If you include the following tag in your rampart configuration it should do the job
<sp:ProtectTokens /> Best of luck Mikkel Bjerg Jyske Bank -----Oprindelig meddelelse----- Fra: Jakob Bendsen [mailto:[EMAIL PROTECTED] Sendt: 9. oktober 2007 14:04 Til: [email protected] Emne: signing the Binary Security Token (BST) Hi, I'm using CXF and WSS4J to develop consumers and providers that exchange signed soap messages. Signing the body and timestamp elements works just fine. However, I also need to sign the x509 certificate that is included in the security header (using the direct reference strategy). Below I've outlined the structure of the soap message that I would like to produce. <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope ...> <soapenv:Header> <wsse:Security xmlns:wsse="..." soapenv:mustUnderstand="1"> <wsse:BinarySecurityToken ... wsu:Id="CertId-24950043"> MIIE...<!--an x509v3 certificate--> </wsse:BinarySecurityToken> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-excc14n#";> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsasha1";> </ds:SignatureMethod> <ds:Reference URI="#id-10168913"> <!--reference to body. Works OK!--> ... </ds:Reference> <ds:Reference URI="#Timestamp-30487154"> <!--reference to timestamp. Works OK!--> ... </ds:Reference> <ds:Reference URI="#CertId-24950043"> <!-- Reference to certificate. This is the reference I want to generate--> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> MkA... </ds:SignatureValue> <ds:KeyInfo Id="KeyId-19714461"> <wsse:SecurityTokenReference...> <wsse:Reference URI="#CertId-24950043" ...></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp...> <wsu:Created>2007-09-11T12:49:35.499Z</wsu:Created> <wsu:Expires>2007-09-11T12:54:35.499Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header> <soapenv:Body ... wsu:Id="id-10168913"> ... </soapenv:Body> </soapenv:Envelope> I've tried to get it to work by configuring setting the org.apache.ws.security.handler.WSHandlerConstants.SIGNATURE_PARTS property to this value: "{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-s ecext-1.0.xsd}BinarySecurityToken", but it doesn't work. Has anyone tried to sign the BinarySecurityToken? Any help will be appreciated! best regards, Jakob Bendsen BEC, Denmark www.bec.dk --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
