[英]WCF client failes to authenticate Java web service. Cannot find a token authenticator for the X509SecurityToken
I created WCF client that integrates Java WS. 我创建了集成Java WS的WCF客户端。 The idea is quite easy. 这个想法很容易。 I should sign my request with client's certificate and the server should return signed response. 我应使用客户的证书签署请求,服务器应返回已签名的响应。 Signed by server's private key. 由服务器的私钥签名。 All communications runs over SSL. 所有通信都通过SSL运行。
I enabled .NET tracing and I can see that my request is processed successfully and that the response is received. 我启用了.NET跟踪,并且可以看到我的请求已成功处理并且收到了响应。 Unfortunately I received the following exception: 不幸的是,我收到以下异常:
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. 找不到“ System.IdentityModel.Tokens.X509SecurityToken”令牌类型的令牌身份验证器。
I found a Yaron blog and he proposed a solution that does not work me. 我找到了Yaron 博客 ,他提出了对我不起作用的解决方案。
Here is my client configuration: 这是我的客户端配置:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.diagnostics>
<sources>
<source propagateActivity="true" name="System.ServiceModel" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source propagateActivity="true" name="System.ServiceModel.IdentityModel" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source propagateActivity="true" name="System.ServiceModel.Activation" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml" />
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="c:\log\Traces.svclog" type="System.Diagnostics.XmlWriterTraceListener"
name="xml" traceOutputOptions="None">
</add>
</sharedListeners>
<trace autoflush="true" indentsize="2">
<listeners>
<add name="xml"/>
</listeners>
</trace>
</system.diagnostics>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logKnownPii="true" logMalformedMessages="false"
logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true"
/>
<endToEndTracing propagateActivity="true" activityTracing="true"
messageFlowTracing="true" />
</diagnostics>
<client>
<endpoint address="https://www.server.com/ws"
behaviorConfiguration="clientCertificateBehaviour" binding="customBinding"
bindingConfiguration="appCustomBinding" contract="ws.services"
name="app-servicesSOAP" >
</endpoint>
</client>
<bindings>
<customBinding>
<binding name="appCustomBinding">
<security allowSerializedSigningTokenOnReply="true" enableUnsecuredResponse="true"
authenticationMode="CertificateOverTransport" requireDerivedKeys="false"
securityHeaderLayout="Lax" allowInsecureTransport="false"
messageProtectionOrder="SignBeforeEncrypt" protectTokens="false"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSignatureConfirmation="false" />
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport authenticationScheme="Digest" transferMode="Buffered"
requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="clientCertificateBehaviour">
<clientCredentials>
<clientCertificate findValue="CLIENT_CERT" storeLocation="CurrentUser"
x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="SERVER_CERT" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
And the response I am receiving is: 我收到的答复是:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-14514880453351538613570">
<wsu:Created>2015-12-30T15:07:25Z</wsu:Created>
<wsu:Expires>2015-12-30T15:12:25Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-14501832448541055407999">MASASIFIjCCB.......</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-1450183244852-860467203">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XWSSGID-14514880453351164099649">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>./SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature[1]/ds:KeyInfo/wsse:SecurityTokenReference</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>5kmj7l.....</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#XWSSGID-14514880453351538613570">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>GssfNgXcx....</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>zcfVW....</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1451488045318234803139">
<wsse:Reference URI="#XWSSGID-14501832448541055407999" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-14514880453351164099649">
body content
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
The exception i received should indicate that the certificate is incorrectly referenced but I do not see anything to be wrong in the response. 我收到的异常应该表明证书引用不正确,但是我在响应中看不到任何错误。 Is this WCF related issue? 这是WCF相关问题吗?
Thanx! 谢谢!
Try authenticationMode of "mutualCertificate", set ProtectionLevel.Sign on the contract, and posisbly also allowSerializedTokenOnResponse=true. 尝试使用authenticationMode的“ mutualCertificate”,在合同上设置ProtectionLevel.Sign,并且也允许allowSerializedTokenOnResponse = true。 Some more information here: https://gist.github.com/yaronn/6775810 一些更多信息在这里: https : //gist.github.com/yaronn/6775810
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.