Colm -
That seems to resolve that issue, thanx! But now I have another issue - the
thing the STR refers to (the SAML assertion) can't be resolved. Here is the
exception that I get:
Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:561)
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:481)
at
gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction$WSSecSamlSupportingTokenSignature.build(SupportingSamlTokenSignedAction.java:262)
at
gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction.execute(SupportingSamlTokenSignedAction.java:122)
... 47 more
Caused by: javax.xml.crypto.dsig.XMLSignatureException:
javax.xml.crypto.dsig.TransformException:
org.apache.ws.security.WSSecurityException: Referenced security token could not
be retrieved (Reference "_1B9799482471B3AA6B1416815340880389")
at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:561)
at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:368)
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:495)
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:378)
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:556)
... 50 more
Caused by: javax.xml.crypto.dsig.TransformException:
org.apache.ws.security.WSSecurityException: Referenced security token could not
be retrieved (Reference "_1B9799482471B3AA6B1416815340880389")
at
org.apache.ws.security.transform.STRTransform.transformIt(STRTransform.java:274)
at
org.apache.ws.security.transform.STRTransform.transform(STRTransform.java:127)
at
org.apache.jcp.xml.dsig.internal.dom.DOMTransform.transform(DOMTransform.java:166)
at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:473)
... 54 more
Caused by: org.apache.ws.security.WSSecurityException: Referenced security
token could not be retrieved (Reference "_1B9799482471B3AA6B1416815340880389")
at
org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:238)
at
org.apache.ws.security.transform.STRTransformUtil.dereferenceSTR(STRTransformUtil.java:97)
at
org.apache.ws.security.transform.STRTransform.transformIt(STRTransform.java:200)
... 57 more
The assertion is most definitely part of the security header at this point, so
I am guessing that I need to do something to tell the SecurityTokenReference
the actual element it is referencing? Or maybe I'm not building the STR
correctly? It's getting built like this, in a custom version of
WSSecSecurity.prepare:
this.assertionSecRef = new SecurityTokenReference(doc);
this.assertionSecRefUri =
getWsConfig().getIdAllocator().createSecureId("STRId-", secRef);
this.assertionSecRef.setID(assertionSecRefUri);
Element keyId = doc.createElementNS(WSConstants.WSSE_NS,
"wsse:KeyIdentifier");
keyId.setAttributeNS(null, "ValueType",
WSConstants.WSS_SAML_KI_VALUE_TYPE);
keyId.appendChild(doc.createTextNode(assertion.getId()));
this.assertionSecRef.getElement().appendChild(keyId);
I'm sorry to be a pest about this, the code I'm migrating has significantly
more hidden complexities than I expected. Thanx again,
Stephen W. Chappell
-----Original Message-----
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Monday, November 24, 2014 9:17 AM
To: users@cxf.apache.org
Subject: Re: org.apache.xml.security.utils.resolver.ResourceResolverException:
Cannot resolve element with ID
You could put the SecurityTokenReference in the WSDocInfo via the
"addProtectionElement(Element)" method. These tokens are also stored in the XML
Security crypto context.
Colm.
On Mon, Nov 24, 2014 at 3:06 PM, <stephen.ctr.chapp...@faa.gov> wrote:
> Thanx, Colm. But the storeElementInContext() method is looking for a
> domCryptoContext, that is created during computeSignature. I'm
> guessing I'll have to override computeSignature to do that?
>
> Stephen W. Chappell
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, November 24, 2014 5:59 AM
> To: users@cxf.apache.org
> Subject: Re:
> org.apache.xml.security.utils.resolver.ResourceResolverException:
> Cannot resolve element with ID
>
> You need to tell Santuario how to resolve the SecurityTokenReference
> Element. You can do this by a utility method in WSSecurityUtil, e.g.:
>
> WSSecurityUtil.storeElementInContext(domCryptoContext, strElement);
>
> See here for an example:
>
>
> http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/sr
> c/main/java/org/apache/ws/security/message/WSSecSignature.java?view=ma
> rkup
>
> Colm.
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
