Well, another thing that you have is wsse:SecurityTokenReference
extension for the certificate. It is not supported by xmlsec
directly.
Aleksey
On 6/11/19 4:51 AM, Davor Perkovac wrote:
I tried many different combinations similar to the one you suggested,
but neither worked.
Could it be because Id attribute in <soapenv:Body> has a namespace prefix?
wsu:Id="..."
Is this causing problems?
Davor.
On 10.06.2019 22:51, Davor Perkovac wrote:
This requires more parameters to xmlsec1
I'm using version 1.2.20 for win32:
xmlsec1.exe --version
xmlsec1 1.2.20 (openssl)
and it results in:
xmlsec1.exe --verify
--id-attr:Id:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Example_SOAP_PKI_Echo_1_sent.xml
Error: <file> parameter is required for this command
Usage: xmlsec <command> [<options>] [<files>]
I've pasted again this full/unchanged xml file, so it should be possible
for you to try to verify it as well:
https://pastebin.com/u7SqZTLB
Davor.
On 10.06.2019 19:22, Aleksey Sanin wrote:
Try something like this:
--id-attr:Id:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Aleksey
On 6/10/19 9:13 AM, Davor Perkovac wrote:
Hi,
I assume it should be possible possible to verify and sign SOAP message
using WS-Security standard with xmlsec1 command line tool.
I see there was already discussion about this or something similar -
referring to Section 3.2 from the FAQ and I was reading it but somehow
failed to apply it to my actual example.
From what I can see the problem is with setting the correct --id-attr
parameter.
Can someone please advise on how to verify (and then later also sign)
wss SOAP XML which looks like the example here:
https://pastebin.com/5Q3mUtNJ
Thanks!
Davor.
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
