Hi,
I've tried setting the SIG_KEY_ID to "X509KeyIdentifier" and SKIKeyIdentifier and get an GeneralSecurityError that they are an "Unsupported Key Identification". Is there some other approach you would recommend? Thanks, -- Steve Colm O hEigeartaigh wrote: > > Hi, > > WSS4J does not currently support constructing a KeyInfo object that > includes the X509 Cert in x509Data. According to the SOAP Message > Security spec: > > "However, in this specification, the use of <wsse:BinarySecurityToken> > is the RECOMMENDED mechanism to carry key material if the key type > contains binary data." > > You have a few other options to use for referring to a Key from a > signature: > > http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHand > lerConstants.html#SIG_KEY_ID > > http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHand > lerConstants.html#keyIdentifier > > Colm. > > -----Original Message----- > From: vroom [mailto:[email protected]] > Sent: 06 November 2009 23:25 > To: [email protected] > Subject: help: directReference, senderVouches & X509Certificate > > > > I have a integration test coming up and have been trying for a few days > to > figure out how to format a client-side SOAP message so it will be > accepted > by a service. The example client message I've been shown requires > senderVouches and has the clients' x509 certificate being transferred to > the > service in the KeyInfo like so: > > keyInfo > x509Data > x509Certificate > > The message I'm generating with senderVouches and directReference places > provides: > > > Wsse:securityTokenReference > wsse:BinarySecurityToken in header > > keyInfo > SecurityTokenReference > Reference to BinarySecurityToken > > My requirement therefore is to remove the > SecurityTokenReference/BinarySecurityToken from the header and add the > x509certificate to the KeyInfo. > > The software stack I'm using is: > xFire 1.2.6 > Wss4j 1.5.1 > openSaml 1.0.1 > Xmlsecurity 1.3 > > I'm trying to get it upgraded but its a very long and tedious process. > Will > an upgrade supply this functionality? > > > > > -- > View this message in context: > http://old.nabble.com/help%3A-directReference%2C-senderVouches---X509Cer > tificate-tp26230917p26230917.html > Sent from the WSS4J mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- View this message in context: http://old.nabble.com/help%3A-directReference%2C-senderVouches---X509Certificate-tp26230917p26270886.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
