RE: org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID

Stephen.CTR.Chappell Mon, 24 Nov 2014 08:04:01 -0800

Colm -

That seems to resolve that issue, thanx! But now I have another issue - the 
thing the STR refers to (the SAML assertion) can't be resolved. Here is the 
exception that I get:


Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed
        at 
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:561)
        at 
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:481)
        at 
gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction$WSSecSamlSupportingTokenSignature.build(SupportingSamlTokenSignedAction.java:262)
        at 
gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction.execute(SupportingSamlTokenSignedAction.java:122)
        ... 47 more
Caused by: javax.xml.crypto.dsig.XMLSignatureException: 
javax.xml.crypto.dsig.TransformException: 
org.apache.ws.security.WSSecurityException: Referenced security token could not 
be retrieved (Reference "_1B9799482471B3AA6B1416815340880389")
        at 
org.apache.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:561)
        at 
org.apache.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:368)
        at 
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:495)
        at 
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:378)
        at 
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:556)
        ... 50 more
Caused by: javax.xml.crypto.dsig.TransformException: 
org.apache.ws.security.WSSecurityException: Referenced security token could not 
be retrieved (Reference "_1B9799482471B3AA6B1416815340880389")
        at 
org.apache.ws.security.transform.STRTransform.transformIt(STRTransform.java:274)
        at 
org.apache.ws.security.transform.STRTransform.transform(STRTransform.java:127)
        at 
org.apache.jcp.xml.dsig.internal.dom.DOMTransform.transform(DOMTransform.java:166)
        at 
org.apache.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:473)
        ... 54 more
Caused by: org.apache.ws.security.WSSecurityException: Referenced security 
token could not be retrieved (Reference "_1B9799482471B3AA6B1416815340880389")
        at 
org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:238)
        at 
org.apache.ws.security.transform.STRTransformUtil.dereferenceSTR(STRTransformUtil.java:97)
        at 
org.apache.ws.security.transform.STRTransform.transformIt(STRTransform.java:200)
        ... 57 more

The assertion is most definitely part of the security header at this point, so 
I am guessing that I need to do something to tell the SecurityTokenReference 
the actual element it is referencing? Or maybe I'm not building the STR 
correctly? It's getting built like this, in a custom version of 
WSSecSecurity.prepare:

            this.assertionSecRef = new SecurityTokenReference(doc);
            this.assertionSecRefUri = 
getWsConfig().getIdAllocator().createSecureId("STRId-", secRef);
            this.assertionSecRef.setID(assertionSecRefUri);

            Element keyId = doc.createElementNS(WSConstants.WSSE_NS, 
"wsse:KeyIdentifier");
            keyId.setAttributeNS(null, "ValueType", 
WSConstants.WSS_SAML_KI_VALUE_TYPE);
            keyId.appendChild(doc.createTextNode(assertion.getId()));
            this.assertionSecRef.getElement().appendChild(keyId);

I'm sorry to be a pest about this, the code I'm migrating has significantly 
more hidden complexities than I expected. Thanx again,

Stephen W. Chappell

-----Original Message-----
From: Colm O hEigeartaigh [mailto:[email protected]] 
Sent: Monday, November 24, 2014 9:17 AM
To: [email protected]
Subject: Re: org.apache.xml.security.utils.resolver.ResourceResolverException: 
Cannot resolve element with ID

You could put the SecurityTokenReference in the WSDocInfo via the 
"addProtectionElement(Element)" method. These tokens are also stored in the XML 
Security crypto context.

Colm.

On Mon, Nov 24, 2014 at 3:06 PM, <[email protected]> wrote:

> Thanx, Colm. But the storeElementInContext() method is looking for a 
> domCryptoContext, that is created during computeSignature. I'm 
> guessing I'll have to override computeSignature to do that?
>
> Stephen W. Chappell
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:[email protected]]
> Sent: Monday, November 24, 2014 5:59 AM
> To: [email protected]
> Subject: Re:
> org.apache.xml.security.utils.resolver.ResourceResolverException: 
> Cannot resolve element with ID
>
> You need to tell Santuario how to resolve the SecurityTokenReference 
> Element. You can do this by a utility method in WSSecurityUtil, e.g.:
>
> WSSecurityUtil.storeElementInContext(domCryptoContext, strElement);
>
> See here for an example:
>
>
> http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/sr
> c/main/java/org/apache/ws/security/message/WSSecSignature.java?view=ma
> rkup
>
> Colm.
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

RE: org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID

Reply via email to