Although the "spirit" the standard of Web Services, WS-Security, and other grass raised in the RFC would create a facility for agency interoperability across platforms, trying to bring them to the harshness of reality emerge ... and explode in our face.
time ago, in Lagash had to implement a TokenManager (among other things) to translate the calls made from WSE 3 to Java, using security certificates. After
be running smoothly for almost two years, the service began to fail at the time of the response of a request with a message saying "WSE590: Following Failed to resolve the key info" ... , and showed one of the nodes of Key Info, allegedly containing the Subject Key Identifier of the certificate required to decrypt the message.
The problem turned out to be that since the new certificate which they began using did not contain the Subject Key Identifier extension, to be identified, both Java and WSE generated a hash of the certificate. The big problem great was that hashes were calculated in a different way!
To fix this, within the input filter of the messages was to replace the portion of SOAP named on the certificate to be used by one created by hand to indicate the specific certificate (which, in fact, always the same as that used to send the original message).
For more information: Http://support.microsoft.com/kb/922779/en-us (the problem is not exactly the same, but the approach to solve is very similar).
Greetings! Zaiden
0 comments:
Post a Comment