DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43685>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43685 ------- Additional Comments From [EMAIL PROTECTED] 2007-12-12 05:03 ------- (In reply to comment #8) > But, while jogging around the various forums, I found this link: > > http://forums.bea.com/thread.jspa?threadID=600008882 > > It mentions a similar problem where the poster claimed he patched wss4j to > get > it to work, here is a quote from the post: > > ----- > I've gotten a little further since my initial post. As it turns out there is > a > cannonicalization problem. I believe its on the wss4j/XML-Security side. The > problem seems to occur because of "non-visible" namespaces in the body of the > message due to soap encoding of array types. The particular service I was > trying to secure has some of these in there, i.e there are attributes that > look > like soapenc:arrayType="mynsprefix:mytype[]". I believe AL is following the > spirit of the WS-I Basic Security profile and is including the mynsprefix in > the cannonicalized xml. wss4j on the other hand isnt. So, I modified wss4j to > scan for these namespaces and included them in the list of includednamespaces > to the exclusive-c14n cannonicalization algorithim. Long story short, with > the > change I made, the digests are the same and the signatures match. > ----- > > I don't know if its relevant or not, but I'm including it in case it rings a > bell somewhere ;) If this does indeed turn out to be the same problem, then the issue needs to be fixed (assuming it is the correct behavior) in the wss4j implementation (to add this namespace to the InclusiveNamespaces PrefixList attribute), and not the xmlsec implementation. > > I'll get back to you when I have the canonicalized bytes from AquaLogic. > Ok, thanks. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
