hi Colm,
Please let me know how to change logging level. I couldn't find any
logging.xml for wss4j.
Thanks
Nitin
Colm O hEigeartaigh (JIRA) wrote:
[ https://issues.apache.org/jira/browse/WSS-178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12703602#action_12703602 ]
Colm O hEigeartaigh commented on WSS-178:
-----------------------------------------
Hi Nitin,
Can you run this again with log4j logging level set to DEBUG and post the debug
logs?
Colm.
signature verification failure of signed saml token due to The Reference for
URI (bst-saml-uri) has no XMLSignatureInput
------------------------------------------------------------------------------------------------------------------------
Key: WSS-178
URL: https://issues.apache.org/jira/browse/WSS-178
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.6
Environment: Windows XP + tomcat 6x + axis 1.4 + wss4j 1.5.6
Reporter: Nitin Handa
Assignee: Ruchith Udayanga Fernando
Priority: Blocker
While doing interop testing with owsm, I am hitting a wss4j bug which is
hindering me in completing testing.
OWSM is sending saml token signed with signed & encrypted body. SAML token is
referred from BST using KeyIdentifier, saml token in signed.
At wss4j end, signature verification is failing as wss4j WsDoAllReceiver is not
able to find out reference of saml token.
<?xml version = '1.0' encoding = 'UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server.generalException</faultcode>
<faultstring>WSDoAllReceiver: security processing failed; nested
exception is:
org.apache.ws.security.WSSecurityException: The signature or decryption
was invalid; nested exception is:
org.apache.xml.security.signature.XMLSignatureException: The Reference
for URI #STR-SAML-t5dWJC9BpFXwp4OjA86KMw22 has no XMLSignatureInput
Original Exception was
org.apache.xml.security.signature.MissingResourceFailureException: The
Reference for URI #STR-SAML-t5dWJC9BpFXwp4OjA86KMw22 has no XMLSignatureInput
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: No message with
ID "WS Security Exception" found in resource bundle
"org/apache/xml/security/resource/xmlsecurity". Original Exception was a
org.apache.ws.security.WSSecurityException and message An error was discovered processing the
<wsse:Security> header (Reference URI is null)
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: No message with
ID "WS Security Exception" found in resource bundle
"org/apache/xml/security/resource/xmlsecurity". Original Exception was a
org.apache.ws.security.WSSecurityException and message An error was discovered processing the
<wsse:Security> header (Reference URI is null)
Original Exception was org.apache.xml.security.signature.XMLSignatureException: No message with ID
"WS Security Exception" found in resource bundle
"org/apache/xml/security/resource/xmlsecurity". Original Exception was a
org.apache.ws.security.WSSecurityException and message An error was discovered processing the
<wsse:Security> header (Reference URI is null)
Original Exception was org.apache.xml.security.transforms.TransformationException: No message with ID
"WS Security Exception" found in resource bundle
"org/apache/xml/security/resource/xmlsecurity". Original Exception was a
org.apache.ws.security.WSSecurityException and message An error was discovered processing the
<wsse:Security> header (Reference URI is null)
Original Exception was org.apache.xml.security.c14n.CanonicalizationException: No message with ID "WS
Security Exception" found in resource bundle
"org/apache/xml/security/resource/xmlsecurity". Original Exception was a
org.apache.ws.security.WSSecurityException and message An error was discovered processing the
<wsse:Security> header (Reference URI is null)
Original Exception was org.apache.ws.security.WSSecurityException: An error was discovered
processing the <wsse:Security> header (Reference URI is null)</faultstring>
<detail>
<ns1:hostname
xmlns:ns1="http://xml.apache.org/axis/";>nihanda-pc</ns1:hostname>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
SOAP Message that is received by wss4j is (i.e. sent from owsm):-
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:ns0="http://stock.samples"; xmlns:ns1="http://127.0.0.1:8080/axis/services/urn:xmltoday-delayed-quotes";><env:Header><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; env:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; wsu:Id="BST-Upx5ivaWcOwLOBmjTbOkDg22"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>MIICXTCCAcagAwIBAgIESfBXtTANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxMOUmVkd29vZCBTaG9yZXMxEzARBgNVBAoTCk9yYWNsZSBJbmMxDjAMBgNVBAsTBVNvYVFhMREwDwYDVQQDEwh3ZWJsb2dpYzAeFw0wOTA0MjMxMTU3NDFaFw0wOTA3MjIxMTU3NDFaMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQHEw5SZWR3b29kIFNob3JlczETMBEGA1UEChMKT3JhY2xlIEluYzEOMAwGA1UECxMFU29hUWExETAPBgNVBAMTCHdlYmxvZ2ljMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKYApBX9X5rkfJhbYrRKfoXZn0ndi8B+DPY598yaoHAuQweEWNbFJ+hkoUgx9loTrvyNdoczPOu+ktjmzI4wR7LUGDUO1iKVZom9Cpzl+NT3CIGL4I2GU31fxuQkrfx6Qba8dLNtOVGqk1fBSDPV9Y1rMbfGljwe/TGA1lVh+HiQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAEdRfHCehtVMMF/LdA8rJMm9lnofA8Z4sRamdxnRjVzIz4owWKBvslAHlR6FG3/3Ue+iuoQALSNHaeRrPOb/plWyU+yNZZjJ3q9qrPqrQSmBZjomwRsjZskOjnm+9eelfpxqm5+/8im3Pgzb3insPQq+N6BcQP9uiPv3fL/BDuIL</wsse:BinarySecurityToken><xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod><dsig:KeyInfo
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; URI="#BST-Upx5ivaWcOwLOBmjTbOkDg22"/></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue xmlns:xmime="http://www.w3.org/2005/05/xmlmime";
xmime:contentType="application/octet-stream">XTrrhXY7BdieWf1Q72nGVx7DkuTjf0sSW9ls76snQTBHS19i7dAh3d3IRM5APCGnuVy7FgiqUIiG
Zjcfgf+yBC0pRpFOTAJicqYiSjviHIICWSJhNTaJNmUNeMfpiM+q2T0uOoFNh5GmI3/Z0pbdt9oy
s4I7cYhqHHdBVNo8e9I=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#_10E1CqVVROnD2w8SWvT5ew22"/></xenc:ReferenceList></xenc:EncryptedKey><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#Timestamp-O11YJRXoOgF1kGei120b6w22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BKxsCSZfUq1RWr6Y9PU8Rr/Vs/g=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#STR-SAML-t5dWJC9BpFXwp4OjA86KMw22"><dsig:Transforms><dsig:Transform
Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";><wsse:TransformationParameters xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></wsse:TransformationParameters></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>faishbjLkuXbNz9Jx9Nxo8Monk4=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Body-LnMti7MrAJ3hLRqqWoN0Mg22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>/X73mkutNvEF10D8lIDutYGoisA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>YKNB+6O3FJjWCj2fqDkvfVJXlJkRo0XcoMO5PHqyoCdKCs81cmKXlcUcg8cn+rwwMg29ysfkPg+Wgv2d3CwyA7Fhd+6kC1099ZqEtB/ptnIR/RxoZL+2RXVholPz+Z7niGQM38YZlmdsoqgEyzbDH0u71GWYL6HFUfRAAcZRfb4=</dsig:SignatureValue><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; Id="KeyInfo-vJF2TIW0vRU50vjXKuQuuw22"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; URI="#BST-aiNal7jotn6Hmf9xN2JQhA22"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; wsu:Id="STR-SAML-t5dWJC9BpFXwp4OjA86KMw22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsse:KeyIdentifier xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>SAML-Q1uTD1fnXqIpGqOFv7BMXQ22</wsse:KeyIdentifier></wsse:SecurityTokenReference><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-O11YJRXoOgF1kGei120b6w22"><wsu:Created ValueType="http://www.w3.org/2001/XMLSchema/dateTime";>2009-04-26T16:37:19Z</wsu:Created><wsu:Expires ValueType="http://www.w3.org/2001/XMLSchema/dateTime";>2009-04-26T16:42:19Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; wsu:Id="BST-aiNal7jotn6Hmf9xN2JQhA22"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>MIICXTCCAcagAwIBAgIESfBXtTANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxMOUmVkd29vZCBTaG9yZXMxEzARBgNVBAoTCk9yYWNsZSBJbmMxDjAMBgNVBAsTBVNvYVFhMREwDwYDVQQDEwh3ZWJsb2dpYzAeFw0wOTA0MjMxMTU3NDFaFw0wOTA3MjIxMTU3NDFaMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQHEw5SZWR3b29kIFNob3JlczETMBEGA1UEChMKT3JhY2xlIEluYzEOMAwGA1UECxMFU29hUWExETAPBgNVBAMTCHdlYmxvZ2ljMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKYApBX9X5rkfJhbYrRKfoXZn0ndi8B+DPY598yaoHAuQweEWNbFJ+hkoUgx9loTrvyNdoczPOu+ktjmzI4wR7LUGDUO1iKVZom9Cpzl+NT3CIGL4I2GU31fxuQkrfx6Qba8dLNtOVGqk1fBSDPV9Y1rMbfGljwe/TGA1lVh+HiQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAEdRfHCehtVMMF/LdA8rJMm9lnofA8Z4sRamdxnRjVzIz4owWKBvslAHlR6FG3/3Ue+iuoQALSNHaeRrPOb/plWyU+yNZZjJ3q9qrPqrQSmBZjomwRsjZskOjnm+9eelfpxqm5+/8im3Pgzb3insPQq+N6BcQP9uiPv3fL/BDuIL</wsse:BinarySecurityToken><saml:Assertion MajorVersion="1" MinorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="SAML-Q1uTD1fnXqIpGqOFv7BMXQ22"
IssueInstant="2009-04-26T16:37:19Z" Issuer="www.oracle.com"><saml:Conditions NotBefore="2009-04-26T16:37:19Z" NotOnOrAfter="2009-04-26T16:42:19Z"/><saml:AuthenticationStatement AuthenticationInstant="2009-04-26T16:37:19Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><saml:Subject><saml:NameIdentifier Format="UNSPECIFIED">wss4j</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement></saml:Assertion></wsse:Security></env:Header><env:Body wsu:Id="Body-LnMti7MrAJ3hLRqqWoN0Mg22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content"; Id="_10E1CqVVROnD2w8SWvT5ew22"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><xenc:CipherData><xenc:CipherValue xmlns:xmime="http://www.w3.org/2005/05/xmlmime"; xmime:contentType="application/octet-stream">19sJqHGIJkmZDXTwkBs0uZLQQghPZwQBp/zGnGsveJfoZTtgSX0rdw0MbCOO4eaWnAQkM6p3SSEi
ugtmvtLqPA5Q3rGWOEifij+WBnZ0tmTeunN6aEUJ7EdplJHv65URyBcfjGPHFLaWt5bRaJefeccf
2sX45d7pZSKzAjC8+Or3o8QpH1sWpc0XPdM18KIwHNigsZhbnTqiftTsPjuDz+GiRVtB1+niMAz5
SkK86dtki1ThwnWEbMZBmlVC7fJrTT+knjH7FfdLBG5I7K/Wd9R2Tc5IngJ0Ru2GXD/a8kz4m2j8
y/5RemSNl1uXch+8LAZCzx8aF4JuJbp2rSK9/0aQMer0kPF1cCju1GSBmiV6aV1rSwUK1GA2uSa/
5wp3vWZXvEb58jHr+ib/bfSbFxpzQMAKzKF44eJfG6NPnfQ0znBAa7gl7dfNzoE7OqzcL/kuIQH7
rAHALuVZ17/Up5roTjpVA7YE8CBK2DSD4c0sbfkM3MGzCFx+NCK//nuyPVaQEgcNq/W5WpjUFg+B
C9Gvc5NDchMG2BADKMoS5N8MRRdkGkk6KbH1e+rirT8HQsqFvPwyHDOHNfBdCiaLJsMb1lkFxcFa
3f/C35RcxWK6QtwH7LLtmNMJS8Ryf/ijBcFnx/ous+jGKVx7IriNrCuz/pS4XS1RCaDCGHcH6v4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
