Hi,
I'm using WSS4j 1.6.18. I'm able to generate the SAML 2.0 HOK assertion (AssertionWrapper
class) using SAML2CallbackHandler and sign the SOAP document w/o problem. However, I've been
failing to use an existing SAML 2.0 HOK assertion to sign. Here's the details:
I first captured the generated SAML 2.0 HOK assertion string, constructed an OpenSAML SAML
2.0 assertion from it and then created the AssertionWrapper from the OpenSAML assertion. Using
so constructed AssertionWrapper, I failed the signing of the SOAP document.
Then I obtained the AssertionWrapper directly from the successful verification result and
used it directly to repeat the SOAP signing and I succeeded.
Thirdly, I obtained the AssertionWrapper directly from the successful verification result,
obtained the OpenSAML 2.0 assertion from getSaml2() getter. constructed a new AssertionWrapper
from the OpenSAML 2.0 assertion and used it to sign the SOAP doc. I failed again.
Both failure gave me the same exception:
org.apache.xml.security.signature.XMLSignatureException: Sorry, you supplied the wrong key
type for this operation! You supplied a null but a java.security.PrivateKey is needed.
at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:150)
at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:166)
at org.apache.xml.security.algorithms.SignatureAlgorithm.initSign(SignatureAlgorithm.java:239)
at org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:606)
at org.opensaml.xml.signature.Signer.signObject(Signer.java:76)
at org.apache.ws.security.saml.ext.OpenSAMLUtil.signObject(OpenSAMLUtil.java:234)
at org.apache.ws.security.saml.ext.OpenSAMLUtil.signXMLObject(OpenSAMLUtil.java:211)
at org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:164)
at org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:115)
at org.apache.ws.security.saml.ext.AssertionWrapper.toDOM(AssertionWrapper.java:314)
at org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:209)
at org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:117)
at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:285)
at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:210)
at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:206)
at mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessageWithAssertion(Ts3Wss4jOutHandler.java:200)
at mil.army.security.ts3.Ts3Wss4j.TestHandlers.main(TestHandlers.java:36)
Do I have a misconception trying to construct an AssertionWrapper from an OpenSAML 2.0 Assertion?
Why does it always fail when I use an AssertionWrapper constructed this way?
Thanks,
Gang
|