Hi dev, I have some question about digital signature reference. I use rampart for generating soap message with SymmetricBinding policy, they generate the soap message as below and when microsoft's wse3.0 receive this message. It return this error back to my console.
"WSE502: The target element referenced by the following id can not be found in the message: Id-11985823. Make sure that the element is present at the time when the signing or encryption operation is performed." Notice wse3.0 tell that the Id-11985823 can not be found but in my soap message it clearly present in signature token. What does i can do for this problem? thank you for your kindness. twl ---------------------------------------------------------------------------------- Here is my SOAP message <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="true"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-6166426"> <wsu:Created>2007-11-19T09:16:23.065Z</wsu:Created> <wsu:Expires>2007-11-22T20:36:23.065Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>Xi3VZkuCbzgfoFI2Qr1Gkz6haf4=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>oyFtUYbPYy8JlYCCsmP/n6VYzotMk14bF3pvFVIQ0ibqmveh5V0HPsfBjit4Zg9FY9FMN0lx0iy9KpnDDMWXW+iapcFTfl81XXP5eDU5tpc8iMuedWNlISSVkHf0NnYIUyQ7pw9JiqYAA4XSslcHBaPrXW/vzKofpwnD0PRImUE=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="derivedKeyId-1114115"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012" /> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>16</wsc:Length> <wsc:Nonce>2VbeA7yLrv/sgvPmqV9JDw==</wsc:Nonce> </wsc:DerivedKeyToken> <xenc:ReferenceList /> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-7979854">MIID2DCCAsCgAwIBAgIKKJGEBAAAAAAAIDANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdJQkRldkNBMB4XDTA3MDYyNzA1MTUxM1oXDTA4MDYyNzA1MjUxM1owFzEVMBMGA1UEAxMMU0lQQUNsaWVudC0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/xUrOHpHEooNR74V+H0cy4RM/PIzNG0DYpO+69soo94ABE0BcLtu4QxEPkZ9D3hExgN0DOIyPg3p7T8wYBK/ypGcUp/e3ZBg2s1E4DKQt6ZygS9+p/o/ueNQkSbBvSYKXm+o8dyXBqourBVE8nMAtqqXebMCsWpTxhktBPdAXXQIDAQABo4IBrTCCAakwDgYDVR0PAQH/BAQDAgTwMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUi+nAwmxOh3dWDVys8K32ET9NE+EwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUQwA/Ut9S4xeFQ3GtSJKwH0yOjNUwZQYDVR0fBF4wXDBaoFigVoYoaHR0cDovL2liLWRldi1zcnYvQ2VydEVucm9sbC9JQkRldkNBLmNybIYqZmlsZTovL1xcSUItREVWLVNSVlxDZXJ0RW5yb2xsXElCRGV2Q0EuY3JsMIGUBggrBgEFBQcBAQSBhzCBhDA/BggrBgEFBQcwAoYzaHR0cDovL2liLWRldi1zcnYvQ2VydEVucm9sbC9JQi1ERVYtU1JWX0lCRGV2Q0EuY3J0MEEGCCsGAQUFBzAChjVmaWxlOi8vXFxJQi1ERVYtU1JWXENlcnRFbnJvbGxcSUItREVWLVNSVl9JQkRldkNBLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAJ0IaQT0K3piyZJWTjWRR6h6ZkEyQLQjdMJJlUSmjPKPTQ/JSgv3py86LhaU0bP//IYEN8kvqejVOtxZf5+kV1tGr/o3jay7bRt/gFcLJHLlj3iAfWmFRVP2umtaS5P5uLzD13pOfJCkdWEKms2ZJt/0iERkFDTb3jYPuibMD7nPkS77XovCFbmOcRJYT2N0zGrCa7WSbopbFX4OPZxski/A4M06OpYAlF7v38lrpjWqc/qfAQ2aJXYseJGmzDDd0jOxLWLHtlu9YNKyuesZxKkJqVvyGBO9jSMhT14cwa5XJOuXY6LQMDXIyipFh17TfsK7akre9avyvuEHLWPD9LQ==</wsse:BinarySecurityToken> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="derivedKeyId-4999541"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012" /> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <f9cwsc:Length>32</wsc:Length> <wsc:Nonce>BY2ND6tlnxKYHDS8+PcHmg==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; Id="Signature-25352765" wsu:Id="Id-11985823"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <ds:Reference URI="#Id-19583390"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>/1/0RJJno+Qcl8s4wcJ84PwKwgk=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-2628939"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>doL49U3f+krfxWP+jsUbi6wmL+c=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-26956311"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>eqbsLithYKIgP758VrdLDGr8/eg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-2780950"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>N8p2mRNQ+/lTBaufxEzPZnuhZdI=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-31658378"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>o6SwMiCtAUqORLDGMXjpg4GUceg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-6166426"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>P/8AowVuRGNVfKNIFkkVLaTyiD0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>A6wlWm9jFyQeammvxQodK5VNh+s=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-29751107"> <wsse:SecurityTokenReference wsu:Id="STRId-32278793"> <wsse:Reference URI="#derivedKeyId-4999541" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-14525019"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#Id-11985823"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>/K8QdsCye7TKDDBPRBE1libbLAw=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>ZDLdiHZ7WMVMyzaLZSKO30LdRokkwOSUnKgIu1whpDQdeLIHxUDb6lgm98BU4IE3Uo87z0r75ZDoEjIMAg3er2dCs3m8XYddywTaH3Nq91G94CoOotQT2EWEuMRig1QNyPShmzxjViB8FwM5HtpKUuDVU+bG9yh7lz/LnLX9pVY=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-16471729"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-16291471"> <wsse:Reference URI="#CertId-7979854" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-19583390">http://192.168.99.177:8888/wsewebservice/service.asmx</wsa:To> <wsa:ReplyTo xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-2628939"> <wsa:Address>http://schemas.xmlsoap.org/ws/273c004/08/addressing/role/anonymous</wsa:Address> </wsa:ReplyTo> <wsa:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-26956311">urn:uuid:F20F7B0D983382431C1195463783058</wsa:MessageID> <wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-2780950">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-31658378"> <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsa:Address>http://192.168.99.177:8888/wsewebservice/service.asmx</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2007-11-19T09:16:22.784Z</wsu:Created> <wsu:Expires>2007-11-19T09:21:22.784Z</wsu:Expires> </wst:Lifetime> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType> <wst:Entropy> <wst:BinarySecret Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce";>O0ChTFwz/rifmkfPAD4OfTw8pIqLb4oYrhdwIPlZXqLT2sirVLb9Fx2EbOq1wbI+gidDoB1VxLjGnFckUYBM0qqC5YLw0q7wlyqiSi1McLVMA9bnx1gnjrASHA/6PCAeAmb9zLnzfyC7TVFq0NVxjzeYAjAhR/ATjxw+O5BDV0M0P7hdZ1opuKJR65+uzpG4S/LHDkeCDM0ur4+9MdiSmu/iAgGbpFqIHuEZ4gwjADuEIGUub6aFssqErRBeMx0al1KEUDYs3/ub1Eg/TDesWb/tqrtCY+IQs3DCWvdZGZ5x+a7DT7shwMwzEJ9QrRE71N/Y/GkeuhQ/je1iqNSVcQ==</wst:BinarySecret> </wst:Entropy> <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> -------------------------------------------------------------------------------------- Here is my Policy <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:BootstrapPolicy> <wsp:Policy> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:RequireKeyIdentifierReference/> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:EndorsingSupportingTokens> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:RequireThumbprintRefderence/> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss11> <wsp:Policy> <sp:MustSupportRefEncryptedKey/> <sp:RequireSignatureConfirmation/> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefThumbprint/> </sp:Wss11> <sp:Trust10> <wsp:Policy> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> </wsp:Policy> </sp:BootstrapPolicy> </wsp:Policy> </sp:SecureConversationToken> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding>
