[jira] [Commented] (WSS-231) There is an issue with the position of the element in the header when using WSS4J calling .NET Web Services with WS-Security.

Srinivasa Kukatla (JIRA) Tue, 05 Jul 2011 09:39:44 -0700

    [ 
https://issues.apache.org/jira/browse/WSS-231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13059994#comment-13059994
 ]


Srinivasa Kukatla commented on WSS-231:
---------------------------------------

This needs to be fixed, as it is causing lot of issues. In our case, we need to 
have the Signed Saml Assertion, timestamp, as well as the signature covering 
the timestamp only. Hence, we needed to configure SamlTokenSigned, and 
Timestamp, with the Signature parts as the timestamp element. If we specify the 
signature again it is failing, as the signature action is decoded from the 
SamlTokenSigned, and it is signing the timestamp as well.

This issue causes failure in lot of scenarios where the signature is involved 
with other actions.

> There is an issue with the position of the <Timestamp> element in the 
> <Security> header when using  WSS4J calling .NET Web Services with 
> WS-Security.  
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-231
>                 URL: https://issues.apache.org/jira/browse/WSS-231
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>         Environment: Windows, Solaris
>            Reporter: Chris Weitner
>            Assignee: Ruchith Udayanga Fernando
>              Labels: timestamp, ws-security
>         Attachments: patch.txt
>
>
> There is an issue with the position of the <Timestamp> element in the 
> <Security> header when using  WSS4J calling .NET Web Services with 
> WS-Security.  When using the "Timestamp Signature" action over https, we are 
> receiving the following error: "Signing without primary signature requires 
> timestamp".   When I modified org.apache.ws.security.message.WSSecSignature 
> to position <Timestamp> as the first element in <Security> it worked fine (by 
> default <Timestamp> is the last element and after the <Signature>).  Can this 
> be fixed or can you make Timestamp positioned first as a configuration option?
> <soapenv:Header>
>   <wsse:Security>
>  
>     <wsu:Timestamp>
>       <wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
>       <wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
>     </wsu:Timestamp>
>  
>     <wsse:BinarySecurityToken</wsse:BinarySecurityToken>
>  
>     <ds:Signature>
>        ....
>     </ds:Signature>
>   </wsse:Security>
> </soapenv:Header>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (WSS-231) There is an issue with the position of the element in the header when using WSS4J calling .NET Web Services with WS-Security.

Reply via email to