Hi,
Quoting Ruchith Fernando <[EMAIL PROTECTED]>:
Hi,
Did you add an AttachedReference or an UnattachedReference element in
the RSTR created by your custom issuer?
No... Is there an example? But why I've to attach a reference
to the security token returned? You mean a wsse:security token reference?
I'm a bit confused on what is the reference.
Can you please send the response produced by your issuer?
Yes, this is the response.
<?xml version='1.0' encoding='utf-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
<soapenv:Body>
<wst:RequestSecurityTokenResponse
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";>
<wst:TokenType>oasis:names:tc:SAML:2.0:assertion</wst:TokenType>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsa:EndpointReference
xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<wsa:Address>http://localhost:8080/SpiritXUAServer/services/XDSb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2007-10-13T12:50:24.487Z</wsu:Created>
<wsu:Expires
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2007-10-13T12:50:24.497Z</wsu:Expires>
</wst:Lifetime>
<wst:RequestedSecurityToken>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_47ac6d119b053a57619f25072f9b394c"
IssueInstant="2007-10-13T12:50:24.442Z" Version="2.0">
<saml:Issuer
Format="urn:oasis:names:SAML:2.0:nameid-format:entity"
SPProvidedID="spirit-idp">Address:
http://localhost:8080/axis2/services/SpiritIdentityProvider</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#_47ac6d119b053a57619f25072f9b394c">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments";>
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="ds
saml" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; />
<ds:DigestValue>v1HtgO4Q5Y2JKRiNaPJ6rlyrPD2y4Fh3cFiL8CTYG48=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ncmmE+m6alVc0BNYUiGzGPGqNsdnvKNZ6LhQGfjxLGeDHJzb7D1uUi3GZ4gfO6ZND23PmXpDPKaZ
WWSZVvKqWQ==
</ds:SignatureValue>
</ds:Signature>
<saml:Subject>
<saml:NameID>client</saml:NameID>
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
</saml:Subject>
<saml:Conditions NotBefore="2007-10-13T12:50:24.442Z"
NotOnOrAfter="2007-10-13T13:50:24.442Z">
<saml:AudienceRestriction>
<saml:Audience>http://localhost:8080/SpiritXUAServer/services/XDSb</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement
AuthnInstant="2007-10-13T12:50:24.442Z"
SessionNotOnOrAfter="2007-10-13T13:50:24.442Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:kerberos</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</wst:RequestedSecurityToken>
</wst:RequestSecurityTokenResponse>
</soapenv:Body>
</soapenv:Envelope>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
