OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-brsp-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ws-brsp-comment] ws-i test tool issue ?

Hi Jacques,
Thanks for the response.  I possibly found another test tool bug , can you please have a look again ?
When the test tool analyzed the follow kerberos token message[1] , it always complains with the BSP3032 assertion failure.
But from the ws-i bsp prifle.1.1 section 15, the ValuType is correct and it is almost the same with the correct example .

[1]
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Header>
     <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">    
     <wsse:BinarySecurityToken
                 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                 EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                 ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ"
wsu:Id="BST7293564EF750ED3B7213684999669821">YIICYAYJKoZIhvcSAQICAQBuggJPMIICS6ADAgEFoQMCAQ6iBwMFAAAAAACjggFhYYIBXTCCAVmgAwIBBaEPGw1XUy5BUEFDSEUuT1JHoicwJaADAgEAoR4wHBsDYm9iGxVzZXJ2aWNlLndzLmFwYWNoZS5vcmejggEWMIIBEqADAgESoQMCAQKiggEEBIIBAETe4MYI2rvOhieLjRRpx2OQnZJ5Vnx70aTENd3CZBC+1/3TQ8AO+lpNcnZ12GMOcS26GCQ6444bxEiu4fQ84ZHW4CEMSDus0k3Vvs6iCSq8w70jSYEy5x3rHdkaInObI1dP3+cMkKJqfJ6p/osqobV6g9D2zvA46CJCkEjLtLqx9bHXlef5eNaxK0GdcUngMf3F/sKngunDULPyN4iDheBPsklQU3+xLIGDmy3xp+inP7rn4EmmfbZI3wnrTpKvHmUwXYdaRnCyLx9Vckv+5LYiTDiDaG7IF6dqIyKa/HGHzSeRx8AVKYpOjxuzh1cXr43V3ya0IAERmGCCRKnO5KakgdAwgc2gAwIBEqKBxQSBwh5IJWyAHLjY5lwvOeUOboiKUgo2iB9auBM2xHqR3SYXhb//MxbU3Dy7/5m5OSVwXRD8Mrj7KBqDzdTU90sUdThFfzW6pz5jUwY22YPOYR17D9bCVCKBi/STp5hFqquryTm8TFozwqt3yuh+lht5ruRiNKLz5Qtz5CcFnvRhxX1M+cB9IfFjuWHEBVb0cmFjxLCeV5KO0AFp/4nSiga7p/UP5U6xLgQIsJgGjv4JlPcF/4Iw/um2k1h/tQ4IhGMNsrTT
     </wsse:BinarySecurityToken>
     </wsse:Security>
</soap:Header>
<soap:Body><ns2:DoubleIt xmlns:ns2="http://www.example.org/schema/DoubleIt"><numberToDouble>10</numberToDouble></ns2:DoubleIt></soap:Body>
</soap:Envelope>

[2]
message_1-binarySecurityToken-BST-7293564EF750ED3B7213684999669821
Assertion: BSP3032
Result :    failed
Failure Message :    A wsse:BinarySecurityToken element has a ValueType attribute whose value is outside the defined token profiles.
Failure Detail Message:     A wsse:BinarySecurityToken element has a ValueType attribute  whose value is outside the defined token profiles.


Thanks,
Jim


On 05/14/2013 07:44 AM, Jacques Durand wrote:

Jim:

Sorry for delayed response.

As far as I can it is a test tool bug:

your message is compliant as far as R3070 is concerned: it uses a valid SAML token reference  (per R6617) and therefore is not required to have an EncodingType attribute.

Regards,

-jacques D.

 

From: ws-brsp-comment@lists.oasis-open.org [mailto:ws-brsp-comment@lists.oasis-open.org] On Behalf Of Jim Ma
Sent: Thursday, April 18, 2013 1:14 AM
To: ws-brsp-comment@lists.oasis-open.org
Subject: [ws-brsp-comment] ws-i test tool issue ?

 

Hi All,
When I check ws-i bsp compliance of the following soap message[1] with the test tool (download from [2]) ,
the analyzed report with BasicSecurityProfile-1.1-TAD always complains BSP3070 assertion failed and a wsse:KeyIndetifier
element does NOT contain a EncodingType attribute (i.e., it is NOT the case that "./self::wsse:KeyIdentifier[@EncodingType]").
But the BasicSecurityProfile-1.1 says it is not required if it refers to a SAML token :
R3070 Any STR_KEY_IDENTIFIER that refers to a SECURITY_TOKEN other than a SAML_TOKEN MUST specify an EncodingType attribute

Is this a bug in test tool or it doesn't support saml-token-profile-1.1 ?

[1]
  <ds:KeyInfo Id="KI-BCF3790C6A856CAB8013662645516286">
       <ns4:SecurityTokenReference xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                 xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
                 wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
           <ns4:KeyIdentifier
                            ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_3DF61F55AC044E478A13662645512771</ns4:KeyIdentifier>
       </ns4:SecurityTokenReference>
  </ds:KeyInfo>


[2]http://www.ws-i.org/Testing/Tools/Attach_17_WSI_Test_Java_WGD_BSP_1.1.zip


Thanks,
Jim


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]