ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yang, Gang CTR USARMY (US)" <gang.yang....@mail.mil>
Subject Problem signing SOAP doc with existing SAML assertion
Date Thu, 30 Apr 2015 21:52:18 GMT
Hi,



I'm using WSS4j 1.6.18. I'm able to generate the SAML 2.0 HOK assertion (AssertionWrapper
class) using SAML2CallbackHandler and sign the SOAP document w/o problem. However, I've been
failing to use an existing SAML 2.0 HOK assertion to sign. Here's the details:



I first captured the generated SAML 2.0 HOK assertion string,  constructed an OpenSAML SAML
2.0 assertion from it and then created the AssertionWrapper from the OpenSAML assertion. Using
so constructed AssertionWrapper, I failed the signing of the SOAP document.



Then I obtained the AssertionWrapper directly from the successful verification result and
used it directly to repeat the SOAP signing and I succeeded.



Thirdly, I  obtained the AssertionWrapper directly from the successful verification result,
 obtained the OpenSAML 2.0 assertion from getSaml2() getter. constructed a new AssertionWrapper
from the OpenSAML 2.0 assertion and used it to sign the SOAP doc. I failed again.



Both failure gave me the same exception:



org.apache.xml.security.signature.XMLSignatureException: Sorry, you supplied the wrong key
type for this operation! You supplied a null but a java.security.PrivateKey is needed.
 at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:150)
 at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:166)
 at org.apache.xml.security.algorithms.SignatureAlgorithm.initSign(SignatureAlgorithm.java:239)
 at org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:606)
 at org.opensaml.xml.signature.Signer.signObject(Signer.java:76)
 at org.apache.ws.security.saml.ext.OpenSAMLUtil.signObject(OpenSAMLUtil.java:234)
 at org.apache.ws.security.saml.ext.OpenSAMLUtil.signXMLObject(OpenSAMLUtil.java:211)
 at org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:164)
 at org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:115)
 at org.apache.ws.security.saml.ext.AssertionWrapper.toDOM(AssertionWrapper.java:314)
 at org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:209)
 at org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:117)
 at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:285)
 at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:210)
 at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:206)
 at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessageWithAssertion(Ts3Wss4jOutHandler.java:200)
 at mil.army.security.ts3.Ts3Wss4j.TestHandlers.main(TestHandlers.java:36)



Do I have a misconception trying to construct an AssertionWrapper from an OpenSAML 2.0 Assertion?
Why does it always fail when I use an AssertionWrapper constructed this way?



Thanks,

Gang

Mime
View raw message