The message uses one WSS 1.1 feature that is not yet supported by WSS4J: The first signature uses a Signature algorithm HMAC-SHA1 with a back-reference to an EncryptedKey (via the KeyInfo). While WSS4J supports HAMC-SHA1 it does not yet support this way to get the key to perform this HMAC algo. Pls try to use another way to sign (maybe similar to the second Signature that uses RSA-SHA1). We are working on this WSS 1.1 feature.
While I looked at the message I saw that it uses a depreceated way to identify the key token. The WSS 1.1 spec states for /wsse:SecurityTokenReference/wsse:Reference/@ValueType <quote> In this version of the specification the use of this attribute to identify the type of the referenced security token is deprecated. Profiles which require or recommend the use of this attribute to identify the type of the referenced security token SHOULD evolve to require or recommend the use of the wsse:SecurityTokenReference/@wsse11:TokenType attribute to identify the type of the referenced token. </quote> This quote refers to the Reference tag that defines the back-refernence to the encrypted key. Hope this helps - pls don't hesitate to report problems (and also success :-) ). We are very keen to have all types of interoperability. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Sidhu Kiran IT312 > Gesendet: Montag, 6. März 2006 23:21 > An: Werner Dittmann > Cc: Kosuru, Giri; [email protected]; [EMAIL PROTECTED] > Betreff: RE: WSS4J interoperability > > I changed my .NET client program to use RSA15 algo by default. > > Now I am getting the following exception : > > org.apache.ws.security.WSSecurityException: Referenced > security token could not be retrieved. (Reference > "#SecurityToken-506c92ca-1cd3-4583-b514-d353259b97f2") > > Does anybody have any idea about this error ? > > Here is my deployment descriptor : > > <requestFlow> > <handler > type="java:org.apache.ws.axis.security.WSDoAllReceiver"> > <parameter > name="precisionInMilliseconds" value="false"/> > <parameter name="passwordCallbackClass" > > value="samples.stock.client.PWCallback1"/> > <parameter name="action" > value="Timestamp Signature Encrypt"/> > <parameter name="signaturePropFile" > value="wsstest.properties" /> > </handler> > </requestFlow> > <responseFlow> > <handler > type="java:org.apache.ws.axis.security.WSDoAllSender" > > <parameter > name="precisionInMilliseconds" value="false"/> > <parameter name="action" > value="Timestamp Signature"/> > <!-- Use the Server's cert/key to sign > the response --> > <parameter name="user" value="bob"/> > <parameter name="passwordCallbackClass" > > value="samples.stock.client.PWCallback1"/> > <parameter > name="signatureKeyIdentifier" value="DirectReference" /> > <parameter name="signaturePropFile" > value="wsstest.properties" /> > <parameter > name="encryptionKeyIdentifier" value="SKIKeyIdentifier" /> > <!-- Use the cert/key from the request > to encrypt the response --> > <parameter name="encryptionUser" > value="useReqSigCert" /> > </handler> > </responseFlow> > > Here is my request message : > > <?xml version="1.0" encoding="utf-8"?> > <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; > xmlns:tns="http://localhost:8081/ws-time/axis/TimeSheetService > " > xmlns:types="http://localhost:8081/ws-time/axis/TimeSheetServi ce/encodedTypes" xmlns:xsi="http://www.w3.org/2001/XMLSchema-> instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 1-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-> open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> > <soap:Header> > <wsa:Action></wsa:Action> > > <wsa:MessageID>urn:uuid:b21d5a00-87fd-4f23-9f9d-cba554b5894c</ wsa:MessageID> > <wsa:ReplyTo> > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/ role/anonymous</wsa:Address> > </wsa:ReplyTo> > <wsa:To > wsu:Id="Id-6adf2322-e3b3-490d-88d9-042f6df85d84">http://localh ost:8081/ws-time/axis/TimeSheetService</wsa:To> > <wsse:Security soap:mustUnderstand="1"> > <wsu:Timestamp > wsu:Id="Timestamp-ca22463f-05e9-4c8a-bbcd-65d0eb3976fc"> > <wsu:Created>2006-03-06T22:03:41Z</wsu:Created> > <wsu:Expires>2006-03-06T22:08:41Z</wsu:Expires> > </wsu:Timestamp> > <wsse:BinarySecurityToken > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 401-wss-soap-message-security-1.0#Base64Binary" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > wsu:Id="SecurityToken-cacf6ed2-85e6-44d2-9775-5355621249e5">MI IDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4> wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBM > B4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0F > TSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDD > AVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHr > kKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yi > NsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4P > S/cBQIvtpjmrDAU8VsZKT8DN5Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAM > DMGA1UdHwQsMCowKKImhiRodHRwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9 > jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlL > NDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhki > G9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhW ntUalfcFOJAgUyH30TTpHldzx1> +vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK/ > wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6 > +E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO3 > 5YbpikGsLix3vAsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQO > DZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken> > <xenc:EncryptedKey > Id="SecurityToken-506c92ca-1cd3-4583-b514-d353259b97f2" > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > <wsse:SecurityTokenReference> > <wsse:KeyIdentifier > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 401-wss-soap-message-security-1.0#Base64Binary">> Xeg55vRyK3ZhAEhEf+YT0z986L0=</wsse:KeyIdentifier> > </wsse:SecurityTokenReference> > </KeyInfo> > <xenc:CipherData> > > <xenc:CipherValue>r5RrJ/K0GQ5zeZu393FUnieWXYFmbvzV1KF/ZKKBgudA 2fgbMFstirqYU+rCDZ84> +AwRcWvr44isFRtcwaSwBTNUW5krhNkuwwJO8FQ6gpkWldPT4AbPB6t0e86aO/ > ai3RsF2RtvjjJzyOAlS6GUnZNXUTSHKQmDU+hlYnwZFP4=</xenc:CipherValue> > </xenc:CipherData> > </xenc:EncryptedKey> > <Signature > Id="Sig-4c3d81f2-1480-4cb2-9248-8cb2b56f657b" > xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> > <SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> > <Reference > URI="#Id-6adf2322-e3b3-490d-88d9-042f6df85d84"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </Transforms> > <DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > > <DigestValue>Tv0M9TwGJh1Kr7O2JPFpTztoJiE=</DigestValue> > </Reference> > </SignedInfo> > > <SignatureValue>bD8+rRjpph1MdL9TCh3L/MYinlk=</SignatureValue> > <KeyInfo> > <wsse:SecurityTokenReference> > <wsse:Reference > URI="#SecurityToken-506c92ca-1cd3-4583-b514-d353259b97f2" > ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-messa ge-security-1.1#EncryptedKey" /> > </wsse:SecurityTokenReference> > </KeyInfo> > </Signature> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> > <SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <Reference > URI="#Sig-4c3d81f2-1480-4cb2-9248-8cb2b56f657b"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </Transforms> > <DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > > <DigestValue>Hj51VezasrCWIZrQ9fyuamS7La0=</DigestValue> > </Reference> > </SignedInfo> > > <SignatureValue>IAu0hYUCZFYoNIafEa80UhEobAO85dqoNz8neqW7K0J2/g ORPfwxaEDFNAAZquhoXq+H4UrbI1yruN/5/zV/3xlimTaSKEvqhXAhfOo2myXDC/6> EM9fYinyJxgCILnRJkxDJrxjGueRzgMmComuRy5DTMmh68LhbX1ny910yolM=< > /SignatureValue> > <KeyInfo> > <wsse:SecurityTokenReference> > <wsse:Reference > URI="#SecurityToken-cacf6ed2-85e6-44d2-9775-5355621249e5" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" /> > </wsse:SecurityTokenReference> > </KeyInfo> > </Signature> > </wsse:Security> > </soap:Header> > <soap:Body > soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";> > <q1:searchEmployee > xmlns:q1="http://service.wstime.pg.siemens.com";> > <input href="#id1" /> > </q1:searchEmployee> > <q2:Person id="id1" xsi:type="q2:Person" > xmlns:q2="urn:timeSheetService"> > <GID xsi:nil="true" /> > <SAPPersonnelNumber xsi:nil="true" /> > <emailAddress xsi:nil="true" /> > <endDate xsi:nil="true" /> > <firstName xsi:nil="true" /> > <initials xsi:nil="true" /> > <knownAs xsi:nil="true" /> > <lastName xsi:nil="true" /> > <middleName xsi:nil="true" /> > <peopleSoftId xsi:type="xsd:string">131267</peopleSoftId> > <phoneNumber xsi:nil="true" /> > <startDate xsi:nil="true" /> > <suffix xsi:nil="true" /> > <title xsi:nil="true" /> > <winNumber xsi:nil="true" /> > </q2:Person> > </soap:Body> > </soap:Envelope> > > > -----Original Message----- > From: Sidhu Kiran IT312 > Sent: Monday, March 06, 2006 2:46 PM > To: Werner Dittmann > Cc: Kosuru, Giri; [email protected]; [EMAIL PROTECTED] > Subject: RE: WSS4J interoperability > > > Yes, i have BouncyCastle installed and is in my classpath. I > am using wss4j 1.1 > > I read on one of .NET forums, that WSE 3.0 by default uses > OAEP algo (if your Client is running on anything _other_ than > Win 2000) , My .NET client is running on XP which is why I am > probably getting this error. > > -----Original Message----- > From: Werner Dittmann [mailto:[EMAIL PROTECTED] > Sent: Monday, March 06, 2006 2:17 PM > To: Sidhu Kiran IT312 > Cc: Kosuru, Giri; [email protected]; [EMAIL PROTECTED] > Subject: Re: WSS4J interoperability > > > Hmmm, > > this message looks very strange. For example the is a digest tag > embedded in an encrypted method tag. Also I can see a very long > SignatureValue (for SHA1 it should be not longer then 28 base64 > characters, 20bytes encoded). > > Which WSS4J version do you use? To me it seems that you use some > features from WSS Specification 1.1 - WSS4J does not yet support > WSS 1.1 fully. > > AES245-cbc should not be a problem if you have BouncyCastle > installed and in you classpath. > > Regards, > Werner > > Sidhu Kiran IT312 wrote: > > Werner, > > Here is the request message from tcpmon : > > > > <?xml version="1.0" encoding="utf-8"?><soap:Envelope > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 1-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-> open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.x > sd" > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:H > eader><wsa:Action > wsu:Id="Id-573c8cf1-45fd-4cf1-83cb-abcbd25c8491">http://schema s.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action><wsa:MessageID > wsu:Id="Id-d6833c13-13bc-45ab-936d-9798d75123e6">urn:uuid:8e69 b12b-220f-4a71-b728-0214cd29df2c</wsa:MessageID><wsa:ReplyTo > wsu:Id="Id-8e79a687-50f4-42dd-8bb0-9cc2183246b1"><wsa:Address> > http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymou > s</wsa:Address></wsa:ReplyTo><wsa:To > wsu:Id="Id-4f5a6ee6-7aa5-4842-b290-90f451357b30">http://localh ost:8081/ws-time/axis/TimeSheetService</wsa:To><wsse:Security > soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-17d9e44e-3f > 60-4533-9372-3f81ebded6e7"><wsu:Created>2006-03-06T17:57:15Z</ > wsu:Created><wsu:Expires>2006-03-06T18:02:15Z</wsu:Expires></w > su:Timestamp><wsse:BinarySecurityToken > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 401-wss-soap-message-security-1.0#Base64Binary" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > wsu:Id="SecurityToken-6a6765f5-6a50-4ee1-81f6-6f92d5a0550a">MI IDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4> wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBM > B4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0F > TSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDD > AVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHr > kKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yi > NsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4P > S/cBQIvtpjmrDAU8VsZKT8DN5 > Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodH > RwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQD > AgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgB > TAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW > +6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TTpHldzx > 1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK > /wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr > 6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO > 35YbpikGsLix3vAsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQ > ODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken><xenc:Enc > ryptedKey > Id="SecurityToken-8833da7d-03b8-44c7-bf20-f9b5835d3e45" > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:Encryptio > nMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";><d s:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /></xenc:EncryptionMethod><KeyInfo xmlns="http://www.w3.org/ > 2000/09/xmldsig#"><wsse:SecurityTokenReference><wsse:KeyIdenti > fier > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 401-wss-soap-message-security-1.0#Base64Binary">> Xeg55vRyK3ZhAEhEf+YT0z986L0=</wsse:KeyIdentifier></wsse:Securi tyTokenReference></KeyInfo><xenc:CipherData><xenc:CipherValue>> miRJ8HeTchMW/IAUtNlhAFP9vRQQbc2Dg4242w6D6j0QVatdYn327NCtaUL4dx > Srj0E/ITeUpdGcbscb2zfsUdraRgxmnOD+sId0rHcEu1ZniWkzz3ig1BKuoW7P > t0S2zu+3wFZdkwmeamK579RAzIOxJB56zRa9HnpBrtCiwQo=</xenc:CipherV alue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference > URI="#Enc-276d2c6c-d002-48ff-b8de-1a0157e02bf3" /></xenc:ReferenceList></xenc:EncryptedKey><Signature Id="Sig-> dfdf17e1-2f0b-4c68-bdfb-0768b14af4a4" > xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><ds:Can > onicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsi > g#" /><SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /><Reference URI="#Id-573c8cf1-45fd-4cf1-83cb-> abcbd25c8491"><Transforms><Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>He5gnu4lm7eFVXlS12OEb6whW4s=</DigestValue></Ref erence><Reference URI="#Id-> d6833c13-13bc-45ab-936d-9798d75123e6"><Transforms><Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>pgWZzb5AlyeWZjcKQylrYKwMmeU=</DigestValue></Ref erence><Reference > URI="#Id-8e79a687-50f4-42dd-8bb0-9cc2183246b1"><Transforms><Tr > ansform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>UJebKSurE5cD5A35Tw2BNpTunVc=</DigestValue></Ref erence><Reference URI="#Id-4f5a6ee6-7aa5-4842-> b290-90f451357b30"><Tran > sforms><Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>rDYbxbJiUiGOQVQZfhIoh3yw3EE=</DigestValue></Ref erence><Reference > URI="#Timestamp-17d9e44e-3f60-4533-9372-3f81ebded6e7"><Transfo > rms><Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>4TZ08S95wR/NkfoxCR5Ahpj11Kg=</DigestValue></Ref > erence><Reference > URI="#Id-84ce6832-61bc-49d1-9a34-3904178c34ea"><Transforms><Tr > ansform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>N2w11rXFf1U10EAx5eYkfE4ajh0=</DigestValue></Ref erence></SignedInfo><SignatureValue>> yyISShmfokh8gUYM2w7amwwe4wA=</SignatureValue><KeyInfo><wsse:Se > curityTokenReference><wsse:Reference > URI="#SecurityToken-8833da7d-03b8-44c7-bf20-f9b5835d3e45" > ValueType="htt > p://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1. > 1#EncryptedKey" > /></wsse:SecurityTokenReference></KeyInfo></Signature><Signatu > re > xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><ds:Can > onicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > /><SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /><Reference URI="#Sig-dfdf17e1-2f0b-4c68-> bdfb-0768b14af4a4"><Transforms><Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>37FKLF+uTsQ40AWrzUDQ79iRFh0=</DigestValue></Ref erence></SignedInfo><SignatureValue>> Fxgo37ZkpbmazouMn46PESDK6hJRc9GhtQRvZaRRIzArXvfsaZiM6d1pTxh6G6 > FI6JbKSTDImN6J5mDFF3ff+b6pKpZIfxytZf9Hq/38AeLuyrQnzRjwI/tlKJ3B > Xt/kt2efF8UVErutBsRv27brfEnJieJfzBFZ04qsF/tO9NU=</SignatureVal > ue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference > URI="#SecurityToken-6a6765f5-6a50-4e > e1-81f6-6f92d5a0550a" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Secu> rity></soap:Header><soap:Body > wsu:Id="Id-84ce6832-61bc-49d1-9a34-3904178c34ea"><xenc:Encrypt > edData Id="Enc-276d2c6c-d002-48ff-b8de-1a0157e02bf3" > Type="http://www.w3.org/2001/04/xmlenc#Content"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:Encryptio > nMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"; /><xenc:CipherData><xenc:CipherValue>4NH12HQyhgoYuIsHJHC9FHhPTofz> cCHRq7NCl7/FInXfqOJPcn/PsrlUUEJ+aUbHDxNPYlEp6dGEf7awvyL8qvVbeI > bmMU1pEPXmyzc+dU1aeR60s/AO9xh13Z9wP+YaKdpDrUn/dvE1Kf/2wvNVU8A+ > DXIabgSS2Rjrlqn4PQqFnq+r/sZDYPMPVhdEfj60OZT0P0UxI4dPPqnj873N0q > Ssx6B49L6T03KIVRSPFjk51ZRjHQCug/RM+AH5hL+WzPckWchnML+WJ/rENcgQ > HP1w8uvrleO6rexE/IpkXAE7RP1snMw5kW85LgR8akzfUroPU+qCCMtw2sVNtb > ria7gTIcIm1YDBXU7Hx/GUPUB3uyNEX6D6i6SUgrcFCBGmLRwhIT7c4/e9Aphr > V6pxH73ZhzxyR4u62Wj+E8Dqn487xUaOe+SrBx4qwWFUSYyXE > 8hBl39aFVnVpmiu1X2sp/4nBzSq8Bq0hhaeD4btbgxubU3PmzjkLlHGKY3MOgB > ieweKkEzhWNbDu3iJdWhJAmarptpbIJeQwRbJNk6dSbupfxCpwm7p0FPMfsqlH > zBFoyQj9vU+oRtKKBMVqZX01mRqJtAKsxKcaX30+ljcO1E0tEjs8b6JUzVZ4jD 2tzRecXYQcRgmJ9bDgl4EN6PPBGTQK4PJEKZIuxffrZj7WrSGcxcIqPWzi1H2NY4L> Z1/Ta6bebb5mUtug5Lflvi7NwzIXcs9vWnQVzPm+mf8c3KxMkl9yvDl1JgM1Pz > YgK9q4a9vW8fFZTDVRpKkyHNPrR1cGa1zN1rfRf0cAp554P5k=</xenc:Ciphe > rValue></xenc:CipherData></xenc:EncryptedData></soap:Body></so > ap:Envelope> > > > > -----Original Message----- > > From: Werner Dittmann [mailto:[EMAIL PROTECTED] > > Sent: Monday, March 06, 2006 12:14 PM > > To: Sidhu Kiran IT312 > > Cc: Kosuru, Giri; [email protected]; [EMAIL PROTECTED] > > Subject: Re: WSS4J interoperability > > > > > > CAn you provide your deployment parameters? Even better if you could > > show the message (using e.g tcpmon to monitor it). > > > > Regards, > > Werner > > > > Sidhu Kiran IT312 wrote: > > > >>I am trying to test with .NET 2.0 client , WSE 3.0 and I am > running into > >>problems :( > >> > >>I am getting the following exception (I googled on this and > installed > >>local_policy.jar and Us_export_policy.jar as suggested by > some posters, > >>but it didn't help ) > >> > >> > >>org.apache.ws.security.WSSecurityException: Cannot > encrypt/decrypt data; > >>nested exception is: > >> > >>java.lang.SecurityException: Unsupported keysize or > algorithm parameters > >> > >> -----Original Message----- > >> *From:* Kosuru, Giri [mailto:[EMAIL PROTECTED] > >> *Sent:* Monday, March 06, 2006 10:55 AM > >> *To:* [email protected]; [EMAIL PROTECTED]; > >> [EMAIL PROTECTED] > >> *Subject:* WSS4J interoperability > >> > >> Hi all, > >> > >> > >> > >> We implemented WSS4J for securing one of our Web > >> Services (Uses apache Axis). As the implementation seems to be > >> simple and straight forward for basic requirements, we > are planning > >> to make it as a standard for other java/j2ee applications to > >> implement WSS4J. But we are concerned about the > interoperability of > >> WSS4J with others, particularly .NET. The WSS4J web > site says it is > >> interoperable. But did any body did integrate WSS4J with .NET > >> before? If yes, what are your experiences? Is it safe to assume > >> interoperability and go ahead and make it a standard? You > >> experiences will help me a lot on making a good > decision. Mean while > >> I will also try to test and if I find some thing I will > share with you. > >> > >> > >> > >> Thanks > >> > >> Giri Kosuru > >> > >> > >> > >> > >> > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
