You'll need to do the exact same thing with the SAML Assertion DOM Element - register it with the XML Security Crypto Context, via the WSSecurityUtil or WSDocInfo methods.
Colm. On Mon, Nov 24, 2014 at 5:00 PM, <[email protected]> wrote: > Colm - > > That seems to resolve that issue, thanx! But now I have another issue - > the thing the STR refers to (the SAML assertion) can't be resolved. Here is > the exception that I get: > > Caused by: org.apache.ws.security.WSSecurityException: Signature creation > failed > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:561) > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:481) > at > gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction$WSSecSamlSupportingTokenSignature.build(SupportingSamlTokenSignedAction.java:262) > at > gov.faa.swim.ssri.wss.wss4j.saml.SupportingSamlTokenSignedAction.execute(SupportingSamlTokenSignedAction.java:122) > ... 47 more > Caused by: javax.xml.crypto.dsig.XMLSignatureException: > javax.xml.crypto.dsig.TransformException: > org.apache.ws.security.WSSecurityException: Referenced security token could > not be retrieved (Reference "_1B9799482471B3AA6B1416815340880389") > at > org.apache.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:561) > at > org.apache.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:368) > at > org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:495) > at > org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:378) > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:556) > ... 50 more > Caused by: javax.xml.crypto.dsig.TransformException: > org.apache.ws.security.WSSecurityException: Referenced security token could > not be retrieved (Reference "_1B9799482471B3AA6B1416815340880389") > at > org.apache.ws.security.transform.STRTransform.transformIt(STRTransform.java:274) > at > org.apache.ws.security.transform.STRTransform.transform(STRTransform.java:127) > at > org.apache.jcp.xml.dsig.internal.dom.DOMTransform.transform(DOMTransform.java:166) > at > org.apache.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:473) > ... 54 more > Caused by: org.apache.ws.security.WSSecurityException: Referenced security > token could not be retrieved (Reference > "_1B9799482471B3AA6B1416815340880389") > at > org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:238) > at > org.apache.ws.security.transform.STRTransformUtil.dereferenceSTR(STRTransformUtil.java:97) > at > org.apache.ws.security.transform.STRTransform.transformIt(STRTransform.java:200) > ... 57 more > > The assertion is most definitely part of the security header at this > point, so I am guessing that I need to do something to tell the > SecurityTokenReference the actual element it is referencing? Or maybe I'm > not building the STR correctly? It's getting built like this, in a custom > version of WSSecSecurity.prepare: > > this.assertionSecRef = new SecurityTokenReference(doc); > this.assertionSecRefUri = > getWsConfig().getIdAllocator().createSecureId("STRId-", secRef); > this.assertionSecRef.setID(assertionSecRefUri); > > Element keyId = doc.createElementNS(WSConstants.WSSE_NS, > "wsse:KeyIdentifier"); > keyId.setAttributeNS(null, "ValueType", > WSConstants.WSS_SAML_KI_VALUE_TYPE); > keyId.appendChild(doc.createTextNode(assertion.getId())); > this.assertionSecRef.getElement().appendChild(keyId); > > I'm sorry to be a pest about this, the code I'm migrating has > significantly more hidden complexities than I expected. Thanx again, > > Stephen W. Chappell > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Monday, November 24, 2014 9:17 AM > To: [email protected] > Subject: Re: > org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot > resolve element with ID > > You could put the SecurityTokenReference in the WSDocInfo via the > "addProtectionElement(Element)" method. These tokens are also stored in the > XML Security crypto context. > > Colm. > > On Mon, Nov 24, 2014 at 3:06 PM, <[email protected]> wrote: > > > Thanx, Colm. But the storeElementInContext() method is looking for a > > domCryptoContext, that is created during computeSignature. I'm > > guessing I'll have to override computeSignature to do that? > > > > Stephen W. Chappell > > > > -----Original Message----- > > From: Colm O hEigeartaigh [mailto:[email protected]] > > Sent: Monday, November 24, 2014 5:59 AM > > To: [email protected] > > Subject: Re: > > org.apache.xml.security.utils.resolver.ResourceResolverException: > > Cannot resolve element with ID > > > > You need to tell Santuario how to resolve the SecurityTokenReference > > Element. You can do this by a utility method in WSSecurityUtil, e.g.: > > > > WSSecurityUtil.storeElementInContext(domCryptoContext, strElement); > > > > See here for an example: > > > > > > http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/sr > > c/main/java/org/apache/ws/security/message/WSSecSignature.java?view=ma > > rkup > > > > Colm. > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
