WCF客户端无法验证Java Web服务。 找不到X509SecurityToken的令牌验证器
[英]WCF client failes to authenticate Java web service. Cannot find a token authenticator for the X509SecurityToken
问题描述
I created WCF client that integrates Java WS. 
我创建了集成Java WS的WCF客户端。 The idea is quite easy. 这个想法很容易。 I should sign my request with client's certificate and the server should return signed response. 我应使用客户的证书签署请求,服务器应返回已签名的响应。 Signed by server's private key. 由服务器的私钥签名。 All communications runs over SSL. 所有通信都通过SSL运行。
I enabled .NET tracing and I can see that my request is processed successfully and that the response is received. 我启用了.NET跟踪,并且可以看到我的请求已成功处理并且收到了响应。 Unfortunately I received the following exception: 不幸的是,我收到以下异常:
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type.
I found a Yaron blog and he proposed a solution that does not work me. 我找到了Yaron 博客 ,他提出了对我不起作用的解决方案。
Here is my client configuration: 这是我的客户端配置:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.diagnostics>
<sources>
<source propagateActivity="true" name="System.ServiceModel" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source propagateActivity="true" name="System.ServiceModel.IdentityModel" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source propagateActivity="true" name="System.ServiceModel.Activation" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml" />
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="c:\log\Traces.svclog" type="System.Diagnostics.XmlWriterTraceListener"
name="xml" traceOutputOptions="None">
</add>
</sharedListeners>
<trace autoflush="true" indentsize="2">
<listeners>
<add name="xml"/>
</listeners>
</trace>
</system.diagnostics>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logKnownPii="true" logMalformedMessages="false"
logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true"
/>
<endToEndTracing propagateActivity="true" activityTracing="true"
messageFlowTracing="true" />
</diagnostics>
<client>
<endpoint address="https://www.server.com/ws"
behaviorConfiguration="clientCertificateBehaviour" binding="customBinding"
bindingConfiguration="appCustomBinding" contract="ws.services"
name="app-servicesSOAP" >
</endpoint>
</client>
<bindings>
<customBinding>
<binding name="appCustomBinding">
<security allowSerializedSigningTokenOnReply="true" enableUnsecuredResponse="true"
authenticationMode="CertificateOverTransport" requireDerivedKeys="false"
securityHeaderLayout="Lax" allowInsecureTransport="false"
messageProtectionOrder="SignBeforeEncrypt" protectTokens="false"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSignatureConfirmation="false" />
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport authenticationScheme="Digest" transferMode="Buffered"
requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="clientCertificateBehaviour">
<clientCredentials>
<clientCertificate findValue="CLIENT_CERT" storeLocation="CurrentUser"
x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="SERVER_CERT" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
And the response I am receiving is: 我收到的答复是:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-14514880453351538613570">
<wsu:Created>2015-12-30T15:07:25Z</wsu:Created>
<wsu:Expires>2015-12-30T15:12:25Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-14501832448541055407999">MASASIFIjCCB.......</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-1450183244852-860467203">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XWSSGID-14514880453351164099649">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>./SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature[1]/ds:KeyInfo/wsse:SecurityTokenReference</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>5kmj7l.....</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#XWSSGID-14514880453351538613570">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>GssfNgXcx....</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>zcfVW....</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1451488045318234803139">
<wsse:Reference URI="#XWSSGID-14501832448541055407999" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-14514880453351164099649">
body content
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
The exception i received should indicate that the certificate is incorrectly referenced but I do not see anything to be wrong in the response. 我收到的异常应该表明证书引用不正确,但是我在响应中看不到任何错误。 Is this WCF related issue? 这是WCF相关问题吗?
Thanx! 谢谢!
1 个解决方案
解决方案1
1 已采纳 2016-01-01 20:28:45
Try authenticationMode of "mutualCertificate", set ProtectionLevel.Sign on the contract, and posisbly also allowSerializedTokenOnResponse=true. 尝试使用authenticationMode的“ mutualCertificate”,在合同上设置ProtectionLevel.Sign,并且也允许allowSerializedTokenOnResponse = true。 Some more information here: https://gist.github.com/yaronn/6775810 一些更多信息在这里: https : //gist.github.com/yaronn/6775810
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
调用WS-Security Web服务的WCF错误:找不到X509SecurityToken的令牌认证器 - WCF error calling WS-Security web service: Cannot find a token authenticator for the X509SecurityToken
WCF-找不到X509SecurityToken的令牌验证器 - WCF - Cannot find a token authenticator for X509SecurityToken
具有X.509证书和Java Web Service的WCF客户端 - WCF Client With X.509 Certificate and Java Web Service
带有Java服务器的WSSE WCF客户端“找不到'System.IdentityModel.Tokens.UserNameSecurityToken'令牌类型的令牌认证器。” - WSSE WCF client with Java server “Cannot find a token authenticator for the 'System.IdentityModel.Tokens.UserNameSecurityToken' token type.”
找不到“Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken”令牌的令牌验证器 - Cannot find a token authenticator for the 'Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken' token
如何为使用X.509保护的WCF服务创建Java客户端? - How to make a Java client for a WCF service secured with X.509?
在Azure托管的WCF服务中找不到X.509证书 - Cannot find the X.509 certificate in WCF service hosted in Azure
具有X509证书和Java客户端的WCF服务 - WCF Service with X509 Certificates and Java Client
解决WCF错误:EncryptedKey子句未包含所需的加密令牌'System.IdentityModel.Tokens.X509SecurityToken' - Resolve WCF Error: The EncryptedKey clause was not wrapped with the required encryption token 'System.IdentityModel.Tokens.X509SecurityToken'
WCF:EncryptedKey子句未包含所需的加密令牌'System.IdentityModel.Tokens.X509SecurityToken' - WCF : The EncryptedKey clause was not wrapped with the required encryption token 'System.IdentityModel.Tokens.X509SecurityToken'
相关标签