The encrypted message is: ---------------------- <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#";><S:Header><wsse:Security S:mustUnderstand="true"><wsu:Timestamp xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/"; wsu:Id="_3"><wsu:Created>2014-02-13T11:47:33Z</wsu:Created><wsu:Expires>2014-02-13T11:52:33Z</wsu:Expires></wsu:Timestamp><xenc:ReferenceList xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/";><xenc:DataReference URI="#_5004" /><xenc:DataReference URI="#_5005" /><xenc:DataReference URI="#_5006" /></xenc:ReferenceList><xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/"; Type="http://www.w3.org/2001/04/xmlenc#Element"; Id="_5006"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /><ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="keyInfo"><wsse:SecurityTokenReference><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>a5lU/W3F/TDdnXT41CiDtKH9OMM=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>/Wt8uVRddMIJRDkrY6vSnlXHkdVpKXvsNh/OWGcjFt66pigBj0crWYB+/B7l9Gi9Cmh0nKupWFKYCUQSYw0Ce3dp5FltT/F+lXH3QS2Y9lGj2RszmPBOuVMRuY4+aTCviNBBYWEpYvZZEhm8Kr737PkI9LVqgZw8miT+pIsmplbYDd1HqNIUSmaUnQ9AUB1x8n84MvrIExR8RjX9m+7DI6tw2anoZTTlwU/oBsPuCgmEKlvjAt4pxIDDOAJ1o/2rqqsQsRQ8DFYCE3BugMVtg4uPIqIh8RkBlA3YGbO3u/Kfxp5tJY21eCRoSDn0TmPItWrWxK/Zq+BpScFGUii+ri+Qpj/5/kMrcOnFc6hEOe0KEyZlWZ0JxSgXGQT06hjirbr1DOX/FzKU3ncA/Xw8DONaYkTkEZcDf4Qo7HYhQpo=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/"; Type="http://www.w3.org/2001/04/xmlenc#Element"; Id="_5005"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /><ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="keyInfo"><wsse:SecurityTokenReference><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>a5lU/W3F/TDdnXT41CiDtKH9OMM=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>P6lOUK76N0AE5iSOtgvAWShskC5y/zMbaoTDd88WNnrTmzbVT1tyjNVMrK2PcNoerrr4p0l7yl2Nwi7AKFpekQTfp9GZqmNMktSUo0EKxkNvQ54zrVmB3sp73sU/tizIGZNhq4Xt4OogfzCJ55puDxsKzD0B5Vsbni/M0ArrGwe7Fv/TH55aRp56OOfDithrd5tjLFfgNlS0GjNsZu9G8Yqdi+7US+mLQeZ/VLudGIe0MnBH/Uv4HWNPAYzpbQ5Hd1Y5VyOAgrlCRCCyZp7wFPec1ND67vioxK8ai6KSAzY6jvx83efsV2t+vOMd1HfetcUB5LwjxfaRTfJp8mBZqvpk2w4mcveR2QzX02NYluWcugMHYJ7S7eRAiXSyHW6r3Zt2w9kmq1WoUCHJ+3HW51JPq8Hzw3DNIBBVD29cy9UWSShx+ugARloDo7UNNHFJEQID1yHrdL6AzABBaX7pKqohlIDaAqklFCQf5fuYCLpa87cjU3kw9tCroxPm1SYK96oaiikqadBoJDmda6vd63ekB26X/ic9L/1dEerNHjZaJmn/BXrFQel/HpqZsZVOYO1LKOVgQRcjxHlFSfSvP4t9F73CffXvZB5u5T/RA+LdlhGZN86JLuyuuLufuWXItjbStczKGwGbwEvgryFtXCFzuUR63Kkvu6lBgW5cCJczqNUBaXaSK2kT7zwi8pNIxYgUBdUV6zUi/9zC7G5z61D8uF9DrK4RtWPWu9J6TNzskcFbVsgvEdciST1Fj+WYnmxizIT5wbZ6JVniGCUyXhgcSJzqGUGkwg9/2bX9Y/M0p8xOSugIiXSMxuihQ8kK/zHaF4TbMVsX+eS2xox5WlVIaSR/W3btzR9+bTH3/ITyGoahD/chxHAdXIpbfK9ppE143+5MThXI6bDfg2f+5HuiErrqfljd+geUKMChLQLXxZXwuy0FYDVTDAkW064jZWPrSokBYS9//d/SGCk4qBj/QYExuixsnTZtgxx73iYKDAoe5hkleVHoYpNbAFGcWlWtU5NbkROQQGNJZbs9C/SvkjlluhVnT2Not8l3JwPXJAncikvI7U6Ap4p3tcc07hXzfymsUs7adGP0NtKN1w9YTjNGnfCXmu0DTYkmVhdZMyeCZ5n7Dy0gAQxuuJh+Uhg1yjWeDc4vmhMhwsIAH+ZIJXrZbEScqLVxU2+fD7vLpD5rzun9BSKw/gukOruKgOWyyAy88A0aeBrX9JDPBaA204N1Fk4XUsy5gyWbdOaP86BJQ+6d9UX84W6icJlBgYvA0Nf86p3lNAhwPeOR0jfr5U7rpjK664p4pv8qp7NmITYL1NtMJpl8JoXuYleYd5dQeKrAWew9j7KFrhhW8iEIzI9f1bK6dTx4PQKS/mnPACBSsOieHOfzjzrUQEJCfM60pEXTAVuESw9e/mBah8BvKLaQS1ejUK/94iocnvcWvdJv9Okfee7u2pBXa42hdCP1BYpQA85gaHUlFzosn8IBo6LsknU2D3XpEE1Wk2btGH6lAy/j310E4JwgdXwLFym/eP7OBcKiNM9XpuJwhqbBtJGXRDTGCUKySYawDdEHf7JMOrfNGWSKvuDRMvTe5l4c0xXwMBSKu0AnCnL3Tc4AYrI00ISA+ZOMEdnYlkmvW1zVQCxgpN6uy+rVl+lf81TY8QbNvO/5LySnis3TJffpzkcb8ab8mEekN2tOdZ3cyqTo9eaULflvidkfiPxR48t+WgWynIYCsqB4D31+U1XU6DkCa1Dxy5fOi85oVv6Fflt8eouhTvpCUg6XpvRnOtyTrD5fgvni8FGXGEPJb+oZnaMmfh3EhRH6HIdwfrrs8dFtJ1dhM5A60wKo5gTWOdCEZMVKVF1nQKTTnISzdd99U/uZrhdylRdk4c1xsmqDVx26JcIh9q/EJaUkVoJKgRWzDq3EVEFsqpVGgvO0VWXbPt6ud0M4D1baIipwpC7/O/th3aWhdSCljfw8P3motcD/r/yWY8fsOY/IZVLod7mHQJDjgpAiCyNivJxYgjQ5NHsTqFuJYKI05afge1mFcSI788HEvhckKrjl29mFS7TnxDczLpzk5K9hGU3zOp+tCJ2f5MGgaRTiHHAIUdCIchWbx0GOkNDVFAX0un0TeELRpheCLUd2Apn9+mnA9onXEgYjUFe3T8BLDxdIHnQiICF6BnNm4/8wX9R8QIGWSgUebZlCHM7Dkmcr4zV+chFmU7Gvq+8txKY8pipdcSGYk72OZ7tGhDSCs7TCM83sp7yjFtQV1LRGn5mz6JDd+m4RoryNBoG1fjUZqKd9RBUlrWFvz7eKJWrFBuoyrOeBMeboBHu5T0NhYmWTt0N9Evc4efSSxR+DGw/9w+Gv7RqjhV0UxyaITddAnmuGhLKH2sRW0HdCJ2jcFKBU5st2mvCnntUSkw5Ff2QtAfWRt9rcg+W4WoqqPNEyxCVfSZBDErFoxTKeDzFPgSr0lEgc6ofJc2d7aqzkbjOhJgWWSeEJQ2e9iTUiJprVaUPCelLX20dST2JDMgLC2GtQqHGnWwiV1/oAyKuFAXf0rMuG1J8YfVfMXsQEAJNAG8YUZLBKdiWj8/XPT1wMBgiwMIbOZGlh+w8Ed3UQmNbE98V+BqSegYrSOQb8ZoHH1z4l2T9PiFkdHNEPXWfvzL7zNa1r01mPN3RGCO0NHIZyx8Gs1vq80oH9BPUPbykU0ejyUVBOueBKTgbUW98tIy1j7LlMjSbGZuSypgX1UlD6QCp7oBqYyiK+EP6DUpEE9pO12trarM7OZxazqixHFi54h2RKschvDyDUtc+uigsnA4/5Xxjy7gtGZWfgTxvVOkiyYy58WZbzbXGjzvhqajwZv91S6kdtQ1FDqrVuyIe6UbRG2Za3pkpuzL0H3ldRSxf/dNjrT6KyVfkdiUjygGlg/rmNNy8LJPdB8CzA2vwKkwGwYc9MZzBRjcrmbvpAm/zPCPU8kXJN4R0wxasGdeehPdLhO713LCcM3bE8dbYqAAk9NsIHTIcRmMiOSQ3VSxgI+Q9+upwB6qF5m614rxXIUtQQxFs=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></S:Header><S:Body wsu:Id="_5003"><xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/"; Type="http://www.w3.org/2001/04/xmlenc#Content"; Id="_5004"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /><ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="keyInfo"><wsse:SecurityTokenReference><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>a5lU/W3F/TDdnXT41CiDtKH9OMM=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>bGXVzTDOZY4GqQ334p95+C9+s5k1E0fvhlKg1krSplpymBzpQ/1h9GQI7vH0HMW5Q1jIFwBOS5CQGfHwsR8hdfUvnHyht6CxkLU0mSqiSJS/QR4DHJrOJThIxIY+1YpDfGl56+5eta4c59uIqN7DT0575SnZB3BeQW/OhxPJAlbz1DGhL08eiclhoIY7abFwR7403kMeJnYIfbBsvpRXzWFNrNrB9PTdGTRHuP63fsiPQyJTowReC5yy0zvAUd3jC8pfm10+ee6n9pR20gXxxSvWMjsoNSuZ840SdyiG/6KRWX8CGEf5yemK1Rbp1LsImUVBvwL7/VuxUMxPp+BpyvBGN3GZGqQg2twNbwNDAgMzCu8k/Eo98wUtfohXBwnCA1TSPQMsXhgT+oO2Q3+UdVjQ8mWRnsgaDTLGinvFWzSu6AxC1piwq8/YIagR/D8VQVGj+xkh7paU60ngtxS7FhXH+kTNLNCiPArNqz1gWC+6xaDrxqYllVw5Ho/V2ehgc/fV/WEwoh+p3tkPAK2RD8OMePz1EnT6kKG6mwiAM7JVLHeRi5CbtR94Gi1YzXnRnHCeStRlj2DBFP2xUDseD71b9BSg3hk418Dcj+emrnqKO2v6d63DDYjVJy6SJZLM2I8t5Py6tYguao3qAJILs6KoKloursgF+Rv+htUc+fjY6OP/dHkyRi8oGnB4/dcp+MxAvVLRVwPDtTy/DItbjwTSHQRvF27w6FiNNK2tcywfEC+RIMrzGjNy/XOfgAX8G9+qLmXejqTH2WmPdTOhKfApRI0+6P9Ic4vEDJGrmC4Ux9+3YYWQA8ZlS3p6WwMH5moLAA37qCGYa2KL1YX7ISX93uwd04YSbAvHGslhHM2VJWGw12vI5H/jPepLoCnvVNjhDQLz7jyAEVU+Jq0FD6SOGct+3dbSo4c9ZcssodWJalume2CftBuzLlx99RpqZ89YEY7QSGgs0t1dG4A4EOGDIvmXhT5vruMiNa0VlMsLG2PKA0jjtzRwFCe9rM7+V0Nqcuj1rFrD7Xi++cRtUzGZwilaQlZR3OO1IJ/3XYIFiq+kMTr7qjKeF9FS3S8Pj7Kf0zhtEKj+y4eM0bpg7XS/LVD1/c/HWoA86XdEd8JhOQ0Cc7IzG/o34ogHlczhVzv+pvhPhxfxYoLcSWWGjk4LMStmiEiPaCZqX4fxyxv948Vln9hsYz04rxH6eTx/POFYaoQs8BdnHqpBpNVzJiQs92pWxSws/p7pL09DiNzeKBfQMrjgZT1WNW4J+ufpXq+GrlHBcvOM8mG2I9LLrOwDiHElyZCkXoQGQNeBnUCI7ySoNU/LU1T1/Y/b/aY6zHGgxBeIVxRHgjbm25rlHPFeF5bdXlQRK5BiUGeYxg3zNzbQHbHN0+pgDsgqzeOqISPKxXxm0V2TFGgsAMj95/0np6fJ2WGq2Zoy0J1SHjJS13i6QMpG8l5ElSEvfY8Vvdh1LvkEX35tlk/KKfzBVnbqeDEFC84p7waEbmKounSIN697MZymaR39766Zl0LhbudZ+wZhgMInf2fOMpq3AaOAYrBVhYA/BxK4A+aP/g1sLjALTlHNzMEKKLhzsiKwJn28LuWYziSJ5MCfSk5BK+K0Gg/kQhPOA3kvke6Bhlz0DU8A71ig4wm+AnjxeHqkBMFjJw1xZY8R7AbRWW8RcEJFsutdkiTADE7R+fq5bZGJqSLQS0BxAP4DBbFHapeQryjXHDBQMuMhg7qpLM6T3EKpBslsvoAjG7nZLI1TNlbFnQu8LQh0qDM6m/0C4B5jbtZoKm5mKqcUD4tzICNq1fwoIQJNAk8rfIZTDpljLUBB3xAdQVPN/S0J3+o9pSsqC5jNhAuewLau+Prw9LCLfcoCSelnvQZ9XPqKlde9de8+qLKSTr49GQHyuzuOzGwtFxw3DqelE18TAksVaka7VipIL3f+y0kth0O/XARx9DDG5QFtSQB/NVjlcSjPaNY2zrRBdRuNsxQnowMqQ9Js67T0P5cgIQ0IYh7MURT8gCwAv5GJMYKuI5+eK/kbu1EVTdvPqwj9850QThwJ/ZBjSPP7WYHWcEpOx/z1Jz8CZxlGFrw1bEcmKOxQZ12bgOAxuBx79dZb5jk/ALXnpYEG5BjZY+j14dNkrjyXvQndJ29O2tTbK+cbTKkdXxz2780ndfp4mRI43Lh5Iy7kbnezQY1FH9IyzfoyPhOIcHzs7nAIS2xAJojdKzB+RLHJap6WrKhA8TjoNH9ag5B8YC9unBEmj+qdDGK7kshYNL+YWEFJZ3IoHQUpDBe3ihhH8dQ4eYTe3WPWO/7wQ3KtF4QjpAEWalfuCozV4K/3QhJ7mQ/Y92+QwZy0tmp5/ZG4fFOBZOT1tm1Zv1GBYwP1er3M0ZPEWe/hjDZlBBJYLfaEpwtf4dkifPolKBxil90aNS/HCyKdA803V7yXrneEnfBdKWz4CPohmvUKhSUO1CHEynTd0YG5xbuTPTcsk19r6xQIV4g3BZGbiUBDeUJrlZLe2ynoS+FOL55i1q4UdCxmDDHQRaDiil84Hmhj/u2FG10UnCxocNegwVxVe6NLbNOkEgojKbGHzNxxML3nL6cN3wU2yGbkza5h9Yhbx6FR585LWVB7W55YxUs12gXhjxMC48txgSS06p0SBCqxojZ6Oc+CUMiGbxdKOSWONMzKRjw449t6VOmdq0PQBbKYuzR7wPmX2uTNW90dVf+PSRTSUgQgXp8UlII5ETLbz+uF7lcHX43XnwUOZ4ZWRmHvagiU8YDWJW9svyz1JHQGN/314191QUbhO6u1jF4kUZKErJWwB4JDBZl4h0RqqykshKZLvZXB1a3XTY+b1T7RnbHqSivJT+JVi8ejM5H8x0wxFomQCTMVj6PVDb6hLhoFnOr4KGNRxg3sL/QKYQrC8WZNwZ1yqvvuBfsPlRB2h8pJfL5KtkYbLS6DeXJ+3p1iA6CLaOOqFPifzTk+ddl2XBSJA2V0kBlvjaZejbln9tsC/bIQdOnjrNDbYF5JTdTU/5bvqCHagf9ixfvmaCYyOhVkOXPS6UCHPxtvSokUrw83Yprw5+qzIcy8MR0C9jPzeulkp11IBTJEZE4Vi1YFeLi3q2aHKAPYwTpZj9aq6qgCIjgQXMjxt+gTnC3eVSGcYSdIi0IfmNLMUZoHHKS+3oG3u5YKiWF7XHzNTCaNyikzSz4vqHrtwptgLiMrhJwAselNbNQKQBOdOwcYpWwJQrQWvKksj6f0MaRDAeR9S/rr52VoTOhKS1bA4cpaiJO20pH00fpxarEfUaMmOAIwCCCKhcUL8ozpRuz/Nz7A3mNjex+TsCncFec43Uyta8qGZLl1qvKsLvrrFVG2JVCqf/fxBdR5vp3Dh2H0gcE9GY5Pe5wZg5QTBweLlG8qCfcN9AvFJmlgJc/2DUzHHZbLN8ANftquZLNQAKJXf4R1r+GHl7Tjr7VKY8/U5gKu/QY8rDglL+bKPzTknPv1h9SuSdf3tSt1YTmkpDyT8CFAuGMXaOKFh0GUOhndawbMYYMwAZVPc1Ytkk9/8wCcFVR8gRMGxsERxgkryl/qe69Qx2LpsLiK46Q0WTQrXn5E1aAayNWUbb127u4DE6sKhEDpijRnRGNlzSHf77r4nZMS/blp228FtItfwF12ht2tPyjougktc4sdg+K1dJur6GiQhMevjdKBLhyRH2r0fracMLN5K2GvcZGujMvmr+0hZIc1deX10Ow79c1uTJCS1edNcFRezRkF5XOHApdNZhiQHuBUDMKloO5d/zNhUn5BavMjkIpydabt1754cHi+oMIdIRUIAyZxkfMtpLJ2DiElNKxtA4plM9h4aUIJzOvrNrCXa+yjM3JqUh7UiGUH/xbx5/0WlhJjbmenLJLQ2TXtjGr+XpKKR3VsHocBo7wPunqK6y7ScPF+qPqHgjtxk33BptaOtI1jHzmRJ8vYXion6/HhLK440ytnZArt4tAmCt97UaiQsA5TYuqw8tjA8SINpaF4eU/X1wTsOkU2oP4jeM56uShuJDB6CGMHBrVvgYsyo0FB+Th56isj2+6Vo++2gk09X7Cv7ZNuoeDNHEmOTm8XVjzNVKLOObd3E5RsAZnDRz9WNRakGHn/ZidYoeil7/wd/1N3Pn/kfPfZzvF57F+JnY3BVtcWLzKzt94Maz9Xj/lptYbYGgbMuK8Mx4dDRnJN5+n/9a5YVlI3l3n3zmDaxWXCR6uy5V7A0vpWhA4HTux5yHnpBuIY/PY6ZjSVvvpL913vJQDrr+QN/7xD4L5ePUcsuq7bccEx4l6MpFHKejHhin6cWL4IyHsamBRhQFKpquvOPqg8VDIy9XDnhp9fr8p4Fi0zfEUZNRry/FfoLpReEW4kOWuExc3mee1ko0JPMhHC315mxpN4Ed2Y6uG/+sCZs5d7vav9+srRbmlKewqaZ7EIrONQrFV7IMsPqR2RPEdTnrlH96PTK4L1TvycXpkCBMqh1YI0TdTVZZiLAcN1Cl2llE3LKhND5ND+OYBKhVwH79qCCVaPjAhryfbJJj5Y7QIB2QKsH4IpqLmdvDbo4owG/qJlJ79Q4kKB57ki+5fWBhsaYwd7+bwpCZuEaYadj6tZy8KeiMe2dByRTvP11OznvP4wDAF3i1rGPHISgu7Qa/7WZy7wT77u+8YHnt4eGUqXRILbzZ7EE2rUHvwCYxIfd4S/R1oRbUqszsPC2W47bdcCp1IIIv6ulVfOzeztz7sm1naDSUEgC0vPUMc+CdF5U9fVYP8L0JGFojG0Gcj1m768D/Q4m01tkEfekPqMacuw/Bce/UIqyPGXQONAB+76wbyyKFKN2FDMl2sJ+EbYR2rWjwqzOnvyJhyRwO3J0AuyQ1UUM1YMBe69KrswL2B/3BMdOT2yAQdRE6llHhDM6Ow+kUAndFM7jKZ280Onuo0IMwlR+LN5OQF1jfDckmflsJHtuRG+1eCKRXo7jpaZS03WE0bE7o4uie6Q+6bImvkxwNm/KKEFqJuKc0IhiBnBoCDttXk60dWjLLm+l9Wg8rCBj1ztM/tX/s5aJFnIAt5kSYJNg5fcVxUYlOYyR2JmVKF2MCNkkKkfzpR9rS9FcxMxYOn59y/1G29GUMurNTmy22vXuFdFZNhOCE0TecR2s5z6/JcUPwnJAoKMmbwQS624E6USdFkmO/ZCjIC0ra7BeFRpN9aTNttxAk12maFSk321+PzCReZ+Tdu5FJL9SAr0ima+P4SJYI/0nK/QUjGAWXdnHYpDV0KDQ+i9CO77EQpK9WVb8zBWrV4Ln4c+NHguFhwOaxBFlGjIc/4VsSOo1syKErHsYkS51+W/HJYcMgR5RSh30DLMpQ7VtBoWTvPJxWYIGBkuo36DJ/yX17pybr2b6ObNBJyHQjlfcYrXFrWBgXcxxQSRHMur9MoI69LbeXZXc8u8HvLU7e5hpmcYFOz0HGIsGUi1D4srAS+Mpg0EsMBcvTKNiqiNq73YZFy/Ta+Dw4jL0GYd6m/b1kX0xPxz6bJeosxLhwPcmdt4AuJkxbfMKGzNFuqIoIRp0XeCb2wXUxcd08bHUqfMvbUlwyfZEOqNzDIiex0ukD+JFyOXnEgwVD4EkP+GVXAHyQKgnXgzsPCRlczhZ9ft+9am43STNQmQpjsgsZfuc/WiycNB9d7Q3BDZgrKTqCSZNHUNYmW44IFtN0AOyeS8JFYL07bTYgsS7HSvniLVIujjKreb7gf5ugDV/QcDcQ6vZxdBvc2BTOYBl2zfujTDvP0I2Dm0MuCBypZILTh09j0R+NXYHE3cKyxA2BJrO00J7wcR/FQ3WS9A9EPW7FMYmel/ltDKSW/nAms0zguT4GaTFB26qTc4wwDRz8lx10eNLb/E58mqIlkkMpXeRcU249QzPASCfFWtT7xdKvMj5xUGezUNS53Cbm7aZ1oex7LkT6ui3nbWHgZk5NRfhaQcvo5IHe0G2kLL2XTbtSMIj1bMNe+5oWsOBKPCPawjF7uZ1cbjKLanG0xlbD2K7qUl2ZRXBKXyeGxu5rF9aBlVToT4/Bp7tA4HLPH8/5FSNt9CbTk2LFh0bwSaBCIL1a3z8PMRL1SDrJa95pCEfTfMWciDbtFQa7KNInu/P65/NYchn7Wf1ZdrbGq6S0MU0IKs2w0Dcsi3FLkeR7CA37EHVfb5ovjkIg/GbC/8r9hMupJudoLoYSAwnumQXeerLgQOdQQDSjrURBLnbC9SMlwlzbVGQgrpLXJfu/k5VV4JfdFTZkTOKtwjkJoEd2bR4XOnbkMK62aCt/Pma9ctarQHVIhqw7DlOrAtr0cMHJY4jI7k7zfn7MXGZVAyIacOmjInKdgrXG3O0eyW3CaJBWJq3AQnAJyDWNOkKuM1Tt3juxA=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></S:Body></S:Envelope> ----------------------
The unencrypted (after disabling the symmetric binding) looks like: ---------------------- <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";><S:Header><wsse:Security S:mustUnderstand="true"><wsse11:SignatureConfirmation xmlns:ns15="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; xmlns:ns14="http://schemas.xmlsoap.org/soap/envelope/"; wsu:Id="_5002" /></wsse:Security></S:Header><S:Body><wst:RequestSecurityTokenResponse xmlns:wsa="http://www.w3.org/2005/08/addressing"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wst:RequestedSecurityToken><saml2:Assertion xmlns="" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="uuid-28dc31a1-c066-491c-87f2-b49fb76ba3b2" IssueInstant="2014-02-13T12:17:53.870Z" Version="2.0"><saml2:Issuer>urn:com:siemens:dxa:sample:sts:issuer-uri:mycompany</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /><ds:Reference URI="#uuid-28dc31a1-c066-491c-87f2-b49fb76ba3b2"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /><ds:DigestValue>rGFnS5T+UohK63GuVwZG6ADeUto=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue> L5PZKpy4fKhhRMLxiKgaXJzXm57FxdVpV0m4h7dyUjb2SZCpnEHrM+Bm6+TK2w7bVi4m27u8fWgD Ek0Fa5+uJELAMFbRXf01MRCFkn5fp8xlEg7eNLE1YJTnNqXWxKufx56VxlnQWwcEt7M4qsb62DQs UsAtDigF6kB9SaODoms= </ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICHDCCAYWgAwIBAgIDA8ytMA0GCSqGSIb3DQEBBQUAMDoxGzAZBgNVBAMTEk15LUNvbXBhbnkgRGVtbyBDQTEbMBkGA1UEChMSbXktY29tcGFueS5leGFtcGxlMB4XDTE0MDEyOTE2NDcyMloXDTM0MDEyNDE2NDcyMlowPDETMBEGA1UEChMKTXktQ29tcGFueTElMCMGA1UEAxMcbXktc2VydmVyLm15LWNvbXBhbnkuZXhhbXBsZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuODChcwXjX1wCOfy8BuLCcobmfLnqgPETuDutNaO6e3EjbZ43hozJOE7wkUoDNpFlg3QyWG/ipc8qyKFkzVf30kklHn0PpjBYvJpatBvp2OcVcvrZCP1DupVymnl7wRoVvKFacWSmOyPF8jT/XFBIni8BZeXw9LxbHpo/e/xdn0CAwEAAaMuMCwwCwYDVR0PBAQDAgC5MB0GA1UdDgQWBBSPIE01hTCl0/GZY1BqL0vE+3HFXzANBgkqhkiG9w0BAQUFAAOBgQBLfywPK9DpcCr6bSFNeh6Bc0Lit/H4HtURSNRH5SC/bZt1c1A2nAFWwVW3jNmqKlrCoTsf9UAtPOJmFQnq6uTAgvg/qtqm8A5maFtjwrKYkVSkhsmc4ecs7h+TUrrIbLoFbxUwyV1rWFW8qdTI612fFKIFzlRMPm2l7nmhonYsSg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="urn:com:siemens:dxa:sample:sts:issuer-uri:mycompany">[email protected]</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><saml2:SubjectConfirmationData><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2014-02-13T12:17:53.870Z" NotOnOrAfter="2014-02-13T12:22:53.870Z" /><saml2:AuthnStatement AuthnInstant="2014-02-13T12:18:23.791Z" SessionIndex="uuid-28dc31a1-c066-491c-87f2-b49fb76ba3b2"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute FriendlyName="Role assignments" Name="roles" NameFormat="http://www.siemens.com/dxa/80B/identity/claims";><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xs:string">/config/My-Company/Intranet Manager Payroll</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xs:string">/config/My-Company/User</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></wst:RequestedSecurityToken><wst:RequestedAttachedReference><wsse:SecurityTokenReference><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>uuid-28dc31a1-c066-491c-87f2-b49fb76ba3b2</wsse:KeyIdentifier></wsse:SecurityTokenReference></wst:RequestedAttachedReference><wst:RequestedUnattachedReference><wsse:SecurityTokenReference><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>uuid-28dc31a1-c066-491c-87f2-b49fb76ba3b2</wsse:KeyIdentifier></wsse:SecurityTokenReference></wst:RequestedUnattachedReference><wst:Lifetime><wsu:Created>2014-02-13T12:18:24.024Z</wsu:Created><wsu:Expires>2014-03-27T04:18:24.024Z</wsu:Expires></wst:Lifetime><wst:KeySize>256</wst:KeySize></wst:RequestSecurityTokenResponse></S:Body></S:Envelope> ------------------ > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Thursday, February 13, 2014 12:56 PM > To: [email protected] > Subject: Re: Error "A encryption username needs to be declared" when using > Fediz IdP with external WS-Trust STS > > What does the RSTR look like? > > Colm. > > > On Thu, Feb 13, 2014 at 11:52 AM, Hrbacek, Stepan > <[email protected]>wrote: > > > Hi Colm. > > The exception in Fediz IdP log (see attached) is: > > ---------------------------- > > 2014-02-13 12:47:34,302 > > [org.apache.cxf.phase.PhaseInterceptorChain@http-nio-9443-exec-6] WARN > > org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for { > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Federation#{http://d > > ocs.oasis-open.org/ws-sx/ws-trust/200512/}Issuehas thrown exception, > > unwinding now > > org.apache.cxf.binding.soap.SoapFault: An invalid security token was > > provided (Bad TokenType "") > > at > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInI > nterceptor.java:790) > > at > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInI > nterceptor.java:336) > > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleM > > essage(PolicyBasedWSS4JInInterceptor.java:120) > > ------------------------------ > > Kind regards, > > Stepan. > > > > > -----Original Message----- > > > From: Colm O hEigeartaigh [mailto:[email protected]] > > > Sent: Thursday, February 13, 2014 10:50 AM > > > To: [email protected] > > > Subject: Re: Error "A encryption username needs to be declared" when > > using > > > Fediz IdP with external WS-Trust STS > > > > > > I think it makes sense to allow the user to pass through some > > > Properties > > to the > > > STSAuthenticationProvider, I will merge a fix for this. What is the > > error on > > > processing the RSTR? > > > > > > Colm. > > > > > > > > > On Thu, Feb 13, 2014 at 9:46 AM, Hrbacek, Stepan > > > <[email protected]>wrote: > > > > > > > Hi. > > > > I needed to change the > > > > org.apache.cxf.fediz.service.idp.STSAuthenticationProvider class > > > > and hardcode the crypto properties and encryption username > > > > (certificate > > > > alias) there. No other configuration option seems possible with > > > > the current Fediz code. > > > > ------------- > > > > org.apache.cxf.fediz.service.idp.STSAuthenticationProvider > > > > -------------------- > > > > @Override > > > > public Authentication authenticate(Authentication > > > > authentication) throws AuthenticationException { > > > > ... > > > > > > > > sts.getProperties().put(SecurityConstants.USERNAME, > > > > authentication.getName()); > > > > sts.getProperties().put(SecurityConstants.PASSWORD, > > > > (String)authentication.getCredentials()); > > > > > > > > // STS certificate needed for symmetric binding > > > > > > > > sts.getProperties().put(SecurityConstants.ENCRYPT_USERNAME, > > > > "ws-sec-comm.dirxaccess"); // 1 > > > > > > > > sts.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES, > > > > "stsKeystoreA.properties"); // 2 > > > > > > > > ... > > > > } > > > > --------------------------------- > > > > > > > > But then I have found that RSTR response cannot be processed in > > > > Fediz IDP (and subsequently in WS-Federation passive profile SP) > > > > :-( I have thus removed the symmetric binding from the WS-Policy > > > > used by STS and then all the walkthrough run well - my issue is solved. > > > > I don't know if it makes sense to make Fediz configurable in this > > > > area, I don't know WS-Federation use cases that well... > > > > > > > > Regards, > > > > Stepan. > > > > > > > > > > > > > -----Original Message----- > > > > > From: Colm O hEigeartaigh [mailto:[email protected]] > > > > > Sent: Tuesday, February 11, 2014 4:48 PM > > > > > To: [email protected] > > > > > Subject: Re: Error "A encryption username needs to be declared" > > > > > when > > > > using > > > > > Fediz IdP with external WS-Trust STS > > > > > > > > > > Could you create a JIRA + I will look into it? You also need to > > > > > specify > > > > a Crypto > > > > > properties file as well as a username. > > > > > > > > > > Colm. > > > > > > > > > > > > > > > > -- > > > Colm O hEigeartaigh > > > > > > Talend Community Coder > > > http://coders.talend.com > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
