It's due to a bug in WSS4J - which has been fixed here: https://issues.apache.org/jira/browse/WSS-323
Colm. On Tue, Nov 15, 2011 at 5:36 PM, danlee100 <[email protected]> wrote: > Here is the SAML token that is causing the error "General security error > (Provided SAML token does not contain a suitable key)". > > > <?xml version="1.0"?> > <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" > MajorVersion="1" MinorVersion="1" > AssertionID="_2bea327c-8791-4bd2-9f98-5690c0c6a83b" Issuer="BLISTS" > IssueInstant="2011-11-09T22:47:38.202Z"> > <saml:Conditions NotBefore="2011-11-09T22:47:38.124Z" > NotOnOrAfter="2011-11-09T23:47:38.124Z"> > <saml:AudienceRestrictionCondition> > > <saml:Audience>http://66.211.102.200/gen4/services/AssessmentDataService</saml:Audience> > </saml:AudienceRestrictionCondition> > </saml:Conditions> > <saml:AttributeStatement> > <saml:Subject> > <saml:SubjectConfirmation> > > <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > <trust:BinarySecret > xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>sYjbfcODXJg0oBL0EPlCMlUJ2SZnjk/51e2rDs+2e+E=</trust:BinarySecret> > </KeyInfo> > </saml:SubjectConfirmation> > </saml:Subject> > <saml:Attribute AttributeName="Name" > AttributeNamespace="http://www.bli.org/claims";> > <saml:AttributeValue>roccbufalino1</saml:AttributeValue> > </saml:Attribute> > <saml:Attribute AttributeName="IDNamespace" > AttributeNamespace="http://www.bli.org/claims";> > > <saml:AttributeValue>http://www.bli.org/Rocketship/</saml:AttributeValue> > </saml:Attribute> > <saml:Attribute AttributeName="ID" > AttributeNamespace="http://www.bli.org/claims";> > <saml:AttributeValue>123111111111111111111</saml:AttributeValue> > </saml:Attribute> > </saml:AttributeStatement> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> > <ds:Reference URI="#_2bea327c-8791-4bd2-9f98-5690c0c6a83b"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> > > <ds:DigestValue>1cIz27KwzN0gwLkDSLolHTxaAMQ19YsVcF3eV1sA/68=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>t1vCq6MWMWupEDcfv/8b+FOCcb8bi7gIbBNM9XCLsIjm20xMPla5u43DjPaRb2+rPdnlVeNt/s/8Id/zxvPmBqIohdJY3ZeAC0/i+DLV+8tMdA/q6azSUjgZHKniUtqPjH6B5aLYm3niwkqivwhWCcl3txVjfbtjoxDTUmMendaDxZ80zHmIy73vzf1nNo+SokdGvwEbQY8RKSYXnUoXXP2oAkyUSG2efr/41eXkeOd+nLdCWLKEhDJCWYNEs1KlneJclh9Fu15DRmnihjeV3eFDFy1xmIXQ8IiVI+78CYvcPN7HMDSKOkDSQs3DmNQaamlxTYkMN0AMYwwEhcyWsA==</ds:SignatureValue> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > <X509Data> > > <X509Certificate>MIIC5DCCAcygAwIBAgIQbDQulAkeX7ROQqIwV6TAHDANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtTVFNUZXN0Q2VydDAeFw0xMTAzMzAxNTA4NDJaFw0xMjAzMjkyMTA4NDJaMBYxFDASBgNVBAMTC1NUU1Rlc3RDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu56LAvEEYI7mI85ufyLS8MjuU5uPlgH9FUtE/YxPNIwsRe8+GZcXWHefuU0MV6m06K4GMeUq2i4E0ciKTsqnQhs0eqHt3WgH8uaF7DAz6sxzLpbUYWG7sGq0v3oanYv0S3+cfWyERvwYpdTmzqRRTNLRv371FIycc13LF67ZvpXZKEl0rkSfL8p6O6KHPQz5CduP3N+/3pjTsKsl/iNjM8K3Vi1MCb5lWeCBBig7yT9ICwWCkkDJpGJsksCanw8uM4eoRP3aY41EtPnA8Gvt5qVTMnn2JJGgxklegVUmsYtbBiziJCNWIa9loTEg5MbrzhQ5WSptV4HTviCSFqAPgwIDAQABoy4wLDALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFCAC194orTY0yHGxY/O+5fm+GHtjMA0GCSqGSIb3DQEBBQUAA4IBAQC4fo83cVW+Q8kNhn9bWSh9hOynuv1mTNPtgAxS37fifziexnK+LYe4uQNzAuGlgusxwQS1izSP5S3dRyOjzqrT+H4ZBeWwX9rTkmlyOtnGQIwyA5jwDeRqcPMgU9XJf5NwA2W88lJDTijRNIG6RCBQcusflqc4/DvYZmRlRX8XGjgOwf4Zw4pATMfA67CG/NDJXPbTHqTbJihdWjJXQODjocU1KabAXlIxPkwJFh8cf1dRDvYN3xVOmjgHpQ82G6RA4TXdTJKcU0yO8PHsVrOGmjYjDbVgThHRdzLvpBZG6ZD0O/i8C2gavoguIgRBnBCT4b4DEDLfVnebApzIFnVl</X509Certificate> > </X509Data> > </KeyInfo> > </ds:Signature> > </saml:Assertion> > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p4995094.html > Sent from the cxf-dev mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
