StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POJava client to WCF service interop with mutual certificate - Cannot resolve KeyInfo for verifying signature
primarykey
Id
9160503
data
AcceptedAnswerId
0
AnswerCount
2
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-02-06T13:02:33.893
FavoriteCount
2
LastActivityDate
2014-08-20T13:03:53.863
LastEditDate
2012-02-13T14:58:42.677
LastEditorUserId
29397
OwnerUserId
29397
ParentId
0
PostTypeId
1
Score
5
ViewCount
3379
LastEditorDisplayName
text
Body
Exception: MessageSecurityException: Cannot resolve KeyInfo for verifying signature: KeyInfo 'SecurityKeyIdentifier I have to set up a WCF service to receive SOAP calls from a Java client that is sending signed content with the following header: <pre><code><soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2"> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Reference URI="#id-3" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">…</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">…</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> … </ds:SignatureValue> <ds:KeyInfo Id="KeyId-66FC0491F2BB65AFF813274134607712" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="...." xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=XXXXXXXX</ds:X509IssuerName> <ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">111122222</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"> <wsu:Created>xxxxx</wsu:Created> <wsu:Expires>xxxx</wsu:Expires> </wsu:Timestamp></wsse:Security></soap:Header> </code></pre> I have tried setting up the following binding and behavior: <pre><code> <customBinding> <binding name="javaclientBinding"> <security defaultAlgorithmSuite="Basic256Rsa15" messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificateDuplex" requireDerivedKeys="false" securityHeaderLayout="LaxTimestampLast" allowInsecureTransport="true" requireSignatureConfirmation="false" requireSecurityContextCancellation="false"> </security> <textMessageEncoding messageVersion="Soap11" /> <httpTransport /> </binding> </customBinding> <behavior name="javaclientBehavior"> <serviceMetadata httpGetEnabled="True"/> <serviceDebug includeExceptionDetailInFaults="False"/> <serviceCredentials> <clientCertificate> <authentication certificateValidationMode="PeerTrust"/> </clientCertificate> <serviceCertificate findValue="applicationServer" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" /> </serviceCredentials> </behavior> </code></pre> But I get the following exception in the servers event log: <pre><code>ClientIdentity: ActivityId: <null> MessageSecurityException: Cannot resolve KeyInfo for verifying signature: KeyInfo 'SecurityKeyIdentifier ( IsReadOnly = False, Count = 1, Clause[0] = X509IssuerSerialKeyIdentifierClause(Issuer = 'CN=XXXXXX) ) ', available tokens 'SecurityTokenResolver ( TokenCount = 0, ) </code></pre> '. We have to get signature validation working, and we have no possibility to change what the java client is sending.
Tags
<java><wcf><interop><x509certificate><x509>
Title
Java client to WCF service interop with mutual certificate - Cannot resolve KeyInfo for verifying signature
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USBjørn Otto Vasbotten
UserOwnerUserId
1. USBjørn Otto Vasbotten
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.