STSClient An error occurred when verifying security for the message

馋奶兔 提交于 2020-04-17 22:02:06

问题


I already looking through

An error occurred when verifying security for the message - SAML Token and How to put SAML token directly into JAX-WS service without calling STSClient

I also works on Australian education business. Right now I am struggling with STS service v3 as well. I use cxf and wsdl2java

<jaxws:client name="{http://usi.gov.au/2018/ws/servicepolicy}WS2007FederationHttpBinding_IUSIService" createdFromAPI="true">
<jaxws:inInterceptors>
    <ref bean="unexpectedResponseNodeInterceptor"/>
</jaxws:inInterceptors>
<jaxws:properties>
    <entry key="ws-security.sts.client">
        <bean class="org.apache.cxf.ws.security.trust.STSClient">
        <constructor-arg ref="usiClientBus"/>
            <property name="wsdlLocation" value="https://softwareauthorisations.ato.gov.au/R3.0/S007v1.3/service.svc"/>
            <property name="serviceName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService"/>
            <property name="endpointName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}S007SecurityTokenServiceEndpoint"/>
            <property name="properties">
                <map>
                    <entry key="ws-security.sts.client-soap12-binding" value="true"/>
                    <entry key="ws-security.signature.crypto" value-ref="ausKeyCryptoService"/>
                    <entry key="ws-security.callback-handler" value-ref="ausKeyCryptoService"/>


                </map>
            </property>
        </bean>
    </entry>
    <entry key="ws-security.cache.issued.token.in.endpoint" value="false"/>
</jaxws:properties>

The original error which I faced with: 'E9004 An error was discovered processing the wsse:Security header'. This error documented in MTS-ST doc https://softwaredevelopers.ato.gov.au/sites/default/files/resource-attachments/MAS-ST_SecurityTokenService_ServiceDefinition.pdf

But their explanation really useless.

then I have pointed STSClient to local wsdl file, like

and change AlgorithmSuite as recommended in comments above. I did the same for USI wsdl. The error that I get now is: An error occurred when verifying security for the message. I do not even know if is it better (some progress) or worse (just make step back).

I have looked through soap Envelope message, it contains:

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

I suppose sha1 algorithm is reason of my fault. But it is attribute of my certificate as I understood.

I have also tried code examples that MAS-ST provide: It use proprietary ABR_SecurityTokenManager.jar and Metro ws implementation. I do not know how but it works (at least 1 step of getting security token from MAS-ST side). I have checked soap Envelop as well and was surprised, I contains

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256"/>

but certificate is the same with my example.

来源:https://stackoverflow.com/questions/61007411/stsclient-an-error-occurred-when-verifying-security-for-the-message

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!