It's a bug in CXF: https://issues.apache.org/jira/browse/CXF-4728
Thanks, Colm. On Wed, Jan 2, 2013 at 8:24 PM, DTaylor <[email protected]> wrote: > Hi All, > > Another Java to .NET interop question here. > > The Java STS contains the TokenIssueOperation which builds the RSTR. In > doing so, it generates a RequestedAttachedReference using the > AbstractOperation.createRequestedReference with an attached parameter of > true. This method, if the attached parameter is true, will get the token > identifier and ensure it is prepended with a “#”. > > WS-Trust 1.3 – 4.4: > > /wst:RequestSecurityTokenResponse/wst:RequestedAttachedReference > Since returned tokens are considered opaque to the requestor, this optional > element is specified to indicate how to reference the returned token when > that token doesn't support references using URI fragments (XML ID). *This > element contains a <wsse:SecurityTokenReference> element that can be used > /verbatim/ to reference the token (when the token is placed inside a > message).* Typically tokens allow the use of wsu:Id so this element isn't > required. Note that a token MAY support multiple reference mechanisms; this > indicates the issuer’s preferred mechanism. When encrypted tokens are > returned, this element is not needed since the <xenc:EncryptedData> element > supports an ID reference. If this element is not present in the RSTR then > the recipient can assume that the returned token (when present in a > message) > supports references using URI fragments. > > As it states, the element value can be used verbatim, not by manipulating > it > to account for the “#”. The .NET service cannot look up the token from a > DerivedKey using a SecurityTokenReference using a KeyIdentifier that > contains the extra “#”, so the interoperability fails. We tried simply > removing the “#” in this case and the call succeeds. > > Have we misconfigured CXF somehow, or is this a bug in the framework or in > .NET? > > Thanks, > > Dan > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Mandatory-tag-in-KeyIdentifier-tp5720901.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
