[
https://issues.apache.org/jira/browse/STONEHENGE-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12705130#action_12705130
]
Ben Dewey commented on STONEHENGE-44:
-------------------------------------
I tried again today from a fresh build and, as before, the php page returned,
but the order never got closed or processed through .NET.
Using the bob_cert had no data in the SvcTraceViewer.
I've been looking into the issue a lot and I'm hoping to get a security expert
involved. Is seems to be related to the fact that the EncryptionKey is loaded
by reference:
<xenc:EncryptedKey Id="EncKeyID-04818ef2-e732-44e1"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:Reference URI="#CertID-4835f059-ce6f-4de8"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";></wsse:Reference>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>ARMh40u6P93sgtNbiAIHQ6wb1XwGCB7j7lo0INOcKXvyOn0CAHVXn8r7VL7bdkvUtTowWiGtPGgWG8rp22QqpcEpXbPY4cPVaSr8apfc35Ri5lQZ5jeHeOhrlLk5iMEgTtljbFvOgvkq22Miyj/XJ+Q6eQIEw9R8Wv9Ys9YxzMc=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
Is there a way to modify the policy.xml file so that the SecurityToken, gets
supplied as a Key Identifier, this is the data that is being sent to WSAS/PHP
from .NET
<e:EncryptedKey Id="uuid-914d7d40-322e-4228-ba8c-d286ff9bc88c-1"
xmlns:e="http://www.w3.org/2001/04/xmlenc#";>
<e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<o:SecurityTokenReference>
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>NQM0IBvuplAtETQvk+6gn8C13wE=</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>O8E6TRY7tEehAjY2p6+euAOF2l7sbXWEmpp9usnecJLewxdBjAFxyHcZ7F7iLxuyB2XDgT30fZlKCS4E5JE2vz6Mk1OJwm94cURIH6ATNcp49SgY5hI3yonVNSD/n1tfUuSdEFBuMNdqIat5lMMhKnZZS4DhDNCoBqAFT9IyZAY=</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_1"/>
</e:ReferenceList>
</e:EncryptedKey>
> PHP_BS -> DOTNET_OPSSEC interop does not work properly
> ------------------------------------------------------
>
> Key: STONEHENGE-44
> URL: https://issues.apache.org/jira/browse/STONEHENGE-44
> Project: Stonehenge
> Issue Type: Bug
> Components: DOTNET_OPS, PHP_BS
> Reporter: S.Uthaiyashankar
> Fix For: M1
>
> Attachments: bob_cert.cert
>
>
> PHP_BS and DOTNET_OPSSEC are using different certificates, policies. Have to
> include a CustomBinding in .NET order processor service to include the policy
> and certificate.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
