Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6468

Secure Conversation Renew is missing Instance creation

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.5, 3.1.1
    • Fix Version/s: 3.0.6, 3.1.2
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Secure Conversation Renew is not working from a .NET client because <ws:Instance> is missing in the SecurityContextToken.
      Reading into the standard here -> http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/os/ws-secureconversation-1.4-spec-os.html

      says the following:
      "The initial issuance need not contain a wsc:Instance element, however, all subsequent issuances with different keys MUST have a wsc:Instance element with a unique value."
      Also a reference seems to be required in the SecurityTokenRefernce according to this:
      "If a specific key instance needs to be referenced, then the global attribute wsc:Instance is included in the <wsse:Reference> sub-element (only when using <wsc:Identifier> references)"
      The attached patch works for us

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              freddy.exposito Freddy Exposito
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: