Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Empty Namespace in SecurityTokenReference tag #45

Open
Panneer10 opened this issue Jun 11, 2020 · 1 comment
Open

Empty Namespace in SecurityTokenReference tag #45

Panneer10 opened this issue Jun 11, 2020 · 1 comment

Comments

@Panneer10
Copy link

Hi,

I'm trying to call WCF service using WS-Security (digital signature). I've .pfx certificate and I've converted that to .pem using openssl command.

Initially I've tried out a lot but unable to get response from service. After that I've noticed an "empty namespace" is formed in SecurityTokenReference tag under singature section in the request.

<o:SecurityTokenReference xmlns:o="">

Request

<KeyInfo>
<o:SecurityTokenReference xmlns:o="">
<o:Reference URI="#sec_0" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</o:SecurityTokenReference>
</KeyInfo>
</Signature>

I suspected that, this is causing an issue. So I removed the empty namespace (xmlns:o="") and tested the request in SoapUI. I am getting the response from service.

So I made a workaround to fix this issue.

I manually added namespace in SecurityTokenReference tag in WSSKeyInfo() function in the signature.js (ws.js\lib\handlers\client\security\signature.js) file.

<o:SecurityTokenReference xmlns:o="http"//docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secret-1.0.xsd">

Signature.js

function WSSKeyInfo(signingToken) {

  this.getKeyInfo = function(key) {
    return "<o:SecurityTokenReference xmlns:o=\"http"//docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secret-1.0.xsd\">" +
           "<o:Reference URI=\"#" + signingToken.getId() +"\" " +
           "ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\" />" +
           "</o:SecurityTokenReference>"
  }

After this fix I'm able to get response from service.
Is there anyway to fix this issue by modifying my code without modifying the package files (signature.js) ????

I have attached my code here
Code.txt

Thanks.
@p-dealwis
Copy link

p-dealwis commented Jun 11, 2020
edited
Loading

I am also having this issue. xmlns:o shouldn't even be given because it is already declared in the Envelope since that is the same namespace used by Security. In the examples the empty namespace is not there so I assume it is a bug introduced from a more recent commit.

@p-dealwis p-dealwis mentioned this issue Jun 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@p-dealwis @Panneer10