Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-508

When using "add inclusive prefixes" and EXC C14N - signature cannot be validated

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.0, 2.0.1
    • 2.0.2
    • WSS4J Core
    • None
    • WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.

    Description

      Security implemented using WSS4J securement/validation action approach. We are trying to sign the body.

      The provider is a JAX-WS service running on WebSphere JAX-WS stack. Custom handler uses WSS4j to validate security.

      The consumer is a WebSphere JAX-WS dispatch client – also attaching custom security handler.

      Signature can be validated on the provider side when EXC C14N canonicalization is specified with BST compliance flag relaxed. That is because when we chose to add “InclusiveNamespaces” “PrefixList” on the consumer side, verification fails. When the same test is done with the SOAP UI – signature verifies Ok – so I am blaming the consumer – the signing process - not verification process.

      I am attaching a log file which shows verification failure when the InclusiveNamespaces option is used. If not for this option – this verification would’ve been a success.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            coheigea Colm O hEigeartaigh
            bezrukavyy Gene B.
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment