Hi,
I'm using WSS4j 1.6.18. I'm able to generate the SAML 2.0 HOK assertion (AssertionWrapper class) using SAML2CallbackHandler and sign the SOAP document w/o problem. However, I've been failing to use an existing SAML 2.0 HOK assertion to sign. Here's the details: I first captured the generated SAML 2.0 HOK assertion string, constructed an OpenSAML SAML 2.0 assertion from it and then created the AssertionWrapper from the OpenSAML assertion. Using so constructed AssertionWrapper, I failed the signing of the SOAP document. Then I obtained the AssertionWrapper directly from the successful verification result and used it directly to repeat the SOAP signing and I succeeded. Thirdly, I obtained the AssertionWrapper directly from the successful verification result, obtained the OpenSAML 2.0 assertion from getSaml2() getter. constructed a new AssertionWrapper from the OpenSAML 2.0 assertion and used it to sign the SOAP doc. I failed again. Both failure gave me the same exception: org.apache.xml.security.signature.XMLSignatureException: Sorry, you supplied the wrong key type for this operation! You supplied a null but a java.security.PrivateKey is needed. at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:150) at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:166) at org.apache.xml.security.algorithms.SignatureAlgorithm.initSign(SignatureAlgorithm.java:239) at org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:606) at org.opensaml.xml.signature.Signer.signObject(Signer.java:76) at org.apache.ws.security.saml.ext.OpenSAMLUtil.signObject(OpenSAMLUtil.java:234) at org.apache.ws.security.saml.ext.OpenSAMLUtil.signXMLObject(OpenSAMLUtil.java:211) at org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:164) at org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:115) at org.apache.ws.security.saml.ext.AssertionWrapper.toDOM(AssertionWrapper.java:314) at org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:209) at org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:117) at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:285) at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:210) at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:206) at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessageWithAssertion(Ts3Wss4jOutHandler.java:200) at mil.army.security.ts3.Ts3Wss4j.TestHandlers.main(TestHandlers.java:36) Do I have a misconception trying to construct an AssertionWrapper from an OpenSAML 2.0 Assertion? Why does it always fail when I use an AssertionWrapper constructed this way? Thanks, Gang
