[
https://issues.apache.org/jira/browse/WSS-588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15513627#comment-15513627
]
Libois Claude edited comment on WSS-588 at 9/22/16 3:43 PM:
Thanks for the quick answer !
deleted previous comment cause I have checked in the specs...
To be honest I didn't do anything special to use IssuerSerial reference server
side. Do you have any pointer to a wss4j property that would do the trick ?
I think it's vital to not set the server certificate cause this certificate
typically last one year while the CA last at least 5 years. I don't want that
every client have to change their certificate every year !
was (Author: clibois):
Thanks for the quick answer !
However I don't quite understand the need to provide the serial number as the
complete certificate seems to be provided in the BinarySecurityToken field.
Here is the complete soap header in case this could help:
{code}
http://schemas.xmlsoap.org/soap/envelope/";>http://www.w3.org/2005/08/addressing";>addresshttp://www.w3.org/2005/08/addressing";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="_a7185c7f-a787-4c30-9f65-6df6bfa674f0">urn:uuid:e5e524c5-cb0e-44b8-8424-e1d4c5821a83http://www.w3.org/2005/08/addressing";>http://www.w3.org/2005/08/addressing/anonymoushttp://www.w3.org/2005/08/addressing";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="_e27b74fd-8883-4aec-928d-79de0c485594">urn:uuid:df816004-5f3a-40a8-a6d9-d24a76169ab7http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
soap:mustUnderstand="1">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1";
wsu:Id="X509-f128d321-44e1-4a98-bb36-dd62c99ea1bc">MIICyjCCAsYwggIvoAMCAQICCQCsepjmnpL7fjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCQkUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCUNoYXJsZXJvaTERMA8GA1UECgwITGUgRm9yZW0xDjAMBgNVBAsMBWZvcmVtMRkwFwYDVQQDDBB0ZXN0c3NsQGZvcmVtLmJlMR8wHQYJKoZIhvcNAQkBFhB0ZXN0c3NsQGZvcmVtLmJlMB4XDTE2MDgwNDA3MjgwMFoXDTE3MDgwNDA3MjgwMFowQzELMAkGA1UEBhMCQkUxETAPBgNVBAoTCFJhbmRTdGFkMQ4wDAYDVQQLEwVGb3JlbTERMA8GA1UEAxMIUmFuZFN0YWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM5iJr04XPZqQdxXQ4NiAcyJ4SZI725V8T732eH4vtMTI/lwUiIDE1L95/29ARkn8S+g/i59pCafcjvBt07RFJ0gE6QhM2bnn8B+Zeww3AmmeXgYFUH/BKFfhGOXFTfjY/ysDrrpoJkj4Vcz8BOFeB2O/ye2AHQ4/nnJb2DM5QfJAgMBAAGjbzBtMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNd2Jw262Yf3lRFGucioaR+kM6KCMAsGA1UdDwQEAwIEsDARBglghkgBhvhCAQEEBAMCBaAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQUFAAOBgQAXSOEwo3Pcz7B3145FO5H8Qbty3mnCkmtiezLrBx6rvPy9vBybsH+7+pBK3C8+g0a+S1BfsC8wHnTJxkke7ecW5SyE6O17YTZlBR2ZUpEHagqG47YBjryTkYKMDPB/bC91p9o7IRqT/2VlrbYK6g+79cENtKEPn378HZUoxbKHhQ==2016-09-22T11:11:39.066Z2016-09-22T11:16:39.066Zhttp://www.w3.org/2000/09/xmldsig#";
Id="SIG-847e0393-6fb7-4d6c-84f1-a4837ee2e652">http://www.w3.org/2001/10/xml-exc-c14n#";>http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList="soap"/>http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>http://www.w3.org/2001/10/xml-exc-c14n#";>http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse
soap"/>http://www.w3.org/2001/04/xmlenc#sha256"/>LEF5he1V9D2KeqxE2Y0K1JsRbiS5jgiOZeJ53Hu6JEA=http://www.w3.org/2001/10/xml-exc-c14n#";>http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList=""/>http://www.w3.org/2001/04/xmlenc#sha256"/>XpTNsgDOzAVM2nmQVb6FEuMg7926qWkoYFsg5WmVYLs=http://www.w3.org/2001/10/xml-exc-c14n#";>http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList="soap"/>http://www.w3.org/2001/04/xmlenc#sha256"/>XOQ/ndLAKGBMIcbhH9ZZ/3zLHBZJWBbwyzXN/vFJ/cA=http://www.w3.org/2001/10/xml-exc-c14n#";>http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList="soap"/>http://www.w3.org/2001/04/xmlenc#sha256"/>S7+xWrZbeR5D/P2ZiRTVNq0SrbYIJaBG8xoOixa5Aow=http://www.w3.org/2001/10/xml-exc-c14n#";>http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList="soap"/>http://www.w3.org/2001/04/xmlenc#sha256"/>Hlix91X5/g8c860b0BSQKZUqxQU6RnxvpNqHSTdmJMI=HJNcNc58V+8215eebdjY/iE3qewmgHy8uOiTokf6nSWxeKsE65JnfK77+bO8/ITnuBzQm4Vqli0WxiGP9x/5xkXxc4jdPsum84z80bXfirqtjyrm1zSwl/6Nlh1F1uHiVXwwVuFWMluPwVIScmY7rXY46RuqqpCAYgp4kqfFKEA=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STR-c2b6e796-cba1-4dc4-af4c-4d3f60050b05">1.2.840.113549.1.9.1=#16107465737473736c40666f72656d2e6265,XX12428414237952637822http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="_47ba1428-0d7a-403d-aeed-e9a70f419345">http://ns.hr-xml.org/2006-02-28";>2016-09-22T13:1