Steps and sample can be found from [1],[2]. Issue seems to be a problem of default keystore. When I trace the request and response from tcpmon found below issue.
*Request* <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope "> <soapenv:Header xmlns:wsa=" http://schemas.xmlsoap.org/ws/2004/08/addressing";> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="true"> <wsu:Timestamp xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-1"> <wsu:Created>2017-01-05T08:35:31.570Z</wsu:Created> <wsu:Expires>2017-01-05T08:40:31.570Z</wsu:Expires> </wsu:Timestamp> <wsse:BinarySecurityToken xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-F1F5AE821BB8A9B28714836053316591">MIIBlzCCAQCgAwIBAgIEUVqxuDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVhZG1pbjAeFw0xMzA0MDIxMDIzNTJaFw0xMzA3MDExMDIzNTJaMBAxDjAMBgNVBAMTBWFkbWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTx+Xh1YkBdaeMW36Z0QqR9vmnBAccIH+9rYaMaXV1m5pWUFHsT9utjEX23c4vkJ8O3Hpgh56/BUfzStb09UuONBU6BHVAe3uTDmLE42T3s/OaBsrUq3cPSmLCS8+J65ItdlT4jWjhJHIehyjU+IyvN3IWd63lowWleqk5na4tbQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAGcrYWf2NvDiG3jnUxYP4cDaMD586xyzk0mROI2VVDpK3oFQn6mqj3wgnjPMq3Eb8TIIuludo7c6OBzSEACoGd/fObcCJsdXI4FXeAVQBSOx91vtz3khMbmFsVJRS3HE8vRhxjQAjCmsAPHcy8ZezuTuKHs1J1U9SS64Ox1FIfoY</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-2"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#Id-100433527"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>qdHksp42FlO9WVg6HKledVDda18=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-1"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>E6aaITdDYeveyle1XmVeWmfbYAE=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>aWwbjN8BbgEI3pFwET9De9/UhYKeGC3Ndx0VSXEPMhtxYS3n4Q0ZuG2eX8ZobgcMPmYjs1gAoxF09sf7fdzmrSMW+Gt8Wn+N05gLh8u4fNY7Bi4DBM1YNW11pqxWpX8LG19prh0KbwkuJIIKQCuP08Zaku+HHgPvis6OPHhdObY=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-F1F5AE821BB8A9B28714836053316652"> <wsse:SecurityTokenReference xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-F1F5AE821BB8A9B28714836053316663"> <wsse:Reference URI="#CertId-F1F5AE821BB8A9B28714836053316591" ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To>http://localhost:9762/services/wso2carbon-sts</wsa:To> <wsa:ReplyTo> <wsa:Address> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous </wsa:Address> </wsa:ReplyTo> <wsa:MessageID>urn:uuid:c514e93f-6a96-4640-8304-400320f95d5a</wsa:MessageID> <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue </wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-100433527"> <wst:RequestSecurityToken xmlns:wst=" http://schemas.xmlsoap.org/ws/2005/02/trust";> <wst:RequestType> http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType> <wsp:AppliesTo xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsa:EndpointReference xmlns:wsa=" http://schemas.xmlsoap.org/ws/2004/08/addressing";> <wsa:Address>https://localhost:10443/services/echo </wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2017-01-05T08:35:31.256Z</wsu:Cr29ceated> <wsu:Expires>2017-01-05T08:40:31.256Z</wsu:Expires> </wst:Lifetime> <wst:TokenType> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 </wst:TokenType> <wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/Bearer </wst:KeyType> <wst:Claims xmlns:wsp=" http://schemas.xmlsoap.org/ws/2005/02/trust"; wsp:Dialect=" http://wso2.org/claims";> <wsid:ClaimType xmlns:wsid=" http://schemas.xmlsoap.org/ws/2005/05/identity"; Uri=" http://wso2.org/claims/givenname"; /> <wsid:ClaimType xmlns:wsid=" http://schemas.xmlsoap.org/ws/2005/05/identity"; Uri=" http://wso2.org/claims/emailaddress"; /> </wst:Claims> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> *Response *<?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope "> <soapenv:Header xmlns:wsa=" http://schemas.xmlsoap.org/ws/2004/08/addressing";> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="true"> <wsu:Timestamp xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-11"> <wsu:Created>2017-01-05T08:35:31.867Z</wsu:Created> <wsu:Expires>2017-01-05T08:40:31.867Z</wsu:Expires> </wsu:Timestamp> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-12"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#Id-1962192193"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>h5oo0fYSZXjhsCDyzJF2XFTbjEg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-11"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>0SnksGqgO8yrwWLuJUUEw52habw=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>Pzwh9XSrKLMpze42EcGfYZweb+Th4FxX4rRt2+axHQRlt/p+A8YMwYUicKF93+a7RDiOhOdUOaoanIoN/CQaYtSskQZzK+LaqP9o1kcJCLulPgkGeYiC/fb3AilOuKKS+s5JWMchfgw2ebLgYTO43AalYwCtqNf/VMycIpb30B4=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-649751EC57E04F21D3148360533186817"> <wsse:SecurityTokenReference xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-649751EC57E04F21D3148360533186918"> <wsse:KeyIdentifier EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType=" http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 ">a/jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To> <wsa:MessageID>urn:uuid:8904e3e1-9aea-4271-bac1-c99c52ce641f</wsa:MessageID> <wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault </wsa:Action> <wsa:RelatesTo>urn:uuid:c514e93f-6a96-4640-8304-400320f95d5a</wsa:RelatesTo> </soapenv:Header> <soapenv:Body xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-1962192193"> <soapenv:Fault xmlns:axis2ns11=" http://www.w3.org/2003/05/soap-envelope";> <soapenv:Code> <soapenv:Value>axis2ns11:Sender</soapenv:Value> <soapenv:Subcode> <soapenv:Value xmlns:axis2ns12=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd ">axis2ns12:FailedCheck</soapenv:Value> </soapenv:Subcode> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">The signature or decryption was invalid (The provided certificate is invalid); nested exception is: java.security.cert.CertificateExpiredException: NotAfter: Mon Jul 01 15:53:52 IST 2013</soapenv:Text> </soapenv:Reason>11 <soapenv:Detail/>32 </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> Similar kind of issue reported in [1] as well. *[1] https://docs.wso2.com/display/IS510/Accessing+Claim+Aware+Services+using+STS+Secured+with+Non-repudiation <https://docs.wso2.com/display/IS510/Accessing+Claim+Aware+Services+using+STS+Secured+with+Non-repudiation>[2]https://github.com/wso2/product-is/tree/v5.1.0/modules/samples/sts/sts-client <https://github.com/wso2/product-is/tree/v5.1.0/modules/samples/sts/sts-client>[3] https://wso2.org/jira/si/jira.issueviews:issue-html/WSAS-957/WSAS-957.html <https://wso2.org/jira/si/jira.issueviews:issue-html/WSAS-957/WSAS-957.html>* -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: ga...@wso2.com Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
