Hi Colm, I tried this before and the Username was still not signed. Only when I used SignedEncryptedSupportingTokens the username is getting signed (and not encrypted by the way, which is what I want at the moment). Probably I am doing something wrong but this works for me now.
Thanks for the feedback! Alex On Fri, Apr 3, 2015 at 4:33 PM, Colm O hEigeartaigh <[email protected]> wrote: > Simply change "SupportingTokens" to "SignedSupportingTokens". > > Colm. > > On Thu, Apr 2, 2015 at 12:49 PM, Alx <[email protected]> wrote: > > > I have a requirement from my client for the signature to contain the > > UsernameToken element. According to the rest of his requirements the > > security policy I am using is the following: > > > > <wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <wsaws:UsingAddressing xmlns:wsaws=" > > http://www.w3.org/2006/05/addressing/wsdl"; /> > > <sp:SupportingTokens > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <wsp:Policy> > > <sp:UsernameToken > > sp:IncludeToken=" > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > > "> > > <wsp:Policy> > > <sp:NoPassword /> > > </wsp:Policy> > > </sp:UsernameToken> > > </wsp:Policy> > > </sp:SupportingTokens> > > <sp:AsymmetricBinding > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <wsp:Policy> > > <sp:InitiatorToken> > > <wsp:Policy> > > <sp:UsernameToken > > sp:IncludeToken=" > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > > "> > > <wsp:Policy> > > <sp:NoPassword /> > > </wsp:Policy> > > </sp:UsernameToken> > > </wsp:Policy> > > </sp:InitiatorToken> > > <sp:RecipientSignatureToken> > > <wsp:Policy> > > <sp:X509Token > > sp:IncludeToken=" > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > > "> > > <wsp:Policy> > > <sp:WssX509V3Token10 /> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:RecipientSignatureToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic256Sha256 /> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Lax /> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp /> > > </wsp:Policy> > > </sp:AsymmetricBinding> > > <sp:SignedParts> > > <sp:Body /> > > <sp:Header Namespace="http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > > > The above works correctly for me. the only thing that I could not sign is > > the UserbameToken I tried using: > > > > <sp:SignedElements> > > > > <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsse=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " > > xmlns:wsu=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > "> > > /soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Username > > </sp:XPath> > > > > </sp:SignedElements> > > > > which did not seem to work. > > > > Trying to debug I see that the SignedElementsBuilder class is accessed > but > > I am not sure where to debug next, where should the signing occurs. > > > > Any help will be appreciated. > > > > Alex > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
