Yves, can you send to deployment params you use? Did it work before, or did you modify some parts, e.g. downloadig a new version of WSS4J?
Thanks, Werner > -----Urspr�ngliche Nachricht----- > Von: Yves Langisch [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. M�rz 2005 16:34 > An: fx-dev > Betreff: SecurityTokenReference issue? > > > All, > > If I use a reference to a subject key identifier I got the > following on > the wire: > > ... > <wsse:SecurityTokenReference><wsse:KeyIdentifier > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 > 401-wss-soap-message-security-1.0#Base64Binary" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3">MIID6TCCA1KgAwIBAgIBATANBg > kqhkiG9w0BAQQFADCBoDELMAkGA1UEBhMCQ0gxDTALBgNVBAgT > BEJlcm4xDTALBgNVBAcTBEJlcm4xEzARBgNVBAoTCml0U2VydmUgQUcxGDAWBg > NVBAsTD0xvaG5z > dGFuZGFyZC1DSDEcMBoGA1UEAxMTUmVmQXBwIFBJViBSZWNlaXZlcjEmMCQGCS > qGSIb3DQEJARYX > bG9obnN0YW5kYXJkQGl0c2VydmUuY2gwHhcNMDQwNzAyMDkwMzU3WhcNMDUwNz > AyMDkwMzU3WjCB > ....y0PZksq > +C8tEO3Xjukv83CklYo6KELoH83sBJBmiXFQs8ClGmBejn/RLnp</wsse:KeyI > dentifier></wsse:SecurityTokenReference> > </ds:KeyInfo> > ... > > Per the X.509 Certificate Token Profile (section 3.2.1) the ValueType > attribute must be > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-t oken-profile-1.0#X509SubjectKeyIdentifier and should contain the encoded SubjectKeyIdentifier of the certificate and not the entire certificate as above. Is this a bug or am I wrong? Yves
