Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a little direction re: signing

Wed, 17 May 2006 22:58:11 -0700 

I tried to make it work with Axis 1.2 and WSS4J 1.1 (and in the opposite
configuration : .Net client -> Axis Server).

This was working with WSE2.0 but i was unable to configure/code in WSE3.0 to
make it works. (i don't know what version you use). The verification of the
signature (SignatureValue) always fails. Maybe you will be more lucky with
WSS4J 1.5...

Basically, you should configure WSS4J to use UsernameTokenSignature,
UsernameToken and Timestamp. (don't forget TimeStamp, which is implicit and
mandatory for .Net).

Rémy

----- Original Message ----- 
From: "Werner Dittmann" <[EMAIL PROTECTED]>
To: "James Gough" <[EMAIL PROTECTED]>
Cc: <[email protected]>
Sent: Wednesday, May 17, 2006 8:30 PM
Subject: Re: [Axis 1.4/WSSJ 1.5 Client -> .NET Service] Newbie needs a
little direction re: signing


> Its not SAML Signature but the .Net specific way of using a a Signature
> based on a username token. WSS4J provides a similar, but not well tested
> way that is modelled after the .Net specific way. (UsernametokenSignature)
>
> Regards,
> Werner
>
> James Gough wrote:
> > I am pretty new to web services and have made a client for an existing
> > web service that runs on .Net.  That is working great, except that the
> > service is expecting a bit more from the XML I am sending (signing,
> > authorization, etc.).  I have the authorization taken care of, but the
> > signing has me a bit perplexed.  I think from what I have read that I
> > need to use SAML signatures, based on the output I have gotten from a
> > working .NET client, which looks like this:
> >
> > <?xml version="1.0" encoding="utf-8"?>
> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing";
> >
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
> >
> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
> >
> >    <soap:Header>
> >        <wsa:Action
> >
wsu:Id="Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">http://tempuri.org/HelloWor
ld</wsa:Action>
> >
> >        <wsa:MessageID
> >
wsu:Id="Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">uuid:464975ab-6222-49bf-b81
c-cd3016a1502a</wsa:MessageID>
> >
> >        <wsa:ReplyTo wsu:Id="Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
> >
> >
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous
</wsa:Address>
> >
> >        </wsa:ReplyTo>
> >        <wsa:To
> >
wsu:Id="Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">http://localhost:8080/WSSec
urity/WS.asmx</wsa:To>
> >
> >        <wsse:Security soap:mustUnderstand="1">
> >            <wsu:Timestamp
> > wsu:Id="Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> >                <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> >                <wsu:Expires>2004-08-09T19:33:34Z</wsu:Expires>
> >            </wsu:Timestamp>
> >            <wsse:UsernameToken
> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
> >
> > wsu:Id="SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5">
> >                <wsse:Username>TheUsername</wsse:Username>
> >                <wsse:Nonce>KjOPCSS5SQJvc9029P/rxQ==</wsse:Nonce>
> >                <wsu:Created>2004-08-09T19:33:04Z</wsu:Created>
> >            </wsse:UsernameToken>
> >            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
> >                <SignedInfo>
> >                    <CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> >                    <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; />
> >                    <Reference
> > URI="#Id-7f362dee-c1fb-4bb3-b477-c9da6b0c8be6">
> >                        <Transforms>
> >                            <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> >                        </Transforms>
> >                        <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> >
> > <DigestValue>IXWRYkayo/iB0/bOiK4KDtnmrYw=</DigestValue>
> >                    </Reference>
> >                    <Reference
> > URI="#Id-8c169515-c89e-4027-a6bc-78aeb24e2a9a">
> >                        <Transforms>
> >                            <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> >                        </Transforms>
> >                        <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> >
> > <DigestValue>x6vlKIANHj6Hd81Adpf4XmQDeIo=</DigestValue>
> >                    </Reference>
> >                    <Reference
> > URI="#Id-15bf2d12-9f9b-4c7d-ae22-86a5fd8bc87c">
> >                        <Transforms>
> >                            <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> >                        </Transforms>
> >                        <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> >
> > <DigestValue>1ux8KYy6IslDo3Gxoq/zBbHqsb0=</DigestValue>
> >                    </Reference>
> >                    <Reference
> > URI="#Id-e01d40a3-66a1-42f4-aa18-b3260afe70b0">
> >                        <Transforms>
> >                            <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> >                        </Transforms>
> >                        <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> >
> > <DigestValue>PEpOwfTnj5dNg3d+L53foT8OOVI=</DigestValue>
> >                    </Reference>
> >                    <Reference
> > URI="#Timestamp-6eb8431c-92ca-4405-bc1b-76432852d3b8">
> >                        <Transforms>
> >                            <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> >                        </Transforms>
> >                        <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> >
> > <DigestValue>uglj0NHBNZsCEA5hha4ESnibVFo=</DigestValue>
> >                    </Reference>
> >                    <Reference
> > URI="#Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> >                        <Transforms>
> >                            <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> >                        </Transforms>
> >                        <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> >
> > <DigestValue>Rbfcq4aZfIqEmbKONgt3EuJaRN4=</DigestValue>
> >                    </Reference>
> >                </SignedInfo>
> >
> > <SignatureValue>1mO22hXYCgelGsWW0AV3w67O9+8=</SignatureValue>
> >                <KeyInfo>
> >                    <wsse:SecurityTokenReference>
> >                        <wsse:Reference
> > URI="#SecurityToken-c5b75f99-c815-4058-804b-0032c6798fa5"
> >
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-
token-profile-1.0#UsernameToken"
> >
> > />
> >                    </wsse:SecurityTokenReference>
> >                </KeyInfo>
> >            </Signature>
> >        </wsse:Security>
> >    </soap:Header>
> >    <soap:Body wsu:Id="Id-9c92dea1-ee25-4902-b9c5-d8c646023e5a">
> >        <HelloWorld xmlns="http://tempuri.org/"; />
> >    </soap:Body>
> > </soap:Envelope>
> >
> > I'm trying to read as much as I can on the subject, but any nudge in the
> > right direction would be appreciated.
> >
> > JIm
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to