You need to tell Santuario how to resolve the SecurityTokenReference Element. You can do this by a utility method in WSSecurityUtil, e.g.:
WSSecurityUtil.storeElementInContext(domCryptoContext, strElement); See here for an example: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java?view=markup Colm. On Fri, Nov 21, 2014 at 9:25 PM, <[email protected]> wrote: > It turns out that I haven't completely resolved my issues from earlier, > but I think I'm in the home stretch (hopefully). In the code I'm migrating > (from CXF 2.3 to CXF 2.7), the original authors created a WSSecSignature > descendant that does some security header customization, including > inserting a Security Token Reference and inserting a SAML Assertion. This > part seems to work fine, until I try to sign the assertion. Then I get this: > > Caused by: org.apache.ws.security.WSSecurityException: Error during > Signature: > at > gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction.execute(SupportingSamlTokenSignedAction.java:126) > at > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265) > ... 44 more > Caused by: org.apache.ws.security.WSSecurityException: Signature creation > failed > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:561) > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:481) > at > gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction$WSSecSamlSupportingTokenSignature.build(SupportingSamlTokenSignedAction.java:250) > at > gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction.execute(SupportingSamlTokenSignedAction.java:122) > ... 47 more > Caused by: javax.xml.crypto.dsig.XMLSignatureException: > javax.xml.crypto.URIReferenceException: > org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot > resolve element with ID STRId-5676DF1E739178AEC41416571963291192 > at > org.apache.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:436) > at > org.apache.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:364) > at > org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:495) > at > org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:378) > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:556) > ... 50 more > Caused by: javax.xml.crypto.URIReferenceException: > org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot > resolve element with ID STRId-5676DF1E739178AEC41416571963291192 > at > org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:118) > at > org.apache.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:430) > ... 54 more > Caused by: > org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot > resolve element with ID STRId-5676DF1E739178AEC41416571963291192 > at > org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:85) > at > org.apache.xml.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:298) > at > org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:111) > > The security header has the element with the specified ID, > > <wsse:SecurityTokenReference > wsu:Id="STRId-5676DF1E739178AEC41416571963291192"> > <wsse:KeyIdentifier ValueType=" > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID > ">_5676DF1E739178AEC41416571963191191</wsse:KeyIdentifier> > </wsse:SecurityTokenReference> > > So I'm not sure what the issue is. I've come across some references to > using IdResolver, but that didn't seem to help, and is supposed to be > deprecated besides. Does anyone have any suggestions for resolving this > issue? > > Thanx, > > Stephen W. Chappell > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
