In one of the projects that we are executing, we are facing issues in WS
Security interoperability between Java and .NET web services. I will
describe the problem below and would like to know if any of you have faced
any similar issues before and the way to go forward.
Problem Statement

We are building web services enabled with x509 certificates in .NET
platform. This web service needs to interact with an external web service
built in Java platform through secured channel (https). While doing POC we
found that .NET WS is not able to validate the SOAP request signed by the
Java client. We are using .Net 2005 and WSE 3.0 and Java client is built
using Tomcat and Axis 1.3. The exact nature of the problem faced by us is as
below

The only signature found in the Java client created SOAP request is on the
Security Token itself i.e the "KeyInfo" element. The Security Token is
embedded inside "KeyInfo" element as a "SecurityTokenReference". However a
..NET client seems to be embedding the Security Token in a
"BinarySecurityToken" element within the "Security" element and the
"SecurityTokenReference" element simply makes a URI reference to the
"BinarySecurityToken" element. Hence the WSE 3.0 Web service refuses to
recognize the "KeyInfo" element throwing an error "Security token could not
be retrieved".

It would be great if you can let me know whether any one of you have faced
similar issues or your inputs on how to resolve this issue. Please let me
know if you need more details on the issue

[quoted text, click to view]

Which library are you using?
SAAJ?
or Axis / Axis2?


--
Happy Hacking,
Gaurav Vaish | www.mastergaurav.com
www.edujini-labs.com
http://eduzine.edujini-labs.com
-----------------------------------------