[xmlsec] WS-Security SOAP signing using xmlsec1
Davor Perkovac
davor.perkovac at gmail.com
Tue Jun 11 11:08:25 PDT 2019
I see.
Are you aware of other options available to sign/verify SOAP XML file
like this one?
Would xmlsec need to be extended somehow, or could it still be used if
an appropriate template file is prepared for it?
Thanks!
Davor.
On 11.06.2019 19:56, Aleksey Sanin wrote:
> Well, another thing that you have is wsse:SecurityTokenReference
> extension for the certificate. It is not supported by xmlsec
> directly.
>
> Aleksey
>
> On 6/11/19 4:51 AM, Davor Perkovac wrote:
>> I tried many different combinations similar to the one you suggested,
>> but neither worked.
>> Could it be because Id attribute in <soapenv:Body> has a namespace
>> prefix?
>>
>> wsu:Id="..."
>>
>> Is this causing problems?
>>
>> Davor.
>>
>> On 10.06.2019 22:51, Davor Perkovac wrote:
>>> This requires more parameters to xmlsec1
>>>
>>> I'm using version 1.2.20 for win32:
>>>
>>> xmlsec1.exe --version
>>> xmlsec1 1.2.20 (openssl)
>>>
>>> and it results in:
>>> xmlsec1.exe --verify
>>> --id-attr:Id:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>>
>>> Example_SOAP_PKI_Echo_1_sent.xml
>>> Error: <file> parameter is required for this command
>>> Usage: xmlsec <command> [<options>] [<files>]
>>>
>>> I've pasted again this full/unchanged xml file, so it should be
>>> possible
>>> for you to try to verify it as well:
>>> https://pastebin.com/u7SqZTLB
>>>
>>> Davor.
>>>
>>> On 10.06.2019 19:22, Aleksey Sanin wrote:
>>>> Try something like this:
>>>>
>>>> --id-attr:Id:http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>>>
>>>>
>>>>
>>>> Aleksey
>>>>
>>>> On 6/10/19 9:13 AM, Davor Perkovac wrote:
>>>>> Hi,
>>>>>
>>>>> I assume it should be possible possible to verify and sign SOAP
>>>>> message
>>>>> using WS-Security standard with xmlsec1 command line tool.
>>>>> I see there was already discussion about this or something similar -
>>>>> referring to Section 3.2 from the FAQ and I was reading it but
>>>>> somehow
>>>>> failed to apply it to my actual example.
>>>>>
>>>>> From what I can see the problem is with setting the correct
>>>>> --id-attr
>>>>> parameter.
>>>>>
>>>>> Can someone please advise on how to verify (and then later also sign)
>>>>> wss SOAP XML which looks like the example here:
>>>>> https://pastebin.com/5Q3mUtNJ
>>>>>
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Davor.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> xmlsec mailing list
>>>>> xmlsec at aleksey.com
>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>>
>>
More information about the xmlsec
mailing list