Hi, I get the following exception when the SAP system invokes a JBossWS WS-Security WS:
| ERROR [WSSecurityDispatcher] Internal error occured handling inbound message: | org.jboss.ws.extensions.security.exception.WSSecurityException: Inavliad message, Reference element is missing a ValueType | at org.jboss.ws.extensions.security.element.DirectReference.<init>(DirectReference.java:78) | at org.jboss.ws.extensions.security.element.Reference.getReference(Reference.java:39) | at org.jboss.ws.extensions.security.element.SecurityTokenReference.<init>(SecurityTokenReference.java:61) | at org.jboss.ws.extensions.security.KeyResolver.extractSecurityTokenReference(KeyResolver.java:70) | at org.jboss.ws.extensions.security.KeyResolver.resolvePublicKey(KeyResolver.java:161) | at org.jboss.ws.extensions.security.element.Signature.<init>(Signature.java:56) | at org.jboss.ws.extensions.security.element.SecurityHeader.<init>(SecurityHeader.java:87) | at org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:175) | at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:219) | at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:83) | at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41) | It looks to me that this occurs when the SAP's request Envelope/Header/Security/Signature/KeyInfo/SecurityTokenReference/Reference element is checked. If so, can this check in org.jboss.ws.extensions.security.element.DirectReference be skipped, since the ValueType attribute of Envelope/Header/Security/Signature/KeyInfo/SecurityTokenReference/Reference does not contain specific information? Additionally, the same value type is also contained in Envelope/Header/Security/BinarySecurityToken element with a wsu:Id="token-2-1215429956710-11328770" attribute referencing/referenced in the URI attribute of Envelope/Header/Security/Signature/KeyInfo/SecurityTokenReference/Reference I have outlined the important sections in bold of the two following SOAP trace listings. a) The request from the SAP system looks as follows: | <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/";> | <SOAP:Header> | <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; SOAP:mustUnderstand="1"> | <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; | wsu:Id="sap-17" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";> | <!-- ... cipher data ... --> | </wsse:BinarySecurityToken> | <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="wsu-targetID-4f51c3d1-4c31-11dd-c804-52325dc89402"> | <wsu:Created ValueType="xsd:dateTime">2008-07-07T14:30:55Z</wsu:Created> | <wsu:Expires ValueType="xsd:dateTime">2008-07-07T14:31:55Z</wsu:Expires> | </wsu:Timestamp> | <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EK7176284"> | <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> | <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <wsse:SecurityTokenReference> | <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>tZwIZ4EyuXCscFmLexbBSDw4pXc=</wsse:KeyIdentifier> | </wsse:SecurityTokenReference> | </ds:KeyInfo> | <xenc:CipherData> | <xenc:CipherValue>dN7Jdu9ZrqKdO4gmMhVVqEraDWATPkXyfaOwqTJ9iiNBGslSZxS9wDPaMms+1AVIsEj+zPxOP1m9 | iGzNZgUj36ytFnfMPEYy79LZhjlsrRcuNNIYdIosI1aR55Cg8LWhmExp8xfPwcaero2ku6mnHqZT | PCoAWq859YRnQsmxoF8=</xenc:CipherValue> | </xenc:CipherData> | <xenc:ReferenceList> | <xenc:DataReference URI="#ED52721394"/> | </xenc:ReferenceList> | </xenc:EncryptedKey> | <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <ds:SignedInfo> | <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> | <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> | <ds:Reference URI="#wsuid-body-4f51c3d0-4c31-11dd-962a-52325dc89402"> | <ds:Transforms> | <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> | </ds:Transforms> | <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> | <ds:DigestValue>uPX1GhMMPxAyFhdKOyOWTSXoaFg=</ds:DigestValue> | </ds:Reference> | <ds:Reference URI="#wsu-targetID-4f51c3d1-4c31-11dd-c804-52325dc89402"> | <ds:Transforms> | <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> | </ds:Transforms> | <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> | <ds:DigestValue>720bTnzpOnIall0ooGeyk32Syqs=</ds:DigestValue> | </ds:Reference> | </ds:SignedInfo> | <ds:SignatureValue>AzlqPk9OCrqetQVS2BPZ6u3ZwMHGtPGgYQwMTBLnREKPhNEI/Cb8o3EJAgIfB73kKgKFmw0Dj3WN | c+MesXZ1LEOqvT2YDq6Jxpz4I/cYWbY+79tKKmuOfstfoQzBGn8uo4+wwR8Vn3l0Ns/DuYHwvnNR | 34RzPbLDllZUW4qdXmE=</ds:SignatureValue> | <ds:KeyInfo> | <wsse:SecurityTokenReference> | <wsse:Reference URI="#sap-17"/> | </wsse:SecurityTokenReference> | </ds:KeyInfo> | </ds:Signature> | <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="sap-17" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";> | | <!-- ... cipher data ... --> | | </wsse:BinarySecurityToken> | <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";><!-- ... cipher data ... --></wsse:BinarySecurityToken> | <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="sap-17" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";><!-- ... cipher data ... --></wsse:BinarySecurityToken> | </wsse:Security> | </SOAP:Header> | <SOAP:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="wsuid-body-4f51c3d0-4c31-11dd-962a-52325dc89402"> | <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content"; Id="ED52721394"> | <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> | <xenc:CipherData> | <xenc:CipherValue><!-- ... cipher data ... --></xenc:CipherValue> | </xenc:CipherData> | </xenc:EncryptedData> | </SOAP:Body> | </SOAP:Envelope> | The SAP request only has the ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; attribute within the Envelope/Header/Security/BinarySecurityToken element. The JBoss request ValueType attribute is contained in Envelope/Header/Security/BinarySecurityToken and Envelope/Header/Security/Signature/KeyInfo/SecurityTokenReference/Reference. Is the second ValueType attribute required by JBossWS internal processing? b) When a JBossWS WS-Security client calls an SAP WS-Security WS, there are no problems. The request looks as follows: | <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";> | <env:Header> | <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> | <wsu:Timestamp wsu:Id="timestamp"> | <wsu:Created>2008-07-07T11:25:56.523Z</wsu:Created> | <wsu:Expires>2008-07-07T11:26:26.523Z</wsu:Expires> | </wsu:Timestamp> | <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="token-2-1215429956710-11328770"> | | <!-- ... cipher data ... --> | </wsse:BinarySecurityToken> | <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> | <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> | <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <wsse:SecurityTokenReference wsu:Id="reference-5-1215429957054-30222347"> | <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>NS0xdPUqf/9XQw4/YZ+lMnTguf8=</wsse:KeyIdentifier> | </wsse:SecurityTokenReference> | </ds:KeyInfo> | <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> | <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>dqWVJQ08cTvj6O/lbEC+e6giBMlU5msZsGS5fShB1bdkkGUh1Fc0Kk38FNYfUW/EZZu0H3/YDInN | W7HcQle5KL0LpD1vGCNlXElGlOfRYdX96stIL8e6r386lglQdYxdL78RaPlI6OF4fnD6XCS3QfM9 | XhODTHWQf8LIw2xQVyI=</xenc:CipherValue> | </xenc:CipherData> | <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> | <xenc:DataReference URI="#encrypted-4-1215429956976-6044039" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> | </xenc:ReferenceList> | </xenc:EncryptedKey> | <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> | <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> | <ds:Reference URI="#element-1-1215429956523-31952022" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> | </ds:Transforms> | <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> | <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>ZmQ7YZUv5swk3OnUn5X3w2JyenE=</ds:DigestValue> | </ds:Reference> | <ds:Reference URI="#timestamp" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> | </ds:Transforms> | <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> | <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>OyIUQGrnwhkJoimoqv07+ML45IE=</ds:DigestValue> | </ds:Reference> | </ds:SignedInfo> | <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <!-- ... cipher data ... --> | </ds:SignatureValue> | <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> | <wsse:SecurityTokenReference wsu:Id="reference-3-1215429956710-15774883"> | <wsse:Reference URI="#token-2-1215429956710-11328770" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> | </wsse:SecurityTokenReference> | </ds:KeyInfo> | </ds:Signature> | </wsse:Security> | </env:Header> | <env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="element-1-1215429956523-31952022"> | <xenc:EncryptedData Id="encrypted-4-1215429956976-6044039" Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> | <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> | <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> | <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> | <!-- ... cipher data ... --> | </xenc:CipherValue> | </xenc:CipherData> | </xenc:EncryptedData> | </env:Body> | </env:Envelope> | I use version: JBoss 4.2.2 - JBossWS 3.0.1. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4167271#4167271 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4167271 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
