WSS4J expect to use " http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; if it has wsse:KeyIdentifier. However, the 3rd party sent with http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
================================================================================================================================================== Hi guys, When I use WSS4J's to create the SAML with Sign, I noticed that the SecurityTokenReference has a wsse:Reference URI in WSS4J's saml message. WSS4J Receiver Handler failed at Reference.calculateDigest(). I noticed the 3rd party sent to me has wsse:KeyIdentifier. I am using WSS4J 1.5.2. WSS4J - <wsse:SecurityTokenReference wsu:Id=?STRSAMLId-24964246? xmlns:wsu=? http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd?> <wsse:Reference URI=?#f73942eda6dc8241481afb037074883e? ValueType=? http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertion-1.1?/ ></wsse:SecurityTokenReference> >From 3rd party - <wsse:SecurityTokenReference wsu:Id=?q01obcQc22Occlbrou7GRA22? xmlns:wsu=? http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd?> <wsse:KeyIdentifier ValueType=?mQXwNktATaW29IAV7bfulw22 http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID ?>mQXwNktATaW29IAV7bfulw22</wsse:KeyIdentifier></wsse:SecurityTokenReference> But, when I look up OASIS definition on WSS : SAML Token Profile - 1.0 and wss-v1.1-spec-os-SAMLTokenProfile. It seems to me that it has wsse:KeyIdentifier in the SecurityTokenReference. <wsse:SecurityTokenReference wsu:Id=STR1> <saml:AuthorityBinding> Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="http://www.opensaml.org/SAML-Authority"; AuthorityKind= "samlp:AssertionIdReference" </saml:AuthorityBinding> <wsse:KeyIdentifier wsu:Id="-" ValueType=" http://docs.oasis-open.org/wss/oasis-wss-saml-tokenprofile-1.0#SAMLAssertionID "> _a75adf55-01d7-40cc-929f-dbd8372ebdfc </wsse:KeyIdentifier> </wsse:SecurityTokenReference> Which one is correct way ? Thanks in advance. .
