WS Security interoperability between Java and .NET web services(Urgent) RRS feed

  • Question

  • In one of the projects that we are executing, we are facing issues in WS Security interoperability between Java and .NET web services. I will describe the problem below and would like to know if any of you have faced any similar issues before and the way to go forward.   

    Problem Statement    

    We are building web services enabled with x509 certificates in .NET platform. This web service needs to interact with an external web service built in Java platform through secured channel (https). While doing POC we found that .NET WS is not able to validate the SOAP request signed by the Java client. We are using .Net 2005 and WSE 3.0 and Java client is built using Tomcat and Axis 1.3. The exact nature of the problem faced by us is as below   

    The only signature found in the Java client created SOAP request is on the Security Token itself i.e the "KeyInfo" element. The Security Token is embedded inside "KeyInfo" element as a "SecurityTokenReference". However a .NET client seems to be embedding the Security Token in a "BinarySecurityToken" element within the "Security" element and the "SecurityTokenReference" element simply makes a URI reference to the "BinarySecurityToken" element. Hence the WSE 3.0 Web service refuses to recognize the "KeyInfo" element throwing an error "Security token could not be retrieved".

    Wednesday, January 31, 2007 6:49 AM