WSSecurityException: An invalid security token was provided (Bad ValueType "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")

Solution Unverified - Updated -

Issue

  • When using X.509 certificate authentication with WS-Security, the error
org.apache.ws.security.WSSecurityException: An invalid security token was provided (Bad ValueType "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")

the client is trying to provide it's key with the following input:

<env:Header
    xmlns:env="http://www.w3.org/2003/05/soap-envelope">
    <wsse:Security
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="true"
        xmlns:env="http://www.w3.org/2003/05/soap-envelope"
        xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
        <ds:Signature
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-884">
            <ds:SignedInfo>...</ds:SignedInfo>
            <ds:SignatureValue>....</ds:SignatureValue>
            <ds:KeyInfo Id="<unique identifier>">
                <wsse:SecurityTokenReference wsu:Id="<unique identifier>">
                    <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">*****Some Encrypted Value***</wsse:KeyIdentifier>
               </wsse:SecurityTokenReference>
            </ds:KeyInfo>
        </ds:Signature>
    </wsse:Security>
</env:Header>

Environment

  • Red Hat JBoss Enterprise Application Platform 6
  • CXF web service
    • WS-Security

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.