[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[higgins-dev] a nugget of information about xml-security
|
Hi,
I just spent couple of hours debugging this and would like to share it.
We are issuing tokens that contain non-ascii information - in our
case
the subject name identifier was "ัะตัั" which is "test" in cyrilic script.
The token validation was failing client side even though i was
certaion
content was the same. Then I discovered the problem is in xml-security
library. The STS uses xml-security 1.4.0 and my axis2 1.4.1 client
was
using xml-security 1.4.1 which generates different digests. I guess they
have changed (fixed???) how they calculate digests over non-ascii
characters. Whatever the cause is here is the compatibility matrix which
i tested:
xml-security
1.4.0 (sign) <-> 1.4.1 (verify): not
working
1.4.0 (sign) <-> 1.4.1 (verify): not
working
1.4.0 (sign) <-> 1.4.1 (verify): not
working
**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
**********************************************************************