none
Cannot read the token from the 'SignatureConfirmation' element RRS feed

  • Question

  • My WCF client is talking to a Java web service.
    We have a customBinding for MutualCertificate.

    The service accepts the message from the wcf client and returns the correct response- but the wcf client throws an error:
    Message security verification failed.
    Cannot read the token from the 'SignatureConfirmation' element with the 'http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd' namespace for BinarySecretSecurityToken, with a '' ValueType. If this element is expected to be valid, ensure that security is configured to consume tokens with the name, namespace and value type specified.

    The response SignatureConfirmation looks like this (slightly edited to avoid smiley!):
                <wsse11: SignatureConfirmation
                    xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                    Value="..."
                    wsu:Id="SigConf-19999..." />

    There is no BinarySecurityToken or ValueType in there. This is apparently valid for their other non-WCF clients, so I somehow we need to, as the error message says, configure to comsume these tokens...

    Any ideas how?


    Client config (abbreviated):
    <security defaultAlgorithmSuite="Basic128Rsa15"
           allowSerializedSigningTokenOnReply="true"
           authenticationMode="MutualCertificate"
           requireDerivedKeys="false"
           securityHeaderLayout="LaxTimestampLast"
           includeTimestamp="true" keyEntropyMode="ClientEntropy"
           messageProtectionOrder="SignBeforeEncrypt"    messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
           requireSecurityContextCancellation="false"
           requireSignatureConfirmation="false" />
    <textMessageEncoding messageVersion="Soap11"
       writeEncoding="utf-8">
    Wednesday, August 6, 2008 10:12 AM

All replies

  • Hi!

    Can you attach the services.xml and the whole client app.config?
    Maybe you have a problem with the certificates or the client configuration is not corresponding to the service's.

    Regards
    Friday, September 5, 2008 10:58 AM