Unfortunatelly i m out of the office at the moment so I cannot provide a test case. Do you mean I still need the SignedElements part? Because I have removed it and the token is signed when using what i mentioned. Either way I believe I have tried both username and UsernameToken in the SignedElements part without success. But I would have to check again when I am back at the office on Monday
On Friday, April 3, 2015, Colm O hEigeartaigh <[email protected]> wrote: > > I tried this before and the Username was still not signed. Only when I >> used SignedEncryptedSupportingTokens the username is getting signed (and >> not encrypted by the way, which is what I want at the moment). Probably I >> am doing something wrong but this works for me now. >> > > Any chance of a test-case? Both scenarios should work fine. By the way, > the UsernameToken should be signed/encrypted, not just the "Username" part > of it. What version of CXF are you using? > > Colm. > > >> Thanks for the feedback! >> >> Alex >> >> On Fri, Apr 3, 2015 at 4:33 PM, Colm O hEigeartaigh <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >> >>> Simply change "SupportingTokens" to "SignedSupportingTokens". >>> >>> Colm. >>> >>> On Thu, Apr 2, 2015 at 12:49 PM, Alx <[email protected] >>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >>> >>> > I have a requirement from my client for the signature to contain the >>> > UsernameToken element. According to the rest of his requirements the >>> > security policy I am using is the following: >>> > >>> > <wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy"> >>> > <wsp:ExactlyOne> >>> > <wsp:All> >>> > <wsaws:UsingAddressing xmlns:wsaws=" >>> > http://www.w3.org/2006/05/addressing/wsdl"; /> >>> > <sp:SupportingTokens >>> > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> >>> > <wsp:Policy> >>> > <sp:UsernameToken >>> > sp:IncludeToken=" >>> > >>> > >>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >>> > "> >>> > <wsp:Policy> >>> > <sp:NoPassword /> >>> > </wsp:Policy> >>> > </sp:UsernameToken> >>> > </wsp:Policy> >>> > </sp:SupportingTokens> >>> > <sp:AsymmetricBinding >>> > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> >>> > <wsp:Policy> >>> > <sp:InitiatorToken> >>> > <wsp:Policy> >>> > <sp:UsernameToken >>> > sp:IncludeToken=" >>> > >>> > >>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >>> > "> >>> > <wsp:Policy> >>> > <sp:NoPassword /> >>> > </wsp:Policy> >>> > </sp:UsernameToken> >>> > </wsp:Policy> >>> > </sp:InitiatorToken> >>> > <sp:RecipientSignatureToken> >>> > <wsp:Policy> >>> > <sp:X509Token >>> > sp:IncludeToken=" >>> > >>> > >>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >>> > "> >>> > <wsp:Policy> >>> > <sp:WssX509V3Token10 /> >>> > </wsp:Policy> >>> > </sp:X509Token> >>> > </wsp:Policy> >>> > </sp:RecipientSignatureToken> >>> > <sp:AlgorithmSuite> >>> > <wsp:Policy> >>> > <sp:Basic256Sha256 /> >>> > </wsp:Policy> >>> > </sp:AlgorithmSuite> >>> > <sp:Layout> >>> > <wsp:Policy> >>> > <sp:Lax /> >>> > </wsp:Policy> >>> > </sp:Layout> >>> > <sp:IncludeTimestamp /> >>> > </wsp:Policy> >>> > </sp:AsymmetricBinding> >>> > <sp:SignedParts> >>> > <sp:Body /> >>> > <sp:Header Namespace="http://www.w3.org/2005/08/addressing"; /> >>> > </sp:SignedParts> >>> > >>> > </wsp:All> >>> > </wsp:ExactlyOne> >>> > </wsp:Policy> >>> > >>> > >>> > The above works correctly for me. the only thing that I could not sign >>> is >>> > the UserbameToken I tried using: >>> > >>> > <sp:SignedElements> >>> > >>> > <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; >>> > xmlns:wsse=" >>> > >>> > >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>> > " >>> > xmlns:wsu=" >>> > >>> > >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>> > "> >>> > >>> /soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Username >>> > </sp:XPath> >>> > >>> > </sp:SignedElements> >>> > >>> > which did not seem to work. >>> > >>> > Trying to debug I see that the SignedElementsBuilder class is accessed >>> but >>> > I am not sure where to debug next, where should the signing occurs. >>> > >>> > Any help will be appreciated. >>> > >>> > Alex >>> > >>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
