As mentioned in previous email I have a service configured with a signed
SAML assertion, with sender vouches.
What I'm trying to do now is get another SAML Assertion into the header and
have it signed by the same certificate.
In the interceptor I have created the SAML and insert it into the header
with security element, it looks like this.
<soap:Header>
<wsse:Security>
<Assertion> My assertion here </Assertion>
</wsse:Security>
</soap:Header>
I send this as the doc to WSHandler.doSenderAction() which ends up calling
SAMLTokenSignedAction.execute() , I know this creates another SAML Assertion
and thats fine. So I thought I would end up with 2 signed SAML assertions
but this is not the case. It seems that WSSecSignatureSAML.build() ignores
my Assertion.
so I don't want to construct the entire header since most of it is done
already. The reason for the additional assertion is to send attributes. Has
anyone done anything like this? any ideas on how to get this done.
And thanks for all your help.
On Wed, Aug 12, 2009 at 6:13 AM, Colm O hEigeartaigh
<cohei...@progress.com>wrote:
> I’d say this use-case is probably too complicated to be handled by the
> WSHandler implementations. You’re probably better off using the WSS4J API’s
> directly to construct the security header.
>
>
>
> > Is it possible to have an additional element signed? does WSS4J support
> this?
>
> Yes. Just add the QName to WSHandlerConstants.SIGNATURE_PARTS. I’m not
> sure if this will work for an element in another security header though,
> I’ve never tried it.
>
>
>
> Colm.
>
>
> ------------------------------
>
> *From:* R1ch [mailto:rich.ku...@gmail.com]
> *Sent:* 11 August 2009 21:04
> *To:* wss4j-dev@ws.apache.org
> *Subject:* Adding Elements to WS-Security Header
>
>
>
> CXF 2.2 and WSS4J 1.5.8
>
> Hello all,
> I have a working webservice configured with WSS4JOutInterceptor to insert a
> signed SAML token.
> Now I'm trying to insert a custom Element before the signature occurs so
> that my Element is also signed.
>
> I managed to insert the Element in a CXF intercpetor before the
> WSS4JOutInterceptor. However my
> Element appears after the <wsse:Security> element in the <soap:Header>. I
> sent a similar email to the CXF
> mailing list and they suggested a different method where I wrap my element
> in a <wsse:Security>, I tried that
> and now I have 2 <wsse:Security> elements in the <soap:Header>.
>
> Is it possible to have an additional element signed? does WSS4J support
> this?
>
> Also doesn't the spec say that there should only be one <wsse:Security>
> element per recipient? is that verification
> the responsibility of CXF or WSS4J?
>
> thanks
>
