Hi all.
I need to call a backend service secured with signonly, it´s a thirdparty
service.
The certificate that they send me it´s V1 and when I used it with SOAPUI or
a java client it work just fine...The request XML contain this part:
<wsse:SecurityTokenReference wsu:Id="STR-E79369ED26AA07A72315362651483883">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=2323434,OU=test,O=test,L=test,ST=test,C=CU</ds:X509IssuerName>
<ds:X509SerialNumber>11718339280033114430</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
And I can get a sucessfull response.
But If I use the WSO2 EI with an endpoint with the signonly policy with
this InitiatorToken:
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
<sp:RequireIssuerSerialReference/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
I get this error:
An unsupported token was provided (An X509 certificate with version 3 must
be used for SKI. The presented cert has version: 1)
If I change the certificate with another one but V3, I can see the request
with the ds:X509IssuerSerial tag but with errors in the response because
the signature verification fail in the server side.
Any idea about how can I solve this issue?
Regards,
Jorge
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
