It turns out that I haven't completely resolved my issues from earlier, but I
think I'm in the home stretch (hopefully). In the code I'm migrating (from CXF
2.3 to CXF 2.7), the original authors created a WSSecSignature descendant that
does some security header customization, including inserting a Security Token
Reference and inserting a SAML Assertion. This part seems to work fine, until I
try to sign the assertion. Then I get this:
Caused by: org.apache.ws.security.WSSecurityException: Error during Signature:
at
gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction.execute(SupportingSamlTokenSignedAction.java:126)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
... 44 more
Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:561)
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:481)
at
gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction$WSSecSamlSupportingTokenSignature.build(SupportingSamlTokenSignedAction.java:250)
at
gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction.execute(SupportingSamlTokenSignedAction.java:122)
... 47 more
Caused by: javax.xml.crypto.dsig.XMLSignatureException:
javax.xml.crypto.URIReferenceException:
org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot
resolve element with ID STRId-5676DF1E739178AEC41416571963291192
at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:436)
at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:364)
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:495)
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:378)
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:556)
... 50 more
Caused by: javax.xml.crypto.URIReferenceException:
org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot
resolve element with ID STRId-5676DF1E739178AEC41416571963291192
at
org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:118)
at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:430)
... 54 more
Caused by: org.apache.xml.security.utils.resolver.ResourceResolverException:
Cannot resolve element with ID STRId-5676DF1E739178AEC41416571963291192
at
org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:85)
at
org.apache.xml.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:298)
at
org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:111)
The security header has the element with the specified ID,
<wsse:SecurityTokenReference
wsu:Id="STRId-5676DF1E739178AEC41416571963291192">
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_5676DF1E739178AEC41416571963191191</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
So I'm not sure what the issue is. I've come across some references to using
IdResolver, but that didn't seem to help, and is supposed to be deprecated
besides. Does anyone have any suggestions for resolving this issue?
Thanx,
Stephen W. Chappell
