I don't really understand your mail. Is it objecting to the fact that the Signature Reference is using the "Identifier" Id of the SecurityContextToken rather than the wsu:Id? Do you have an example of a message that works?
Colm. On Sat, Mar 26, 2016 at 3:23 PM, ashish19singh <[email protected]> wrote: > HI, > I am getting below error while accessing WCF service with wshttpbinding > Cannot resolve KeyInfo for verifying signature: KeyInfo > 'SecurityKeyIdentifier > ( > IsReadOnly = False, > Count = 1, > Clause[0] = LocalIdKeyIdentifierClause(LocalId = > 'uuid-e86a9da2-b8a4-413c-8e48-16126dad54f0-1', Owner = '') > ) > ', available tokens 'SecurityTokenResolver > ( > TokenCount = 1, > TokenEntry[0] = (AllowedReferenceStyle=Internal, > Token=System.ServiceModel.Security.Tokens.SecurityContextSecurityToken, > > Parameters=System.ServiceModel.Security.Tokens.SecureConversationSecurityTokenParameters: > InclusionMode: AlwaysToRecipient > > I am not sure how Identifier element of SecurityContextToken is referring > to > Reference element of SecurityTokenReference. > As per service provider: Id of SecurityContextToken should refer the > Reference element of SecurityTokenReference. > Please help how can we make this change client side. > > My Request look like: > <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/ soap-envelope"> > <soap:Header> > <Action > xmlns="http://www.w3.org/2005/08/addressing";> > http://example.service/GetfileID</Action> > <MessageI D > xmlns="http://www.w3.org/2005/08/addressing > ">urn:uuid:e53bd47b-6538-47df-8b23-19a82430de6 > f</MessageID> > <To > xmlns="http://www.w3.org/2005/08/addressing";> > https://testexampleservice/exampleService.svc</To> > <ReplyTo xmlns="http://www.w3.org/200 5/08/addressing"> > <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> > </ReplyTo > > <wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur > ity-secext-1.0.xsd" soap:mustUnderstand="true"> > <c:SecurityContextToken xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc"; > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > u:Id="uuid-e86a9da2-b8a4-413c-8e48-16126dad54f0-1"> > <c:Identifier>urn:uuid:c4bcae77-3f58-4312-a43a-c1c0553c103c</c:Identifier> > </c:SecurityContextToken> > <wsu:Timestamp > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri > ty-utility-1.0.xsd" wsu:Id="G32964ac3-836a-49ea-a360-95a0955e9189"> > <wsu:Created>2016-03-26T 13:50:27.220Z</wsu:Created> > <wsu:Expires>2016-03-26T13:55:27.220Z</wsu:Expires> > </wsu:Timesta mp> > <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; > Id="G1a92270a-2297-46d3- 9e54-771837debfd9"> > <dsig:SignedInfo> > <dsig:CanonicalizationMethod Algorithm="http://www.w3.o > rg/2001/10/xml-exc-c14n#"> > <c14nEx:InclusiveNamespaces xmlns:c14nEx="http://www.w3.org/2001/ > 10/xml-exc-c14n#" PrefixList="soap"/> > </dsig:CanonicalizationMethod> > <dsig:SignatureMethod Al > gorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> > <dsig:Reference URI="#G32964ac3-836a-49ea-a360-95a0955e9189"> > <dsig:Transforms> > <dsig:Transform Algorithm="http://www.w3.org/2001 /10/xml-exc-c14n#"> > <c14nEx:InclusiveNamespaces > xmlns:c14nEx="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList=""/> > </dsig:Transform> > </dsig:Transforms> > <dsig:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> > <dsig:DigestValue>3/umcmPhDrC8ZQ0yUWzJJQz8QMk=</dsig:DigestValue> > </dsig:Reference> > </dsig:SignedInfo> > <dsig:SignatureValue>nNK+1MjSfVkxTypa8lDu nlGmsS4= </dsig:SignatureValue> > <dsig:KeyInfo Id="G0916089d-f0b9-466b-b641-3cce13e3bf36"> > <wsse:SecurityTokenReference > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur > ity-utility-1.0.xsd" wsu:Id="G58fd702d-c13e-4932-968d-73dec0ce288c"> > <wsse:Reference URI="#urn:uuid:c4bcae77-3f58-4312-a43a-c1c0553c103c" > ValueType="http://docs.oasis-open.org/ws-sx/w > s-secureconversation/200512/sct"/> > </wsse:SecurityTokenReference> > </dsig:KeyInfo> > </dsig:Signa ture> > </wsse:Security> > </soap:Header> > <soap:Body> > <ns2:GetfileID xmlns:ns2="http://example.service/Batch"; > xmlns:ns3="http://schemas.microsoft.com/2003/10/Serializatio n/" > xmlns="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd"/> > </soap:Body> > </soap:Envelope> > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/SecurityContextToken-is-refering-to-wrong-SecurityTokenReference-tp5767249.html > Sent from the cxf-dev mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
