All, this problem is solved in WSS4J 1.5.0. This version creates requests according to the spec and accepts both variants at the receiver side.
Regards, Werner > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag > von Yevgeny Rouban > Gesendet: Donnerstag, 4. Mai 2006 15:15 > An: [email protected] > Betreff: Re: X509Data in X509IssuerSerial missing ? > > Hi, Denis. > > There was discussion about this [1] and I sent similar question with a > suggestion to fix the WSS4J so it can accept both variants (with and > without X509Data). I'm still waiting for further clarification from > wss4j developers. > > [1] > http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200604.m box/%3Cafb296e10604202321h5285a90et1656ec9568580711> @mail.gmail.com%3E > > -- > Yevgeny Rouban > INTEL Middleware Products Division > > On 5/4/06, Denis Koelewijn <[EMAIL PROTECTED]> wrote: > > Hi, > > > > When using IssuerSerial instead of DirectReference, siging > key info is sent > > in the KeyInfo block as shown below: > > > > <ds:KeyInfo Id="KeyId-283976"> > > <wsse:SecurityTokenReference xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu rity-utility-1.0.xsd" > > wsu:Id="STRId-8055815"><ds:X509IssuerSerial> > > <ds:X509IssuerName>CN=OASIS Interop Test > CA,O=OASIS</ds:X509IssuerName> > > > > > <ds:X509SerialNumber>68652640310044618358965661752471103644</d > s:X509SerialNumber> > > </ds:X509IssuerSerial></wsse:SecurityTokenReference> > > </ds:KeyInfo> > > > > According to these documents (*1) the X509IssuerSerial must > be enclosed in a > > X509Data block. However I can't find this block in de ds > .xsd (*2). Is WSS4J > > behaving correctly ? I Use WSS4J v1.1.0 with Axis v1.2.1 > > > > Regards, Denis Koelewijn > > > > (*1) oasis-200401-wss-x509-token-profile-1.0.pdf, and > > wss-v1.1-spec-os-x509TokenProfile.pdf > > (*2) http://www.w3.org/2000/09/xmldsig# > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
