Re: Signature Interop Issue: Weblogic -> Apache CXF

Thu, 22 Nov 2012 04:34:07 -0800 

The issue with the Weblogic CertPathSelector could be resolved on Weblogic.

But now it seems that Weblogic insists on having signed everything in the
security header in the response saying
"Error on verifying message against security policy Error code:3701"
A look at the Weblogic source confirms that.

CXF signs the Timestamp, SignatureConfirmation and Body in the response, but
not the STR.
How do I tell CXF to sign everything in the security header in the response?

/<sp:OnlySignEntireHeadersAndBody />/ seems to be ignored by CXF (in request
and response)

and

/<sp:SignedParts>...</SignedParts>/ also does not force CXF to sign the STR
referencing the X509 certificate, at least I did not find the right
combination.

CXF response with unsigned STR:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
        <soap:Header>
                <wsse:Security..>
:
                        <ds:Signature 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="SIG-18">
:
                                <ds:SignedInfo>
                                        <ds:Reference 
URI="#TS-16">..</ds:Reference>
                                        <ds:Reference 
URI="#SC-17">..</ds:Reference>
                                        <ds:Reference 
URI="#Id-12354411">..</ds:Reference>
                                </ds:SignedInfo>
                        
<ds:SignatureValue>IbuCvduZIepSG4G8OtdLIeV+MCheIv+eIGhY8FsfDyfKE3hk6V9vB2KQmP83diNA0oDw30P3ugn2B6M0Un7R9xmLE70OG0Dpj6my73MLe5+48rNeAaVtrTX839VEFvRzvcBCif8mEQOS5JIPlhAXNEBu1+J3Qr3NPItamU0kA3c=
                                </ds:SignatureValue>
                                <ds:KeyInfo 
Id="KI-120F582AC27EBFB0FE135358458436417">
                                  *<wsse:SecurityTokenReference
                                                
wsu:Id="STR-120F582AC27EBFB0FE135358458436418">
                                                <wsse:KeyIdentifier
                                                
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
                                                
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>R0VTd2CEaTTD3qJ/lAomm31HARQ=</wsse:KeyIdentifier>
                                        </wsse:SecurityTokenReference>*
                                </ds:KeyInfo>
                        </ds:Signature>
                </wsse:Security>
        </soap:Header>
        <soap:Body wsu:Id="Id-12354411">
:
        </soap:Body>
</soap:Envelope>

-Andreas






--
View this message in context: 
http://cxf.547215.n5.nabble.com/Signature-Interop-Issue-Weblogic-Apache-CXF-tp5718487p5718960.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to