2 Replies Latest reply on Nov 12, 2008 12:07 PM by mrguy

    Sigining a SOAP message using the enveloped-signature transf

    mrguy
    mrguy Nov 12, 2008 10:52 AM

      I have an application that needs to consume a webservice. I've generated the client stubs with wsconsume, and I've configured most of the security settings our partner requires ( username tokens, and a signature ). However, the webservice provider requires that the SOAP envelope be signed using the enveloped-signature transform, and I can't seem to track down any information on how to do that. It _seems_ to be the sort of thing that would be configured in jboss-wsse-client.xml, but I don't see any reference to it in the xsd. If someone could point me in the right direction for this, even just let me know what documentation to look at, I would be grateful.

      • 1649 Views
      • Tags:
        • 1. Re: Sigining a SOAP message using the enveloped-signature tr
          peterj
          peterj Nov 12, 2008 11:42 AM (in response to mrguy)

          Does the WS-Security section of the docs help: http://jbossws.jboss.org/mediawiki/index.php?title=JAX-WS_User_Guide#WS-Security

            • Actions
          • 2. Re: Sigining a SOAP message using the enveloped-signature tr
            mrguy
            mrguy Nov 12, 2008 12:07 PM (in response to mrguy)

            Unfortunately, the WS-Security documentation hasn't helped with the particular problem. It was very helpful in getting the WS-Security set up initially, and working from there I created the following jboss-wsse-client.xml file:

            <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/ws-security/config
 http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
 <key-store-file>META-INF/keystores/zcg.keystore</key-store-file>
 <key-store-password>zcgstore</key-store-password>
 <trust-store-file>META-INF/keystores/zcg.truststore</trust-store-file>
 <trust-store-password>zcgstore</trust-store-password>
 <config>
 <username/>
 <sign type="x509v3" alias="bandwidth.com">
 <targets>
 <target type="qname">{http://schemas.xmlsoap.org/soap/envelope/}Envelope</target>
 </targets>
 </sign>
 </config>
</jboss-ws-security>


            Which signs the full SOAP envelope: 
            <env:Envelope wsu:Id='element-2-1226509117041-2045010446' xmlns:env='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
...
<ds:Reference URI='#element-2-1226509117041-2045010446' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>


            But it still lists the Transform Algorithm as XML Exclusive Canonicalization: 

             <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>


              • Actions