I have a third party MS WCF Webservice which is using some variant of STS, that I have been trying to call from a CXF client. This is WSDL first.
I have been trying the simple STS examples I find on the website and around the network, I am not close to getting this type of packet with the off the internet examples to reproduce this soap envelope which is sent to the STS server by a Metro client or a C# client.
Is this secure conversation? I expect there is a working example in the source if somebody could point me towards it?
Thanks in advance.
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">http://hostname:8030/SecurityTokenService/username</To>
<Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">uuid:fqef</MessageID>
<wsse:Security S:mustUnderstand="true">
<wsu:Timestamp xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_5">
<wsu:Created>2014-01-17T02:00:30Z</wsu:Created>
<wsu:Expires>2014-01-17T02:05:30Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5002">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">fjkqefq=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>akjefefe</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>24</ns19:Length>
<ns19:Nonce>xyzzy</ns19:Nonce>
</ns19:DerivedKeyToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_4">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>32</ns19:Length>
<ns19:Nonce>xyzzy</ns19:Nonce>
</ns19:DerivedKeyToken>
<xenc:ReferenceList xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/">
<xenc:DataReference URI="#_5010"/>
<xenc:DataReference URI="#_5011"/>
<xenc:DataReference URI="#_5012"/>
</xenc:ReferenceList>
<xenc:EncryptedData xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5012" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>abc</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedData xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5011" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>eqef</xenc:CipherValue></xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5008">
<xenc:EncryptedData xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5010" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>bgdwd </xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
I have been trying the simple STS examples I find on the website and around the network, I am not close to getting this type of packet with the off the internet examples to reproduce this soap envelope which is sent to the STS server by a Metro client or a C# client.
Is this secure conversation? I expect there is a working example in the source if somebody could point me towards it?
Thanks in advance.
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">http://hostname:8030/SecurityTokenService/username</To>
<Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">uuid:fqef</MessageID>
<wsse:Security S:mustUnderstand="true">
<wsu:Timestamp xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_5">
<wsu:Created>2014-01-17T02:00:30Z</wsu:Created>
<wsu:Expires>2014-01-17T02:05:30Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5002">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">fjkqefq=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>akjefefe</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>24</ns19:Length>
<ns19:Nonce>xyzzy</ns19:Nonce>
</ns19:DerivedKeyToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_4">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>32</ns19:Length>
<ns19:Nonce>xyzzy</ns19:Nonce>
</ns19:DerivedKeyToken>
<xenc:ReferenceList xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/">
<xenc:DataReference URI="#_5010"/>
<xenc:DataReference URI="#_5011"/>
<xenc:DataReference URI="#_5012"/>
</xenc:ReferenceList>
<xenc:EncryptedData xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5012" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>abc</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedData xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5011" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>eqef</xenc:CipherValue></xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5008">
<xenc:EncryptedData xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5010" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>bgdwd </xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>