[jira] [Commented] (WSS-454) TokenProtection error

Wed, 12 Jun 2013 23:52:44 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13681965#comment-13681965
 ] 

Marc Giger commented on WSS-454:
--------------------------------

fixed in r1492536.

Please note that policy scenarios like 
StaxKerberosTokenTest.testKerberosOverAsymmetric is not
supported by the "StAX-Client". The DOM-Client works now fine.

The problem is here the ProtectTokens policy. The WSDL doesn't specify it and 
that means that the
signature must not sign its signature token (WSP 1.3 Chapter 6.5) and that's 
not always possible with stax. 

                
> TokenProtection error
> ---------------------
>
>                 Key: WSS-454
>                 URL: https://issues.apache.org/jira/browse/WSS-454
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Colm O hEigeartaigh
>            Assignee: Marc Giger
>             Fix For: 2.0
>
>
> There appears to be an error with the recent fix for "Never" Token Inclusion 
> in a certain scenario. The security policy is an AsymmetricBinding with a 
> SignedSupportingToken which is a KerberosToken. I get the error:
> SEVERE: 
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding 
> not satisfied: Token 
> /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken
>  must not be signed by its signature.
> The Signature's KeyInfo is:
> <ds:KeyInfo 
> Id="KI-cc3555a2-8d19-4f1e-82b2-bfc89b180cb4"><wsse:SecurityTokenReference 
> wsu:Id="STR-4da957ee-8518-4aea-86fd-c8f27d7a48e7"><wsse:Reference 
> URI="#X509-1e20c453-8f40-47dc-a594-1721f046ea2c" 
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo>
> and it references the Kerberos BST as:
> <ds:Reference URI="#BST-e2f17d3f-4022-430b-a185-5d565012e34b">

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to