Skip to content
This repository has been archived by the owner on Jan 30, 2019. It is now read-only.

Issue with WSIT code #1683

Open
glassfishrobot opened this issue Nov 20, 2013 · 5 comments
Open

Issue with WSIT code #1683

glassfishrobot opened this issue Nov 20, 2013 · 5 comments
Assignees
@glassfishrobot
Labels
Component: security ERR: Assignee Priority: Major Type: Bug

Comments

@glassfishrobot
Copy link
Contributor

We are trying to reuse WSIT code for saml support on the service provider side . However the digest comparision is always failing which is causing signature verification to fail

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:PegaRULES:SOAP:PegaSample29:Services">
soapenv:Header<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-884B08BDC6240C357F1384950745215188">MIICHzCCAYigAwIBAgIEUjDqXzANBgkqhkiG9w0BAQQFADBUMQswCQYDVQQGEwJzZDELMAkGA1UECBMCU0QxDDAKBgNVBAcTA0ZMTDENMAsGA1UEChMEQU1FWDEMMAoGA1UECxMDQU1YMQ0wCwYDVQQDEwRhbWV4MB4XDTEzMDkxMTIyMTAzOVoXDTEzMTIxMDIyMTAzOVowVDELMAkGA1UEBhMCc2QxCzAJBgNVBAgTAlNEMQwwCgYDVQQHEwNGTEwxDTALBgNVBAoTBEFNRVgxDDAKBgNVBAsTA0FNWDENMAsGA1UEAxMEYW1leDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0BTpathcrK2LyjMsT4ymtIMKDNzdgp/s5kdVqoE/G2KKP7icIGijYTuvCBIYHZ5/CbligSl824cOCedYHCaKJu1ocsCtRqss4amCusPRV0V9/A20mVbUhNs+AtcpvIu9loLA7sYb8N+wUmRdw/Q6eemblQJzX8677pal57NnsuUCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCPGwEeY01+tUpTkUN1VnQev2111e8EHtEbMWlNpvWy9XSF72PdDiDwzhfK49rioAO0VW4mJeUarv7uPzOm2gLc7jNuM9PM+eWRApkmFlLZsGhduOASRW4x4SUK8XMxR+Mes1ZwpIRnoYBg2V7H49FCpRmMt1gVTRq5oXHax/zN2A==</wsse:BinarySecurityToken><saml2:Assertion ID="884B08BDC6240C357F1384950745200185" IssueInstant="2013-11-20T12:32:25.200Z" Version="2.0" xsi:type="saml2:AssertionType" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">saml2:Issuertest</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">ds:SignedInfo<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#884B08BDC6240C357F1384950745200185">ds:Transforms<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>ds:DigestValueG2Ed3TjBm6U93i69PjWrt5SP6b8=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValuefTJZ7k8AHJiPhZKNS2LZe/LGZW9n01+lTRUd5i03+VALRix2J8dd/GgKK0wWZHik2nJxuyBBDcjlACPKbigbnFMr6PC4gpCtu6TXSZzTZX66/VQrvNQzTNHfp0+uYqNwOlvqypOMOc87DFB+J/PFwoNNTRAD6bdWfaqZVNN8JWg=</ds:SignatureValue>ds:KeyInfods:X509Datads:X509CertificateMIICHzCCAYigAwIBAgIEUjDqXzANBgkqhkiG9w0BAQQFADBUMQswCQYDVQQGEwJzZDELMAkGA1UE
CBMCU0QxDDAKBgNVBAcTA0ZMTDENMAsGA1UEChMEQU1FWDEMMAoGA1UECxMDQU1YMQ0wCwYDVQQD
EwRhbWV4MB4XDTEzMDkxMTIyMTAzOVoXDTEzMTIxMDIyMTAzOVowVDELMAkGA1UEBhMCc2QxCzAJ
BgNVBAgTAlNEMQwwCgYDVQQHEwNGTEwxDTALBgNVBAoTBEFNRVgxDDAKBgNVBAsTA0FNWDENMAsG
A1UEAxMEYW1leDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0BTpathcrK2LyjMsT4ymtIMK
DNzdgp/s5kdVqoE/G2KKP7icIGijYTuvCBIYHZ5/CbligSl824cOCedYHCaKJu1ocsCtRqss4amC
usPRV0V9/A20mVbUhNs+AtcpvIu9loLA7sYb8N+wUmRdw/Q6eemblQJzX8677pal57NnsuUCAwEA
ATANBgkqhkiG9w0BAQQFAAOBgQCPGwEeY01+tUpTkUN1VnQev2111e8EHtEbMWlNpvWy9XSF72Pd
DiDwzhfK49rioAO0VW4mJeUarv7uPzOm2gLc7jNuM9PM+eWRApkmFlLZsGhduOASRW4x4SUK8XMx
R+Mes1ZwpIRnoYBg2V7H49FCpRmMt1gVTRq5oXHax/zN2A==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>saml2:Subject<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">gargb</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/></saml2:Subject><saml2:Conditions NotBefore="2013-11-20T12:32:25.200Z" NotOnOrAfter="2013-11-20T12:37:25.200Z"/>saml2:AuthnStatementsaml2:AuthnContextsaml2:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" wsu:Id="STRSAMLId-884B08BDC6240C357F1384950745215189" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">884B08BDC6240C357F1384950745200185</wsse:KeyIdentifier></wsse:SecurityTokenReference><ds:Signature Id="SIG-45" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">ds:SignedInfo<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="soapenv urn" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-44">ds:Transforms<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="urn" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>ds:DigestValuehiyYFZRyABoAbZ92AB7+j+sFWAQ=</ds:DigestValue></ds:Reference><ds:Reference URI="#STRSAMLId-884B08BDC6240C357F1384950745215189">ds:Transforms<ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">wsse:TransformationParameters<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></wsse:TransformationParameters></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>ds:DigestValue6bdN72qAiQALWmZi4wrpRDx1+Jk=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValuetWZVBXXKeZ0Y3FCIcGyjaeXCvp9H9lbR+IhZLGVw6/mY/bZM/z7UCLSBIdMkeGhrLttK3s2jeqiB
TODfj/2pDSJiM51tBhXvKucJVDXBmvijeeBOzjk23isRAaC3DqLbZTWTaMYg1iTdYD2XIwkja8sP
YG0+/Wai/gOvZ/unqFw=</ds:SignatureValue><ds:KeyInfo Id="KeyId-884B08BDC6240C357F1384950745215186"><wsse:SecurityTokenReference wsu:Id="STRId-884B08BDC6240C357F1384950745215187"><wsse:Reference URI="#CertId-884B08BDC6240C357F1384950745215188" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body wsu:Id="id-44" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">urn:Testservicesaml/</soapenv:Body>
</soapenv:Envelope>

Affected Versions

[2.3]
@glassfishrobot
Copy link
Contributor Author

Reported by binodgarg

@glassfishrobot
Copy link
Contributor Author

Was assigned to symonchang

@glassfishrobot
Copy link
Contributor Author

binodgarg said:
Do we need to do something additional to get this working on the service provider side?

@glassfishrobot
Copy link
Contributor Author

binodgarg said:
The message sent in the description is the one which is generated by SOAPUI.

@glassfishrobot
Copy link
Contributor Author

This issue was imported from java.net JIRA WSIT-1683

@glassfishrobot glassfishrobot self-assigned this Apr 24, 2017
@Tomas-Kraus Tomas-Kraus mentioned this issue Jun 2, 2022
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@glassfishrobot glassfishrobot

Labels
Component: security ERR: Assignee Priority: Major Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@glassfishrobot