AddExtension(X509Extensions.KeyUsage, true,
> new KeyUsage(KeyUsage.DigitalSignature | KeyUsage
> .KeyEncipherment |
> KeyUsage.DataEncipherment | KeyUsage
> .NonRepudiation ));
> ArrayList extKeyUsages = new ArrayList();
> extKeyUsages.Add(KeyPurposeID.IdKPClientAuth);
> extKeyUsages.Add(KeyPurposeID.IdKPTimeStamping);
> certGen.AddExtension(X509Extensions.ExtendedKeyUsage, true,
> new ExtendedKeyUsage(extKeyUsages));
> "
>
> The certificate in the keystore.jks looks like this, here in German :-)
> "
> Aliasname: testapojava1
> Erstellungsdatum: 08.07.2010
> Eintragstyp: trustedCertEntry
>
> Eigner: [email protected], CN=TestApoJava1, OU=OrgUnit, O=company,
> L=Merzig, C=DE
> Aussteller (Issuer): [email protected], CN=TestApoJava1,
> OU=OrgUnit, O=company, L=Merzig, C=DE
> Seriennummer: fb1302e937b79a09
> Gültig von: Thu Jul 08 08:47:06 CEST 2010 bis: Sun Jul 05 08:47:06 CEST
> 2020
> Digitaler Fingerabdruck (thumbprint) des Zertifikats:
> MD5: 49:EE:56:34:1D:3E:53:FA:EC:0E:83:AD:DE:65:07:B8
> SHA1: 5A:74:83:5C:94:1C:2C:71:90:14:00:3A:FD:6C:91:25:95:B1:97:45
> Unterschrift-Algorithmusname: SHA1withRSA
> Version: 3
>
> Erweiterungen (Extensions):
>
> #1: ObjectId: 2.5.29.15 Criticality=false
> KeyUsage [
> DigitalSignature
> Non_repudiation
> Key_Encipherment
> Data_Encipherment
> ]
>
> #2: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 76 C3 16 C3 79 4C DF 63 44 97 97 03 70 9E EE AE v...yL.cD...p...
> 0010: 03 C6 DD E1 ....
> ]
> ]
>
> #3: ObjectId: 2.5.29.37 Criticality=false
> ExtendedKeyUsages [
> clientAuth
> timeStamping
> 1.3.6.1.4.1.311.10.3.3
> 2.16.840.1.113730.4.1
> ]
>
> #4: ObjectId: 2.5.29.19 Criticality=false
> BasicConstraints:[
> CA:false
> PathLen: undefined
> ]
> "
>
> See also:
> https://community.emc.com/docs/DOC-8153
> http://www.netframeworkdev.com/windows-communication-foundation/wcf-client-cant-handle-response-from-axis2-service-68206.shtml
>
> Regards,
> Herwig
>
>
>
> Von: "Tomasz Sienkiewicz" <[email protected]>
> An: <[email protected]>
> Datum: 12.10.2010 11:28
> Betreff: RE: Antwort: RE: WCF interoperatibility AXIS: signature or
> decryption was invalid
>
>
>
> Hi,
>
> Could you please provide more details?
> You did change to KeyInfo element, right?
>
> Regards
> Tom
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Tuesday, October 12, 2010 7:48 AM
> To: [email protected]
> Subject: Antwort: RE: WCF interoperatibility AXIS: signature or decryption
> was invalid
>
> I had the same problem with WCF clients. Finally I've solved the issue
> with adding the extension "Subject Key Identifier" to the server key and
> client key.
>
> Regards,
>
> Herwig David
> EDV-Entwicklung
> kohlpharma GmbH
> Im Holzhau 8, 66663 Merzig
> Tel.: 06867/920-3526
> eMail: [email protected]
>
>
>
> Von: "Tomasz Sienkiewicz" <[email protected]>
> An: <[email protected]>
> Datum: 11.10.2010 16:56
> Betreff: RE: WCF interoperatibility AXIS: signature or decryption
> was invalid
>
>
>
> Unfortunately no, I'm not an owner of Web service, I tried to force owner
> to
> use 1.5 but without success (they cannot change rampart version).
>
> Regards
> Tom
>
>
>
>
>
>
> kohlpharma GmbH
> Geschaeftsfuehrer: Prof. Edwin Kohl, Dr. Dadja Altenburg-Kohl, Dipl.-Kfm.
> Jörg Geller
> Im Holzhau 8
> 66663 Merzig
> Amtsgericht Saarbruecken HRB 63210
