Here is the fix if you want to build it and test it: http://svn.apache.org/viewvc?view=revision&revision=1214193
Colm. On Wed, Dec 14, 2011 at 12:11 PM, Udo Einspanier <[email protected]> wrote: > Hi Colm, > > thanks a lot for your reply. Yes, it is SymmetricBinding. So can I check out > a fixed version from SVN? > > Udo > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Mittwoch, 14. Dezember 2011 13:01 > To: [email protected] > Subject: Re: Error in CXF client with certificate authentication > > It's a bug in CXF, which I've just fixed. Can you confirm that you're using > the SymmetricBinding? > > Colm. > > On Wed, Dec 14, 2011 at 11:04 AM, Udo Einspanier <[email protected]> > wrote: >> Hi, >> >> I try to connect a CXF client to a WCF service with mutual certificates. The >> request looks mostly fine, however the leading "#" seems to be missing in >> the URI attribute of the first >> wsc:DerivedKeyToken/wsse:SecurityTokenReference/wsse:Reference/@URI: >> >> <wsse:Reference URI="EK-EB7D959EB7AAE265FA13238483886841" >> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-secur >> ity-1.1#EncryptedKey"/> >> >> On the server side I then get the error "XmlException: Cannot read >> KeyIdentifierClause from element 'Reference' with namespace >> 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'. >> Custom KeyIdentifierClauses require custom SecurityTokenSerializers, >> please refer to the SDK for examples." >> >> Has anyone experienced the same problem? I'm using CXF version 2.5.0. Is >> there any way I can fix the error? >> >> Below is the full SOAP request sent by CXF: >> >> >> <?xml version="1.0" encoding="UTF-8"?> <soap:Envelope >> xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> >> <soap:Header> >> <Action xmlns="http://www.w3.org/2005/08/addressing"; >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss >> ecurity-utility-1.0.xsd" >> wsu:Id="Id-716570799">http://tempuri.org/IService1/GreetMe</Action> >> <MessageID xmlns="http://www.w3.org/2005/08/addressing"; >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss >> ecurity-utility-1.0.xsd" >> wsu:Id="Id-107372097">urn:uuid:37735dfc-6929-4993-ab85-39b6da3e7700</M >> essageID> >> <To xmlns="http://www.w3.org/2005/08/addressing"; >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss >> ecurity-utility-1.0.xsd" >> wsu:Id="Id-1043274522">http://localhost:7777/MuniceRETest/MunicReTestS >> ervice.Service1.svc</To> >> <ReplyTo xmlns="http://www.w3.org/2005/08/addressing"; >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss >> ecurity-utility-1.0.xsd" wsu:Id="Id-110913499"> >> >> <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> >> </ReplyTo> >> <wsse:Security >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws >> security-secext-1.0.xsd" >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss >> ecurity-utility-1.0.xsd" soap:mustUnderstand="true"> >> <wsu:Timestamp wsu:Id="TS-1"> >> >> <wsu:Created>2011-12-14T07:39:48.347Z</wsu:Created> >> >> <wsu:Expires>2011-12-14T07:44:48.347Z</wsu:Expires> >> </wsu:Timestamp> >> <xenc:EncryptedKey >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; >> Id="EK-EB7D959EB7AAE265FA13238483886841"> >> <xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> >> <ds:KeyInfo >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <wsse:SecurityTokenReference >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws >> security-secext-1.0.xsd"> >> <wsse:KeyIdentifier >> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- >> soap-message-security-1.0#Base64Binary" >> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-secur >> ity-1.1#ThumbprintSHA1">UsObF/wOuFYqPswdD1bivW614Hw=</wsse:KeyIdentifi >> er> >> </wsse:SecurityTokenReference> >> </ds:KeyInfo> >> <xenc:CipherData> >> >> <xenc:CipherValue>wmvpdYBMl2amoFwDpDheDpEOo/ANIQxEdsnhh9MezA1YJ9YTErEP >> YNkw57fRhpiRMr5N8Feg9qhOzxxLTUY5I1pF260afJ1X+BUvmd6RTArPnWRQiqD7rMM/0u >> IFlRRw7RFJ1odyqr3hmNiXLfsbMYBItQYP7t+uZZNgPPQTxJk=</xenc:CipherValue> >> </xenc:CipherData> >> </xenc:EncryptedKey> >> <wsc:DerivedKeyToken >> xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; wsu:Id="DK-2"> >> <wsse:SecurityTokenReference >> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-sece >> xt-1.1.xsd" >> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-messag >> e-security-1.1#EncryptedKey" >> wsu:Id="STR-EB7D959EB7AAE265FA13238483887102"> >> <wsse:Reference >> URI="EK-EB7D959EB7AAE265FA13238483886841" >> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-secur >> ity-1.1#EncryptedKey"/> >> </wsse:SecurityTokenReference> >> <wsc:Offset>0</wsc:Offset> >> <wsc:Length>16</wsc:Length> >> >> <wsc:Nonce>W4BhPXvFIC9idCeSTsHvjw==</wsc:Nonce> >> </wsc:DerivedKeyToken> >> <wsc:DerivedKeyToken >> xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; wsu:Id="DK-4"> >> <wsse:SecurityTokenReference >> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-sece >> xt-1.1.xsd" >> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-messag >> e-security-1.1#EncryptedKey" >> wsu:Id="STR-EB7D959EB7AAE265FA13238483887685"> >> <wsse:Reference >> URI="#EK-EB7D959EB7AAE265FA13238483886841" >> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-secur >> ity-1.1#EncryptedKey"/> >> </wsse:SecurityTokenReference> >> <wsc:Offset>0</wsc:Offset> >> <wsc:Length>16</wsc:Length> >> >> <wsc:Nonce>XI57dsm9x9nMo8Uv5bpd9A==</wsc:Nonce> >> </wsc:DerivedKeyToken> >> <xenc:ReferenceList >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> >> <xenc:DataReference URI="#ED-5"/> >> <xenc:DataReference URI="#ED-6"/> >> </xenc:ReferenceList> >> <xenc:EncryptedData >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-6" >> Type="http://www.w3.org/2001/04/xmlenc#Element";> >> <xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> >> <ds:KeyInfo >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <wsse:SecurityTokenReference >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws >> security-secext-1.0.xsd"> >> <wsse:Reference >> URI="#DK-4"/> >> </wsse:SecurityTokenReference> >> </ds:KeyInfo> >> <xenc:CipherData> >> >> <xenc:CipherValue>3jf7lxFjAW9lRpuGnWGMuDHphZDCshK0sD4Id3Cw/nrV/HCazF46 >> nKa0lcsn+fNHx9qWiCUB7dUfE22l1hnYfWsO4tYnX6EiRfsgpcBw3J+KkFlLzc2ynkWUzJ >> SGd6uLnd4qBgBnwLNG2SjEsf2AoejIltHVTXt4ivJsbM7eY4+PokcLGB5jpWXPm1iE3Zc1 >> MCDvluy1oVexTeeP2OME0YZ1jdguT9qCcITYVl161MvwKaieCmLCt2BYfTCX0GLatnQbbI >> Mnu8UIHpXFpAkXbrfkANHLkpau2GX+3KLaY/JJ06L5fNS6pdRGrAR29oT5F4Ub4f/oMEIL >> 4sIVc76V9agruCgWMiI2N/ROhs7BSnPOhEpkg6y8lcOGjeIP8fLuWrkenWn2CgZgBT3O9f >> loGnbhPOrDd5F7E1M6z3oTdwF7DU0DwPrmxF4a8scfVgYrHeEwDPWNSzMyle0MwhOf1tz9 >> xr4kKcBoYhOafRr1G7XrsXoz814K5jBVjH1nPKfugT3JIcDzESN433MiUNcSn0hTjgAL8K >> GBoORAs9UN2xDaubtn/MNr5KrJNq9EjBOiBLWX9fO+s6Mr+AooFrFlFAZkDMBD7G57Z824 >> vrvwGr9/KO8tflZaHIFv8kbwfkuTtOuQnHS4RXZROxxBteTEwaTLbgLbRJHu2JFKUjgNmK >> 3uuw5POWaVw6oBiIPXvKBUfVcjGTRfG58OamjSzfH2lf9JjJntLJZkne9Ydoo4q9aXKaGb >> UpzEhC/Vd1ihjdTslepyGzKxM+G7lW3+CFHZ0d5SRYDE3tKyikjogi7IM4m2poEHrnUC8+ >> rvZvfzId50m3qfgkhRY3/1OX1yWOvPxU5ND4KlCNbdzt5BOHJb0W1slBVRmnXoeR1uQ0ot >> qzzw0sAm7DXxwiwqL3ycEIi8wKKq7RiY0Zi/dyBzi76yVIFsYQfrgeqy06dozIAwY9aY0G >> ZcsSk5zZ96VjBLyuty0nplSsxtXWS9QoQbneDMOewRXmL/1xjsJ1r3jKMb2DHQwwhs2k4g >> kNZDLdqc6UIS4BVr0BVj9SlEUVCvRFOahTgbpgwjZhnlqzOCoAPYXqhrsigj2G2IAcueZ/ >> r6YPdmxL0rkm11XXjuivKafh+eihy5U/3FJbB66m/nfGgjz6oxHv/n6XKqDI6JfuWar0qI >> 058nCygWjAvVRxMQoJJAgfso8Paoh9KoOXDXI9AJNV5zq5c3fdfdA/SbwTLjM2oCdHhayJ >> EZmT3UYB2a0AQVHr4wMp0rllHsEYKo0VvENBYAxETmD2HEzuonsmlNCWIcIjypbwr8e24A >> 9uFUBGZ4ss4GcBAczE6alXV9A3o61NGqrWQ57twiFEzuK3F/L8fqxYmkmEwwh52XpAcwch >> 9gAGJaIxoLO4j/nAltiWSrw/2wVK3NH3TsReGl7eskMDnRfj+vIwt2PlyB0GL4/qzVPxCw >> nIN2KlcCzNGd+whyzkmw2vZlF7xgIqps4Y25q4zjin8X13HcG0JGGE9XyEIOa94RpKcCZi >> gAXbG5bd4xPduE1g260p58n9SNEbz9ZYtBuT5JjnaMSvO8FBkaidxyZ4oKBF459YxyL6i7 >> HpG+J3WZ0E1CHI5KvikBiHELL1M7ZokpIiXkfDRWUEQUeLpaLH7fmb4e/XMrkLRPyVdRYX >> xJhWW83V6EptKmk2GeDQlxGIgvkkwuDJv5iQL3aTVtmgx27vS8MK1nVYcfIVSHQy7DtpcL >> /xFfNJDoorwSNKx+5f0aYHns17fSmfCkyM7M1sVR0pIBmQ1mUFB7ICYEcDoUvupgx2nSCB >> OXDr7kZ8UaXD52bi4pIOvjuoN6t39BR8ms1MeWpmZ0emqVFuTAFoblugDH26+qzLBaDeoH >> ZeiZfku38PyUY1gBmKPlKv53NHy/ylHuYErLCt620RAAKiG2h2UpOo/GHE1Cdh1BiV843d >> KIgMc+YgMRn2+TgRZoSWMAf87Psz1Rb3WGdAyYW78ufk5q96onXTje2G65otdksf7awEyg >> PSwCMhJJijEoRlvOJut+oOasHxAFM8wx5vE2WQBO6Rt0PmVMxIeRQTdtpPjfxZkqWjQORU >> ap1e5cYSZxuaVrFSo0bqcCfEgHGQ71ouSigIgdlUzMvCjgTkyPXyy5GFGuFioPl3iTazmj >> VjMPZOqOMZgPASQM9rYKNK9a/zbyLrbNGrqXUMaGnK3a/X3jXfAW42N/zxphr5KCJr4fQs >> Bes7/jebopyHd2CbcFlL8AOYWAOyxChENTVjowP+KVCK2GP0uZENP29E6tEdZHb3JezSl5 >> ZBQk6yE+v95/qvVQWTlkmYczTWBKx5ZsMvNDe0dFtnSHCp87RQe8ur9GaEufbTxZKsmlbW >> Rw6AhvHuFTj801Fepf9+/k5vmjniKC0cBoAR/u18BRItEaCPXJTxccv7ZYtTZYaQJlVaYU >> OcQ9EFt+0fT97vZNbZ9NYwdLTq2HDTZgW18Pfhn+A4yl3HihEQRVibTFoDeShOxaFk2Krm >> BQActthTN5wxHI0PEQ26w5kuzPsUbVtto7IhJYEG/kZIizYbl8F6CUANOVymELxbtL2hqd >> LYGo7e2OEeOsD3WQmhiTMEMHL+3wqNeS3N/+YjivBhS5PNf8oTROFMxlgxeKcqPfK4Ly5B >> NGa2uNpX6DUzeV6g8Dwdlbo4McgjTPUhYmBEuI6PXrzioAs5Y0CMzj3IUtGgthrWb0cuR/ >> cawgO8rkTrM1eyxq3UP8LR8yTSmeMVQ9qB3I0WtSUbeELlyS1HjOrNYRsiXW+HfdZJGmXp >> mqFic/dSgmXT0sxSDH2DTZAtZ/Zl87jZfQfmj1ExKza9msiRDSpc/U6f8asTdxF9EWb4j7 >> FuEOJ4OobyEWlPBWEhqOZVmCA7EvN66GWQal+VUquiwTgb5ttfYjzmEmNDXXz4HD9JwPnV >> 9VcQ6pxd79yPrYLn+4wmAL9T0JAqLKZpTAdHV5pSqNDYajQQyfP0aWzT7wb+XNIFB7DZxE >> 1IVm9LGr8GhRKqoe1ErZYzW+UuIua11RjLpTI/wEAeCNiQrn5UVU0gNj4hafrrKF6sSIri >> XK9PGmYe2WrENrG/veWztARtyr6S+3IQ0gUIPc26ZYwCEoMqW8d2OCNN6Mv3fJ33U92ZUe >> sTMghdWqhgDN1p3AAz4wfzsYg0Z1aTWUlZK70MhKy4u38ajx10Pow7kHhVQtXYEk/Ie1vv >> EIEGRCk8BQ0CnNfoEXmQCgdJln/sGhzMMgFsZzYb3Au2Wj7/O0WVi6KtSmiOeg5VVgxeiy >> Y4wJpVFevi9LbnmC6Dt98UHoLjDdvoo3i7GKtJbsttY9QSdCrZpSz3OWl+9/npdBP/DF7q >> T56degW8Ucbz89nAN/F2ApW2Fb7+Cl5ELTn528YVGSp2QHkf8o/jTd9IPvnA1qdYnS3HSi >> K+U6DmWJfmvKWDrBHJUG+3Lza9WtBKADfSWHH1kvRPQGCSxPdljqmgfzDhHBA27lxuuu97 >> jgXmq31rJAOgt1J1iMv7ypW3jMAZRVvB2GGVPOHd/ooUXz+Ik0h1rBXXXYpLLXocW9W4SU >> kUznSysQIRLlZAz8m2aJVMbD4St54W5Q61qnzFNGtU9b5ZkNifIKRsACK9S7jy6qGo+cDJ >> o2jvM3jeNiDCus+piGQhCMvtEGzp+JvtPbA00ch8ZvLomG80aWTe5hs3WwLpSMcGIS1OpU >> O3ocHVuVCVrt/PnBb+HmfDBOjLVjWp4gwfmGJrkwS9pAGQrfHn02Oh51J+EhujShzs1oI2 >> HCydYXAlxPZKOZIMoN8u9V0d5h75anoEhU1TPTzjxffYTYe2Vl/61c5DJdKisl9J494BVB >> mynbAd/C2hWuhd50TF4PDve1UJiwtJV6ar4EFoiAWZwJyFstM1Tvig1J/0Xdy069lTaVxS >> PNw9f/oMF/hNk3fDS0SaazsZ0/dTvRqyxmrA5v8hqdzsbbInglgFSA05SrILgDucTkECg/ >> KI/AXwEJRw0XC+s16Qnfv8JTJKlYPuqMrS3P8sAHOw3XGHeAlQFJlrwqUCed7XevvQtQIw >> 1RStJqen7Mkf9eVoA3QnWDifV9ooNq7l3B74pf+DE6cIRezxCuaWNRHl+VbQ7BsfWQaZhs >> IHXEKrJGkRQt7vnkARt206YNz12X6OFn8bbkMLjgtysmfa+uyLhBDZ/ff0SBHOBAgvJ19Q >> m/B8tYnHnWVFBI3iFHdJVCUIQMo0AjqfNLG/qpvH8k6aYHFGUZ0Jpd/qhHt9hCApbpzjTB >> hWcnCgfrIBHZR7y+4IgjtOOGcyTARqBzjm+2AzxA93Ls6E2Wlv5I2UbWN7rGrWFRHLVyLo >> nE9k/QjAAg32Uha8ze4FtdHtFoGxtUhNFOQQreDdrZ/49yGETqeXoNjAPtg7W6gpTfjUjN >> 9Jc=</xenc:CipherValue> >> </xenc:CipherData> >> </xenc:EncryptedData> >> </wsse:Security> >> </soap:Header> >> <soap:Body >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss >> ecurity-utility-1.0.xsd" wsu:Id="Id-42610539"> >> <xenc:EncryptedData >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-5" >> Type="http://www.w3.org/2001/04/xmlenc#Content";> >> <xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> >> <ds:KeyInfo >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <wsse:SecurityTokenReference >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws >> security-secext-1.0.xsd"> >> <wsse:Reference URI="#DK-4"/> >> </wsse:SecurityTokenReference> >> </ds:KeyInfo> >> <xenc:CipherData> >> >> <xenc:CipherValue>ocmeEmZvxM1o2yM3PcqIs4wpOrMkyG1No6XOO6TYKYwdvEAHRQge >> m6c70nCOPBcKeTjPLRNQ+Uts1FJhc+79mZkHHWqHS/Rvhwmb992rWjxFwvwbSkbCTu3eYK >> wVBdMT12ap8cRtniBgUcjfWUPXJFLGcK6ZDpqYaN9HN/8MXbBL0Yme9yznj2PZqK8C3Rye >> 0DRunyCutJutYZ1/RbCbs/SARKS6ycCG921xtYqwHN5VgM5W+7wVyErbg+COi7beE+b2dC >> R/kSlPpxID8R8x28T17MtCGdYRlauXHUsH+fojNxrn/I7EkKipVMzHH4/Ig0SOdWms6UDe >> H/fDgtgDMDyEXK7gPFGm3/KsUbNavxwxiMeDXItEskL3QG0fdeUgPr1A+GxTfI2poEVdbJ >> +Efw==</xenc:CipherValue> >> </xenc:CipherData> >> </xenc:EncryptedData> >> </soap:Body> >> </soap:Envelope> >> >> Best regards, >> Udo > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
