[xmlsec] WS-Security SOAP signing using xmlsec1
Aleksey Sanin
aleksey at aleksey.com
Tue Jun 11 10:56:39 PDT 2019
Well, another thing that you have is wsse:SecurityTokenReference
extension for the certificate. It is not supported by xmlsec
directly.
Aleksey
On 6/11/19 4:51 AM, Davor Perkovac wrote:
> I tried many different combinations similar to the one you suggested,
> but neither worked.
> Could it be because Id attribute in <soapenv:Body> has a namespace prefix?
>
> wsu:Id="..."
>
> Is this causing problems?
>
> Davor.
>
> On 10.06.2019 22:51, Davor Perkovac wrote:
>> This requires more parameters to xmlsec1
>>
>> I'm using version 1.2.20 for win32:
>>
>> xmlsec1.exe --version
>> xmlsec1 1.2.20 (openssl)
>>
>> and it results in:
>> xmlsec1.exe --verify
>> --id-attr:Id:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> Example_SOAP_PKI_Echo_1_sent.xml
>> Error: <file> parameter is required for this command
>> Usage: xmlsec <command> [<options>] [<files>]
>>
>> I've pasted again this full/unchanged xml file, so it should be possible
>> for you to try to verify it as well:
>> https://pastebin.com/u7SqZTLB
>>
>> Davor.
>>
>> On 10.06.2019 19:22, Aleksey Sanin wrote:
>>> Try something like this:
>>>
>>> --id-attr:Id:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>>
>>>
>>> Aleksey
>>>
>>> On 6/10/19 9:13 AM, Davor Perkovac wrote:
>>>> Hi,
>>>>
>>>> I assume it should be possible possible to verify and sign SOAP message
>>>> using WS-Security standard with xmlsec1 command line tool.
>>>> I see there was already discussion about this or something similar -
>>>> referring to Section 3.2 from the FAQ and I was reading it but somehow
>>>> failed to apply it to my actual example.
>>>>
>>>> From what I can see the problem is with setting the correct --id-attr
>>>> parameter.
>>>>
>>>> Can someone please advise on how to verify (and then later also sign)
>>>> wss SOAP XML which looks like the example here:
>>>> https://pastebin.com/5Q3mUtNJ
>>>>
>>>>
>>>> Thanks!
>>>>
>>>> Davor.
>>>>
>>>>
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>
>
More information about the xmlsec
mailing list