WCF Client Verifying BinarySecurityToken in response

StackOverflow https://stackoverflow.com/questions/12528115

Question

I am writing a WCF client for a third-party SOAP service (on a Java backend I believe) that uses SSL transport, mutual authentication and digital signing.

I have established the connection via SSL and am signing the request correctly with the relevant client certificates. The request goes through successfully and the third-party has confirmed the validity of the message that I am sending.

However, the problem comes when we receive the response from the service. The response comes back with a signed timestamp and body. There is a BinarySecurityToken and a SecurityTokenReference with a Reference field of type http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3

At the moment, I am getting the following exception from the client:

Exception encountered: System.ServiceModel.Security.MessageSecurityException: Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.

I am currently using a customBinding configured as follows:

<customBinding>
  <binding name="Custom">
    <security
        defaultAlgorithmSuite="Basic256Rsa15"
        allowSerializedSigningTokenOnReply="true"
        authenticationMode="CertificateOverTransport"
        securityHeaderLayout="Strict"
        messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
      <secureConversationBootstrap />
    </security>
    <textMessageEncoding messageVersion="Soap11" />
    <httpsTransport requireClientCertificate="true" />
  </binding>
</customBinding>

I can't find any information on how to use this BinarySecurityToken to verify the signing of the response or even how to configure the client to accept "Tokens of that type"

Thanks in advance for any help or suggestions,

PhilHalf

Was it helpful?

Solution

It turns out that by changing the messageSecurityVersion to:

WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10

has resolved the problem and I can now process security tokens being returned

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top