Re: Is UsernameTokenSignature still working with WSE3.0

Sat, 25 Feb 2006 00:06:48 -0800 

The UsernameTokenSignature is based on an algorithm that is
Microsoft specific AFAIK. If MS changed the algo
for WSE 3.0 then the is an interop problem. We also didn't
have an "offical" interop test with UsernameTokenSignature.

Regards,
Werner

Benjamin BALET wrote:
> Hello,
> 
>  
> 
> WSS4J developpers have created UsernameTokenSignature so as
> 
> To understand WSE2.0 signature mechanism.
> 
> But I was wondering if it is still working with WSE3.0
> 
>  
> 
> Below the code of my Custom Policy Assertion that is quite
> 
> Similar to an exchange between WSE2.0 and WSS4J:
> 
>  
> 
> public override void SecureMessage(SoapEnvelope envelope, Security security)
> {
> //Must Understand Headers
> security.MustUnderstand = true;
> security.Timestamp.TtlInSeconds = 60;
> 
> //User Name Token
> UsernameToken userToken = new UsernameToken(m_strUsername,
> m_strPassword, PasswordOption.SendPlainText);
> security.Tokens.Add(userToken);
> 
> X509SecurityToken token = null;
> try
> {
> token = GetSecurityToken("CN=10.67.212.35");
> }
> catch (Exception ex)
> {
> throw new Exception("Certificate not found : " + ex.Message);
> }
> 
> //Define a custom X509 token
> ISecurityTokenManager stm =
> SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);
> X509SecurityTokenManager x509tm = stm as X509SecurityTokenManager;
> x509tm.DefaultKeyAlgorithm = "RSA15";
> x509tm.DefaultSessionKeyAlgorithm = "TripleDES";
> 
> //security.Elements.Add(new EncryptedData(token)); //De-comment this
> line will encrypt the Body
> // Add the token to the SOAP header.
> security.Tokens.Add(token); //Insert the token being used into header
> 
> //Add Message Signature
> MessageSignature sig = new MessageSignature(userToken);
> sig.SignatureOptions = SignatureOptions.IncludeSoapBody;
> security.Elements.Add(sig);
> 
> //Insert the encrypted UsernameToken
> security.Elements.Add(new EncryptedData(token, "#" + userToken.Id));
> }
> 
>  
> 
> ________________________
> 
> Benjamin BALET
> 
> Capgemini France
> 
> http://bbalet.free.fr <http://bbalet.free.fr/>
> 
>  
> 
>  
> 
> This message contains information that may be privileged or confidential
> and is the property of the Capgemini Group. It is intended only for the
> person to whom it is addressed. If you are not the intended recipient,
> you are not authorized to read, print, retain, copy, disseminate,
> distribute, or use this message or any part thereof. If you receive this
> message in error, please notify the sender immediately and delete all
> copies of this message.
>

Reply via email to