Empty Namespace in SecurityTokenReference tag #45
Description
Hi,
I'm trying to call WCF service using WS-Security (digital signature). I've .pfx certificate and I've converted that to .pem using openssl command.
Initially I've tried out a lot but unable to get response from service. After that I've noticed an "empty namespace" is formed in SecurityTokenReference tag under singature section in the request.
<o:SecurityTokenReference xmlns:o="">
Request
<KeyInfo>
<o:SecurityTokenReference xmlns:o="">
<o:Reference URI="#sec_0" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
I suspected that, this is causing an issue. So I removed the empty namespace (xmlns:o="") and tested the request in SoapUI. I am getting the response from service.
So I made a workaround to fix this issue.
I manually added namespace in SecurityTokenReference tag in WSSKeyInfo() function in the signature.js (ws.js\lib\handlers\client\security\signature.js) file.
<o:SecurityTokenReference xmlns:o="http"//docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secret-1.0.xsd">
Signature.js
function WSSKeyInfo(signingToken) {
this.getKeyInfo = function(key) {
return "<o:SecurityTokenReference xmlns:o=\"http"//docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secret-1.0.xsd\">" +
"<o:Reference URI=\"#" + signingToken.getId() +"\" " +
"ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\" />" +
"</o:SecurityTokenReference>"
}
After this fix I'm able to get response from service.
Is there anyway to fix this issue by modifying my code without modifying the package files (signature.js) ????
I have attached my code here
Code.txt
Thanks.