[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Another ws-i bsp1.1 test tool issue ?
|
Hi All,
This might be another wsi-bsp test tool issue. When I checked the compliance with BSP 1.1 test tool against following message: <wsse:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" wsu:Id="STR-3C1588359FBECE435C139384414735011"> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_3C1588359FBECE435C139384414734810</wsse:KeyIdentifier> </wsse:SecurityTokenReference> The reports generated by analyzerV11 says this message breaks the R5206: <entry referenceID="message_3-strKeyIdentifier-2" type="strKeyIdentifier" value=""> <assertionResult id="BSP5206" result="failed"> <failureMessage xml:lang="en">The wsse:KeyIdentifier ValueType attribute is incorrect</failureMessage> <failureDetail xml:lang="en">The wsse:KeyIdentifier ValueType attribute is incorrect</failureDetail> </assertionResult> But R5206 is for checking the X509_TOKEN, here it is an saml assertion id. R5206 Any STR_KEY_IDENTIFIER that references an X509_TOKEN MUST have a ValueType attribute with the value of "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" or "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1". Attached is the message logged by monitor.sh. Can you see if it's a tool issue or anything I missed to configure ? Thanks, Jim |
<messageEntry xsi:type="wsi-log:httpMessageEntry" ID="3" conversationID="1" type="request" timestamp="2014-03-03T18:55:47.388">
<messageContent><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soap:mustUnderstand="1"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="X509-3C1588359FBECE435C139384414735213">MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8VsZKT8DN5Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TTpHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK/wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO35YbpikGsLix3vAsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken><wsu:Timestamp wsu:Id="TS-3C1588359FBECE435C13938441473489"><wsu:Created>2014-03-03T10:55:47.348Z</wsu:Created><wsu:Expires>2014-03-03T11:00:47.348Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EK-3C1588359FBECE435C139384414737117"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>Xeg55vRyK3ZhAEhEf+YT0z986L0=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>AtWT63TZG2UjkSdLidAWAhCA1S1x9gFBr7msimq4RrSN6j9BB7zxDRdOAaK8qbgiuTsbsSgVTNb559qaAxUzWiz9ry9T8h3wSyCDFjuGg445Sw8PXhTuDEgukO3TMgNBNUyjD1YSTeRP6AjKOvyAPEH4cUf/pE6SEBl+03NNiR0=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-3C1588359FBECE435C139384414738218"/></xenc:ReferenceList></xenc:EncryptedKey><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; AssertionID="_3C1588359FBECE435C139384414734810" IssueInstant="2014-03-03T10:55:47.348Z" Issuer="sts" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType"><saml1:Conditions NotBefore="2014-03-03T10:55:47.348Z" NotOnOrAfter="2014-03-03T11:00:47.348Z"/><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="www.jbws-cxf-sts.org">uid=sts-client,o=jbws-cxf-sts.com</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="subject-role" AttributeNamespace="http://custom-ns";><saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"; xsi:type="xs:string">system-user</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement></saml1:Assertion><wsse:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"; wsu:Id="STR-3C1588359FBECE435C139384414735011"><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_3C1588359FBECE435C139384414734810</wsse:KeyIdentifier></wsse:SecurityTokenReference><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="SIG-3C1588359FBECE435C139384414735516"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#TS-3C1588359FBECE435C13938441473489"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>be7nbYBS5FwmGkoP+7JCGMw6wQw=</ds:DigestValue></ds:Reference><ds:Reference URI="#STR-3C1588359FBECE435C139384414735011"><ds:Transforms><ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";><wsse:TransformationParameters><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></wsse:TransformationParameters></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8MGcbE4vUqAfMrBDQem1j7tU03Y=</ds:DigestValue></ds:Reference><ds:Reference URI="#_3C1588359FBECE435C139384414735012"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList=""/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>jKwoUE2kb3NfHm3Xw98pl+ngxb8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>gDt0AloW8rQL7pJwHcVATt/ZAi0e/QH478/hodQRcVRj4sp8aQOj0Xrnyz3tsNn9Wpv7m5gRzY69GloH9j0kj1koMW7iiX59p80ADkcXVWw+YEfC9ZNxcKynl4rEz93Vij15kDsX3hwMkj2wUHLGhEk1YG61O9bE8Mv5+nXWTsY=</ds:SignatureValue><ds:KeyInfo Id="KI-3C1588359FBECE435C139384414735214"><wsse:SecurityTokenReference wsu:Id="STR-3C1588359FBECE435C139384414735215"><wsse:Reference URI="#X509-3C1588359FBECE435C139384414735213" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></SOAP-ENV:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="_3C1588359FBECE435C139384414735012"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-3C1588359FBECE435C139384414738218" Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";><wsse:Reference URI="#EK-3C1588359FBECE435C139384414737117"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>ta2ZkYghn2pT4+P0lwV6qRTyqkM6OOA4LxtlUpLGQE6FEx2geasoCyRz0P2LcdM6pc4MmBvQBK6d1j7EAuLV3LK29C2Oerk/UTKLJS0l3XjwkfNYHa+5qwgRHeI0ezJ5b6QfYmJyfFcXckxSbf/dlnNAEJwXeQrZhRfxjQkjh7923OrjuJL8g3G+YX+8k+xM</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope></messageContent>
<senderHostAndPort>127.0.0.1:47426</senderHostAndPort>
<receiverHostAndPort>localhost:8080</receiverHostAndPort>
<httpHeaders>POST /jaxws-samples-wsse-policy-oasis-23x/SecurityService2314 HTTP/1.1
Content-Type: text/xml; charset=UTF-8
Accept: */*
SOAPAction: ""
User-Agent: Apache CXF 2.7.10
Cache-Control: no-cache
Pragma: no-cache
Host: localhost:7070
Connection: keep-alive
Transfer-Encoding: chunked
</httpHeaders>
</messageEntry>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]