I don't think it's possible to sign the STR inside the KeyInfo. I don't recall ever seeing a signature signing its own KeyInfo content before. Could you attach the security policy that is generating the request?
Colm. On Fri, Nov 23, 2012 at 9:17 AM, andreas_triebel <[email protected]>wrote: > Hi Andrei > > Thanks for the infos about the signing behavior in CXF, this helps me to > understand the difference between Weblogic and CXF. > > Still I don't get the STR inside the KeyInfo signed in the CXF response. > > I'm not very familiar with the SignedParts/SignedElements assertions, could > someone please provide the right SignedParts or SignedElements assertion to > sign the STR shown in the previous post? Thanks in advance. > > I tried these two: > > <sp:SignedParts > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <sp:Body/> > <sp:Header Name="SecurityTokenReference" > Namespace=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "/> > </sp:SignedParts> > > and > > <sp:SignedParts > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <sp:Body/> > </sp:SignedParts> > <sp:SignedElements > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "> > > <sp:XPath>/soap:Envelope/soap:Header/wsse:Security/ds:Signature/ds:KeyInfo/wsse:SecurityTokenReference</sp:XPath> > </sp:SignedElements> > > -Andreas > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Signature-Interop-Issue-Weblogic-Apache-CXF-tp5718487p5719000.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
