ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gene B. (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be validated
Date Thu, 21 Aug 2014 18:51:11 GMT

    [ https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14105765#comment-14105765
] 

Gene B. commented on WSS-508:
-----------------------------

Martin, thanks for your reply. I am afraid we are moving in a wrong direction though. There
is no SAML here, I am trying to sign and verify the body of a message using WSS4j lib - action
approach. So I am simulating the consumer - and implementing the provider. The thing works,
generally, except for not in the default (BSP compliant) mode, when the InclusiveNamespaces
PrefixList is included. 

Also, never mind OSGi - I was citing issues deploying CXF on WebSphere - explaining that we're
NOT using CXF. Its WebSphere 7.x out-of-the-box, default SOAP stack (it also includes Axis,
which we are not using either).

The parser is some Xerces version packaged with WebSphere - its not possible to tell the version
- its whatever they include with the WAS 7.x distribution.

> When using "add inclusive prefixes" and EXC C14N - signature cannot be validated
> --------------------------------------------------------------------------------
>
>                 Key: WSS-508
>                 URL: https://issues.apache.org/jira/browse/WSS-508
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.0.0, 2.0.1
>         Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
>            Reporter: Gene B.
>            Assignee: Colm O hEigeartaigh
>         Attachments: log 01 - signature verification failed with InclusiveNamespaces
PrefixList.txt, log 02 - signature verification ok - signed by SOAP UI.txt, request1-printedby-provider-signedby-soapui.xml,
request1-printedby-provider-signedby-wss4j.xml
>
>
> Security implemented using WSS4J securement/validation action approach. We are trying
to sign the body.
> The provider is a JAX-WS service running on WebSphere JAX-WS stack. Custom handler uses
WSS4j to validate security. 
> The consumer is a WebSphere JAX-WS dispatch client – also attaching custom security
handler.
> Signature can be validated on the provider side when EXC C14N canonicalization is specified
with BST compliance flag relaxed. That is because when we chose to add “InclusiveNamespaces”
“PrefixList” on the consumer side, verification fails. When the same test is done with
the SOAP UI – signature verifies Ok – so I am blaming the consumer – the signing process
- not verification process.
> I am attaching a log file which shows verification failure when the InclusiveNamespaces
option is used. If not for this option – this verification would’ve been a success.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message