Hi, Denis. There was discussion about this [1] and I sent similar question with a suggestion to fix the WSS4J so it can accept both variants (with and without X509Data). I'm still waiting for further clarification from wss4j developers.
[1] http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200604.mbox/[EMAIL PROTECTED] -- Yevgeny Rouban INTEL Middleware Products Division On 5/4/06, Denis Koelewijn <[EMAIL PROTECTED]> wrote:
Hi, When using IssuerSerial instead of DirectReference, siging key info is sent in the KeyInfo block as shown below: <ds:KeyInfo Id="KeyId-283976"> <wsse:SecurityTokenReference xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-8055815"><ds:X509IssuerSerial> <ds:X509IssuerName>CN=OASIS Interop Test CA,O=OASIS</ds:X509IssuerName> <ds:X509SerialNumber>68652640310044618358965661752471103644</ds:X509SerialNumber> </ds:X509IssuerSerial></wsse:SecurityTokenReference> </ds:KeyInfo> According to these documents (*1) the X509IssuerSerial must be enclosed in a X509Data block. However I can't find this block in de ds .xsd (*2). Is WSS4J behaving correctly ? I Use WSS4J v1.1.0 with Axis v1.2.1 Regards, Denis Koelewijn (*1) oasis-200401-wss-x509-token-profile-1.0.pdf, and wss-v1.1-spec-os-x509TokenProfile.pdf (*2) http://www.w3.org/2000/09/xmldsig#
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
