Hi, I need help signing SOAP/XML. Have been stuck with this for a
couple of days now.
I get the following error message from the server: "The security
token could not be authenticated or authorized."
I am probably doing something wrong in the signing process. I use a
tool called "Exchanger XML Professional 3.2" for canonicalization and
sending the message. OpenSSL for SHA-1 hashing, RSA signing and Base 64
encoding.
The digest value of <signedinfo> element I calculate to
ff069b57f83c7bf0cd5b4684c932d4593c1462aa (hex), signed with RSA
algorithm and displayed in Base 64 encoding in <signaturevalue> element
below.
It would also help to now in what order the server do things when
processing and verifing the message. Now I hardly know what is ok and
what isn't.
I would really appreciate some help with this. If anyone know how to do
this "manually" like this?
--------------- START ERROR MESSAGE ----------------
<?xml version="1.0" encoding="utf-8"?><soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsu:Timestamp
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"><wsu:Created>2006-02-23T08:47:25Z</wsu:Created><wsu:Expires>2006-02-23T08:52:25Z</wsu:Expires></wsu:Timestamp></soap:Header><soap:Body><soap:Fault><faultcode
xmlns:code="http://schemas.xmlsoap.org/ws/2002/07/secext">code:FailedAuthentication</faultcode><faultstring>Microsoft.Web.Services.Secu rity.SecurityFault:
The security token could not be authenticated or authorized
at Microsoft.Web.Services.Security.Security.LoadXml(X mlElement
element)
at
Microsoft.Web.Services.Security.SecurityInputFilte r.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services.Pipeline.ProcessInputMessag e(SoapEnvelope
envelope)
at
Microsoft.Web.Services.WebServicesExtension.Before DeserializeServer(SoapMessage
message)</faultstring><faultactor>https://ei.sst.dk/test-ei/frontend.asmx</faultactor></soap:Fault></soap:Body></soap:Envelope>
--------------- END ERROR MESSAGE ----------------
--------------- START RSA PRIVATE KEY ----------------
MIICWwIBAAKBgQCbIrspkjgUDUCcw9ZaJc9Qd7dFi39ewSnGDG KBdOSiPHcINiYZ
pr18BQGyh78BfV+6HHDfDS89YM+bwJu5ucWWRJyXSXgs0cgqCg Eti6JVku/ptAx8
ANYvUHfNuSO8BtBtsmwO4Z5zPUoGZUjh5u1iDWYlTzfsJqzxEr J1PKEhfQIDAQAB
AoGALoWCxNuhT3oN5zTfIdd2zPWpkwRbJMoeQdLS82lfarthIq hCUqzq47cIpEYK
5GJ5g3El8+2bPfe7KkTfLhnkg0z2rHI2Geqic7XI6dD34klWeB +lzAGyGsSxeVz4
N05xa4mymvp4Ucq5dI9lv1SAR7NVzyj9Jq7K6OV4BEjq8S0CQQ DJDiCGr8jhYeuH
yGMRcQW+fiqqj4Xn7nVtdv91BR52Cd0XbqgXsD26gWH6Zfu0qG hpGx1Cg181UL/H
xMHzrNIvAkEAxYgQFBInq9Nicb+017kkxqp+mI3Bn0RVvtb91M 4Ly8YioBgb6hMl
uQipTd+YGi0pN72kCeM6HHft0CWFG9D4EwJASoIIvcEhIZ0nKt +xDwKijVC2QRUF
G8l8DP//dX9bJYVMQOXKN1Uh2x8djy0CFZYfc2wP8Nk8jEaLe93HvqT6Ew JAeFhF
M3U8JjtLJvIdQ7DQ7xjAuEDlThtcAkEJtLU0CppUTiViHGI+AV V9kKxBBvGswwEP
B9cgeGe4w6+YQTI3cQJAPj4cgzjsLd8Ibzho3qaTWEPo/x9mAgrO9yDIqj67b00F
mZEsGmzzAh0DOJNdAodHLh+/rjwU/ZbCD4m9bcYsPA==
--------------- END RSA PRIVATE KEY ----------------
--------------- START SOAP/XML ----------------
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Header>
<wsrp:path
soap:actor="http://schemas.xmlsoap.org/soap/actor/next"
soap:mustUnderstand="1" xmlns:wsrp="http://schemas.xmlsoap.org/rp">
<wsrp:action
wsu:Id="Id-4f88de95-2818-4696-9b99-6c1878f40851"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">https://ei.sst.dk/SendPackets</wsrp:action>
<wsrp:to
wsu:Id="Id-c5e4d24e-2532-4820-b238-9334f791506f"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">https://ei.sst.dk/test-ei/Frontend.asmx</wsrp:to>
<wsrp:id
wsu:Id="Id-cb2af9ee-2477-489c-ad0b-df86e06bb4b8"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">uuid:12345678-1234-1234-b49344da724ad5d4</wsrp:id>
</wsrp:path>
<wsu:Timestamp
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsu:Created
wsu:Id="Id-87e6da6d-6ee1-4d0a-9da2-d27e1bd321a9">2006-02-22T12:40:59Z</wsu:Created>
</wsu:Timestamp>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
<wsse:BinarySecurityToken ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="SecurityToken-fc43cebf-ae98-4796-a099-026e4385c96b">MIIE5TCCBE6gAwIBAgIEQDZIdDANBgkqhkiG 9w0BAQUFADA/MQswCQYDVQQGEwJE
SzEMMAoGA1UEChMDVERDMSIwIAYDVQQDExlUREMgT0NFUyBTeX N0ZW10ZXN0IENB
IElJMB4XDTA1MDUxMDA2NDIzOFoXDTA3MDUxMDA3MTIzOFowfT ELMAkGA1UEBhMC
REsxKTAnBgNVBAoTIEluZ2VuIG9yZ2FuaXNhdG9yaXNrIHRpbG tueXRuaW5nMUMw
HAYDVQQDExVUZXN0cGVyc29uIDI4MDI3NTE3NzIwIwYDVQQFEx xQSUQ6OTIwOC0y
MDAyLTItNzM1MDg5ODU3OTgyMIGfMA0GCSqGSIb3DQEBAQUAA4 GNADCBiQKBgQCb
IrspkjgUDUCcw9ZaJc9Qd7dFi39ewSnGDGKBdOSiPHcINiYZpr 18BQGyh78BfV+6
HHDfDS89YM+bwJu5ucWWRJyXSXgs0cgqCgEti6JVku/ptAx8ANYvUHfNuSO8BtBt
smwO4Z5zPUoGZUjh5u1iDWYlTzfsJqzxErJ1PKEhfQIDAQABo4 ICrjCCAqowDgYD
VR0PAQH/BAQDAgP4MCsGA1UdEAQkMCKADzIwMDUwNTEwMDY0MjM4WoEPMj AwNzA1
MTAwNzEyMzhaMEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAY YqaHR0cDovL3Rl
c3Qub2NzcC5jZXJ0aWZpa2F0LmRrL29jc3Avc3RhdHVzMIIBAw YDVR0gBIH7MIH4
MIH1BgkpAQEBAQEBAQEwgecwLwYIKwYBBQUHAgEWI2h0dHA6Ly 93d3cuY2VydGlm
aWthdC5kay9yZXBvc2l0b3J5MIGzBggrBgEFBQcCAjCBpjAKFg NUREMwAwIBARqB
l1REQyBUZXN0IENlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdW RzdGVkZXMgdW5k
ZXIgT0lEIDEuMS4xLjEuMS4xLjEuMS4xLjEuIFREQyBUZXN0IE NlcnRpZmljYXRl
cyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS 4xLjEuMS4xLjEu
MS4xLjEuMS4wHQYJYIZIAYb4QgENBBAWDlBlcnNvbldlYk5vRG lyMIGWBgNVHR8E
gY4wgYswVqBUoFKkUDBOMQswCQYDVQQGEwJESzEMMAoGA1UECh MDVERDMSIwIAYD
VQQDExlUREMgT0NFUyBTeXN0ZW10ZXN0IENBIElJMQ0wCwYDVQ QDEwRDUkwyMDGg
L6AthitodHRwOi8vdGVzdC5jcmwub2Nlcy5jZXJ0aWZpa2F0Lm RrL29jZXMuY3Js
MB8GA1UdIwQYMBaAFByYCUcaTDi5EMUEKVvx9E6Aasx+MB0GA1 UdDgQWBBS+tbP2
sYVEEdHJJ1VnHgXC+0WtmTAJBgNVHRMEAjAAMBkGCSqGSIb2fQ dBAAQMMAobBFY3
LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4GBACxnDSKLxJRtEx579x KaEM4AB7Np1/JC
tCjzGjqFZGaaYNeH/W3wHgGRnG4GeaxuyCDhbawgS5MY+nmdOJWfb+2rEZiBa9i/
Ab7We9mWOG7oB1k4869Urqts5m9HeZK9ZoPCyrJGilypdUeRlQ VpEa+S0C9fe6pX
zsspe8R0HgYW</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference
URI="#Id-59ef0d9b-1ac6-4fff-85cb-3f52ec95c47c">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>uqy5qDS9I/8vSuM00ebN0+vCIxo=</DigestValue>
</Reference>
<Reference
URI="#Id-4f88de95-2818-4696-9b99-6c1878f40851">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>O7u6Daxi1ke5vupMlgHdGORBy1E=</DigestValue>
</Reference>
<Reference
URI="#Id-c5e4d24e-2532-4820-b238-9334f791506f">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Zznc1ReLvcyzDx+P73ppq6aaJ/w=</DigestValue>
</Reference>
<Reference
URI="#Id-cb2af9ee-2477-489c-ad0b-df86e06bb4b8">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>dvCP95TeYfLloJ3Ne80YQ0ZSteU=</DigestValue>
</Reference>
<Reference
URI="#Id-87e6da6d-6ee1-4d0a-9da2-d27e1bd321a9">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>NjGSdyqOqeb7k0/bBNWeYhE4T9A=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XQuAWP/6cgqzpffggXzAvMkiQ5Jf4gYqj0avc9gPuKt+TnD2lW0Bmn/SUSZGqsUnseN8OwoR6uOKDBMn01xfBA/k3FR08df77s7poYHoHdgCQVTyjqDDxiqo9Fs3+gWKlTv+Bd/fLlBNoxn+pt10ge4p77zh2icUoUCayQCUk9g=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-fc43cebf-ae98-4796-a099-026e4385c96b"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-59ef0d9b-1ac6-4fff-85cb-3f52ec95c47c"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<SendPackets xmlns="https://ei.sst.dk/">
<Packets>
<SoapPacket>
<SoapData>testdata</SoapData>
<Found>false</Found>
</SoapPacket>
</Packets>
</SendPackets>
</soap:Body>
</soap:Envelope>
--------------- END SOAP/XML ----------------