Colm O hEigeartaigh created WSS-454:
---------------------------------------
Summary: TokenProtection error
Key: WSS-454
URL: https://issues.apache.org/jira/browse/WSS-454
Project: WSS4J
Issue Type: Bug
Reporter: Colm O hEigeartaigh
Assignee: Marc Giger
Fix For: 2.0
There appears to be an error with the recent fix for "Never" Token Inclusion in
a certain scenario. The security policy is an AsymmetricBinding with a
SignedSupportingToken which is a KerberosToken. I get the error:
SEVERE:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding
not satisfied: Token
/{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken
must not be signed by its signature.
The Signature's KeyInfo is:
<ds:KeyInfo
Id="KI-cc3555a2-8d19-4f1e-82b2-bfc89b180cb4"><wsse:SecurityTokenReference
wsu:Id="STR-4da957ee-8518-4aea-86fd-c8f27d7a48e7"><wsse:Reference
URI="#X509-1e20c453-8f40-47dc-a594-1721f046ea2c"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo>
and it references the Kerberos BST as:
<ds:Reference URI="#BST-e2f17d3f-4022-430b-a185-5d565012e34b">
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
