WSSecurityException: An invalid security token was provided (Bad ValueType "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
Issue
- When using X.509 certificate authentication with WS-Security, the error
org.apache.ws.security.WSSecurityException: An invalid security token was provided (Bad ValueType "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
the client is trying to provide it's key with the following input:
<env:Header
xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="true"
xmlns:env="http://www.w3.org/2003/05/soap-envelope"
xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-884">
<ds:SignedInfo>...</ds:SignedInfo>
<ds:SignatureValue>....</ds:SignatureValue>
<ds:KeyInfo Id="<unique identifier>">
<wsse:SecurityTokenReference wsu:Id="<unique identifier>">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">*****Some Encrypted Value***</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</env:Header>
Environment
- Red Hat JBoss Enterprise Application Platform 6
- CXF web service
- WS-Security
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.