Skip to content

Instantly share code, notes, and snippets.

@gmazza

gmazza/MetroSTSWSSecureConversation.xml

Last active October 7, 2015 16:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gmazza/3191480 to your computer and use it in GitHub Desktop.
Save gmazza/3191480 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
MetroSTSWSSecureConversation.xml
// Metro WS-Trust calls using WS-SecureConversation between WSC and WSP instead of SAMLAssertion
// Results below via Wireshark (http://www.jroller.com/gmazza/entry/soap_calls_over_wireshark)
// Technical background : http://www.ibm.com/developerworks/java/library/j-jws15/index.html
// Tutorial: http://www.jroller.com/gmazza/entry/metro_sts_tutorial
// First step is the Metadata-Exchange call to get the WSDL (omitted for brevity but see here:
https://gist.github.com/2790055#file_metro_wsc_metadata_request.xml for an example.)
// 1. SAML Token Request
POST /DoubleItSTS/STS HTTP/1.1
Accept: text/xml, multipart/related
Content-Type: text/xml;
charset=utf-8
SOAPAction: "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"
User-Agent:
Metro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000) JAXWS-RI/2.2.6 JAXWS/2.2
svn-revision#unknown
Host: localhost:8080
Connection: keep-alive
Content-Length: 9935
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">http://localhost:8080/DoubleItSTS/STS
</To>
<Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<FaultTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5003">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</FaultTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">uuid:e48e6afc-4ab1-4df8-9d78-b636c6d7f1f1
</MessageID>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">
<wsu:Created>2012-07-27T19:29:14Z</wsu:Created>
<wsu:Expires>2012-07-27T19:34:14Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5002">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>EMAILADDRESS=tomtoken@sample.com, CN=Tom Token,
O=Sample STS Key -- NOT FOR PRODUCTION USE, L=Baltimore,
ST=Maryland, C=US</ds:X509IssuerName>
<ds:X509SerialNumber>13809927965515954458</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Q9ZZkUA+Ttou9A9h1JMGldxZpop89gsMY7xSL/9uNubC5Z/Xd3i7EgShqvzbKHpgvkB6CswAT+G6q4CRGcGjEn9yVF6WI+BDiZYUXTGPGfgn3eMtOiIZIOXAy2fcmstMeY4g3Z/Cf+9DkDHfBGDEjrx+yQxvsmQZaWuRGhZfAD8=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<xenc:ReferenceList xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope">
<xenc:DataReference URI="#_5009" />
<xenc:DataReference URI="#_5010" />
</xenc:ReferenceList>
<xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5010"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="KeyInfoType">
<wsse:SecurityTokenReference
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#_5002"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>qmshrUdSsysdAnXI5E78yvQzNxRjZNTGkTdSi2pb/2GzaUvRpcjfgMK9yHRgbtagtSMqDd/QJu54oerbFOYQ/IRV4wdNmAKL+uydtePP6X6LKwNHlDsBGN4ocrgLf8X2vVpaKtzN1Vl3iG2eysddv37gpzILM7hnwt0BWWwxmwheP7/DVijGA1wC97HewA0nWZFkNyz/7fpkzJmdUlysqfVUmbty2zM3X1q2R6Tf5fs8b+TKgLfKURoFtGtBjqUaO68QXFu3CP1sH2vKfiN4Z4k+Ug5itsMl0ndoW7+5e2VUvHmktVOD1UiEBv1qSVuThYTE0OMWNTFv/+K3WAGqE5gVbKQ7j6YPHpz4aBg+ZMkSbde6+UE2cRWwLNPwUd05i3iXfamvQ3C3PlMZS14HB0kDeqG0jKgl6R8tgumUqX4/oES56bJf61H5rXFxDwf35oegNm/evCpLwCyNfICCJpTi9qH2/l6cvKxa97eA2tP9xp/ZtqD1difAviKr1h+5r9teWfl647rg2ph1wlX0qmVEI0tOqgFtSLsHdSBsA3lTjvdPw2VeqVXa0dj3B6Scr9zeO4lF+zx6s4ThpAWm3RW9AaEkugCjzLvCtGlLQykNfXHnigiOfgvjz9TsXoHj
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<ds:Signature xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#_5003">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>oYqr83ua4Fn2DfzbrAm8dRG3HPI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5004">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>GAEFnQNXGT3GQoLM1EXy/X5nwNo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5005">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>jZlSD4DKyfCtsoUmhQgapcilrIQ=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5006">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Co0pbO4ta72p7aN0rIPM4EU2y0I=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5007">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ixNlvWkr3bZvdF0oyIO4c7fmkBw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5008">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>CXnQGYhPUjpBgXfTyA4ND/BPRB4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>/oRs4Tw/2MmgO1DcLgGubdW8rnI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#uuid_84700b36-db44-40db-ac23-c3b27a0c9ef2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>y7iG+6Np7rk43kHmWOxZKziLcOU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>kMpFfsgx+tiYV89735FmDjDm7XU=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsu:Id="uuid_39e15955-930b-407a-9a80-3d917670e8e9"
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#_5002"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5008">
<xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5009"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#_5002"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>6Xb1uwTCP+8ylP976N0YOW70j/Bvqz8uKQwCjNXOksj8wiHgPYXeqJa7i2eZFmqIh1oZjTiST/4FKt0M98z7/UDGZxjhNr0y957hMLQsyGCZxJ0smOpUs2DTJEPePUKRk2RmlgL2Qns+MIJPcNXyLLE1VDmE9PY9t0sCPAdJ1p0ZMaW2L2LX/bw6NN19aIRSALVzmT51AoWhLq+7zYIuGoM8Jr/OI9AC+cjNmlp/ApkSzHjx1x8R+8Hs5xAP63FAPEnQWLz49i4E8aQYB9Cp4DwCWlYolgJlNrjIGK0o178WDQLx97pHxe0NPxN+gQaL5qAOL45FyUDO02NGkuQf9QZAWpIELi8inY13g6mc2632RsI00K+Iz03rDG8hiaCk1xfVk6MKQgKtMpi7Q25LKHeaOcYwMvtY60KxrfV11CRITvMuEInFGolmxV2+tL1IH8JDSt+QgWVPqK/2O4JHLB04xwbet+KkBcKt9Qfp7sEctk/orljrWMdrnBXiWLbGegTPgMcdsoUNPJczREfn6/rxINNCeGELh1p6eWmkO+XXNeeZOCfNrJ5suX6mNXmqOr4K7o0FBQ2UShqs82kjiwO9lI/5ZtFPkp1+tl8EOuCkLjPGyJgV8ozKZ6nRDl+uGqS7A60wbJYkesI5+xdAdDyjG9pBiGJe7nVoNmNCj3m2qHbpjmFibEIwbZsZ8ALFxIrMtML2Pi55PFXmVBZ4v9efLr400v5zfUMaslwkSvcp3Cc+IKHltAdE2hWjjv/UdConH+tvk8K/uNaYHshYbJ3ldFnuqzfcqah3YJGc5X1OXiYY5xfI/rmkxeXBy3mT7JGjGbHEZCBUVM2JWdj0HN2rh3vRFFcO0Sy9a/f/J4MOlmbkq6TKqH8g/hG1jbEHc6+l+Gt8YOszmT8mOXp8yc2Yf5AqM6UCoefs3pxTQbV9O5dNTH53iSCmETsA5Gb/yiV/xaubOvpdZpCvW5vKsocnkIWusLMmQedM9dr+tWtM0doTflfqzm411VOIOyaI8n8VitEUpEQp4wjS0dJAE1nAhp8lPZeAFY6VeQdP2ot/0fab8svFt3i26uXXGb1P8XmUXSBJHebwQZzc/w3na4RHCiHv15s+OzK3NiUr9+6viSpzFV6NMqfiM48jVjZZX73qLJLg5cM2mmyUY8ZaW8jodDAjw3OIdu3Kkcdtht4RiCFC3sHdz3PCRSZk7Wie32ec5JA9ffmAjjQYVOcnKMG6E+CNQWa4/+h/2mQ+D1twUQ2fNVoBte4v0Ra7hxT+vngSUrSZMLu/SJPuC5yBMir3tibL0fwMqxdGjm/wo1esFDu0IzY0pxIYhCLG7WmtHvPchcFU03j4BBl+AtSvQzxIRKsttGNUNuGRIKH/cVQc7vca9lnUcxUaMJ8tRxespL4xaeTnQYgDQIIAchzdXQ==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
// 2. SAML Token Response
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=utf-8
Transfer-Encoding:
chunked
Date: Fri, 27 Jul 2012 19:29:13 GMT
2000
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
S:mustUnderstand="1" wsu:Id="_5003">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal
</Action>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5002">uuid:edbadcaa-2309-435a-8355-da8c1a00308e
</MessageID>
<RelatesTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">uuid:e48e6afc-4ab1-4df8-9d78-b636c6d7f1f1
</RelatesTo>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">http://www.w3.org/2005/08/addressing/anonymous
</To>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">
<wsu:Created>2012-07-27T19:29:14Z</wsu:Created>
<wsu:Expires>2012-07-27T19:34:14Z</wsu:Expires>
</wsu:Timestamp>
<xenc:ReferenceList xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope">
<xenc:DataReference URI="#_5007" />
</xenc:ReferenceList>
<ds:Signature xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#_5002">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>A7cThFo0Q6u41wq2y6tE1KhBBTM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5003">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>e0nOtObSKc44gQdkel4fJR2+XAY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5004">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>i11WO92cYQW9nT1EOLca0mfsp9A=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5005">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Nd/8wVmBdLowQKMblBRYK+6xcjA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5006">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>51m3okqs+ODDBDFaoF8Hxd26kZg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>/oRs4Tw/2MmgO1DcLgGubdW8rnI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>vNGA9h4AGQTLrW7TeFcWMaWiaAc=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rdcSpRnDs+OD2asKgZ0wwzsjarg=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5006">
<xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5007"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rdcSpRnDs+OD2asKgZ0wwzsjarg=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>hgoGWvR40XCOqTxmUF/RwoaHiIxIAUrerH3R25AFtiYRJ6Px3DLJWmdHVV6wZY8kovLh1Avl2SfFemiiw7eU6y0B3jBYyKOS2kMH4F7BDDNXLkw30d1SS32n9bQbZd2I08Yj68sLdpgEln5lEyYzjf+pojBikdzr3enoUEgMKjC+S98p0AQCYoUl6IJA2lDeG7O5H56xbZOLraPaB07Tj7SUGr/JCq32yquejLUS/1vhNMNv1zhRoLY/7naNpcORXpioNyQujqBBal8MVW65BEYEgMdgYD3XHCLUgKG5wORiF7uIssd0J9srt8ahEfxeHiaxWXWSnPeV1wdPxueR1L2fWRzyirtsvraA5DYwue1osJo8ZryXDBaTmRc9Au0BxERHwAd5H2lK13yo3st/nN/shpzrgXCtkztqsp71xapDNygQ2m1BDGlaT9J0m4Qx/uzjInE380gmcsR4TJNYa5NoghBGzJgOw0a20GQcqVKQQecnauTlues+OHMxz+H07E9y74tkg1/dcPsOA8Phiayd2Y7lG9NQNxG196wTQPb9AQ4YVXV8V5EkYNcYsIoWUBpBYhKOqURGxgweL4BEWg4uobfq6L1aDfxcqXXMC1/RUmBi8OWoXYUP51S5XAdppsAV52zhiUPQYnw3Qvt76eJ2jKp2QCy+gWLfkSScuD7OUa6Q65Ee4O2Rsv9OYrMeVsi+RjChucTqXiWOtMSQOY8KscNZKZlsCgMZh7YMoOvMGssbq2s4Ruo0UbmiF1/Aniq3fIrR9QenicrEgX5EjPz4O1U7hAo5DqA5H8b3x7H5WVGoCGJ2iQF5Btfyp2saFrQb/26N1b1reXDtbA4K+nv5MF6d9g+e12zqpMx+Vl8l2/L+s3F23RHFN1cq50QosN+mGsJrzh5J31umZs0Bcuth1B5IkalvA1s2XAuRF3WVNBWbKbBU44yvwJMiqB5cj16LFLENzfHZXQq1prUWcxQvnRyD7WI+cAui6D2KgBrzK8YprAfioZsguoaap0uyjXRJILWevQjZtQqoxExttzHThZ8QrH1joS68PtaLdBAsKHKJX6dvmjoS6o+7jCdW/5KWYwQxNzl+rCj/yw1O/rBnYzHcOU0B5yPfrUYKDNatyjYCYAxkcyGjQu+EwZlsf9WvIbt0k2XDiHZ6aE3Kt2XBPP0bnSBlE7rMQ31FKutaeLAni+zyKvlMQvAb53H9tKfewXqIOfBadMl/hUz/zOMKOAd8dxr5WxSdaNPdQAb4En23TDpQ/tB8tt5JMMybj0IejYp2j9/5l58pr4idWQB9l33cafGjrB4aaH2+VCJrv/4K9L5YslMKrkOCLqpOdfjDKhJxZ1mADTQysSkpLVgc27ihPEcFlhk5WW2OVZBK9pZzVJhP0SS4qe38Q1F1Deoiv4FDiQef1X+6z6+55RXfcwafRXfZH+uWubE9zQ+QyG7xY56FbeSBRKK0ELkJy8xOpnvaUzDwOtzC+HqGilmH7Vv34YfbzB0iWS4AGhBGCf6JYaKKobT1QkyC+LbQpDKRyDJ3v+jbuecpWxuYYMhu5KphqdmmDKaP+rSSzt2GIE8Ix8Wjbohu+uA5PnD9o/RLDVmVJ9nVp7/ZdI4LD0UsTNEb+6AQoH69GVHwV6VDB5ALXSTRfmugExwjD8iBGYx1Mq3JBX4VA+zaUjofaV+CQJ0HQKpU71CfjTFJOlVnZBz+Smo0YTcVYWAaI9qEd67d+yfOPGo+cdtgA6bJbG6KOtpUc1dMwzHJjOChI5euQq3YsTW0FpZJ51/les5/4FcsQ2y2RESZrJaO/U5xpicsHiZUpr73yuacFS8AIdp/BqTS24M4NiZ2UEne2ukMjhbijV/rrjk3xR4L9dsxYbhrmnpumOBEsxYSUxQkyQll73Pi19rdcDBVCAbLjnLHrg8BQXBkDBsunCPC4NVDYUX4aupt5B7hlFvQAmEsJwV8dWqNCGvzjdua6C6Te5ouB5AkgKEUdhSz+B8BFwu8+WVmPbwo1rav+bfcAzcQdGPHxOXON5r7mvYJP4AQS4ztQ8WbZA9cV7hTI64tJ2gj9FSZjp0oBm2dqTHLTFOTGKy2VYAfNPxMQhn+s3YaQFF6WcQFUtk+gN7tJeYl9lL6lNv1eJGNXV8h70Kde7r20AU1D86HZz6d8D9jtb5/3u4W0zPHv8K7D1OzlQtsE4SS8+dYVoNGui2SRLnwdUsIGGTs2d4uCi/MAfdox7f89TUPllUtgkrqdzlJEcGOMI8tdCGdJd9DS7/jTsXM028s2OsVwEhUKV7uKonne4sFaC1GYcH32o1OjfjRPYWVE5OFpyFXq0bcQSnDXnEDGJOSxuTZJntwsG7/1buUwQBvlo7h+KIBGgwqR1CDOycvHKR72//HwiLvGBc3Hyia43s86iYk1z9WdSNFsg2maiy/916vzEZdioNYPH1d1+09VlXzrxfylmJ/W5c28jgldPvNFVZlQAMUEErLFhmmo7gLE7910hB91lvq7xs6R8qlyOIwawyWXAU6SVaTxDxlKZfEcEJ19UE11++vom88bwqYUpgrBWBkfoY8fCJgX9t54w1w1ZPgPEIsJTpuooKTuI2p1xU7DzJ9AyQTuulq/MxWemiytIrYxsh+6oSdf130qHURg5QFR7tczm6Rcy4d1fM3h39pTpvf3w0JZq1gOceicRqwtQYQBOWRlnsHDHY/wkYplq9PmdkuuPivDwODihmPK7QvWxsG3X27v7SpLF03jp8mqcIVHfCklIlVG36a5+IoW5lo4CKWeglWG3V5T+XIG5ElC5pHpRT+hudoozO68MIPKP/E3ZWthO8qGFK/YA88uZJ5iS/WtKl6gapctReaRfCObzZYyHi52dwRjTB2b0e+Yii/AQjTlzuEfRR4E
16bf
ARFco+7bXhQiuvAs/vltxgYa1TJuug1zxFMhNORQmsVkfaVAXiOxiwUh7RstipPNyHOXxKZvID0hdPvEa/0yxTLqqxycWSRd6QQ8Yv8AqWGFIspR7xEba62fXGhUWtiF+lPsPWovAT0kP2+niOiFpbmHKswo+ob223qe6bsvlgtynEkjxNIA7S3KVeyS1NIORL5gGZEQP7L0rntnnusQ17/dSUvgNpcdjPKAS/4crw9mQlAB0x4x0r2iTxEwaNwdFPYq8DvWnKJtXNESek8ByCe/eKJNtUVw0uErzHPnz53RIKtvFNGkc/clfVbAztpQx2mYGa1D3q73S1FR0l3HNQ0wCycctNi9j3doi1qJL1jz79fwdDC+0/emm0jNqyWMIxg7YtgPvCwKyMZgC+Mvm6FYSTywnQOtEhB37Hz8P90F3rQzVngnARDfNVZ/JzUShZ+f703AH5taDWdCur9PD9lGBk5xzDXy49IWcFsWlz+FPjWW5kZJ5cj+z1wZQ405RmgR1+7qSFbZFItqE74kFo2kwCYqdYze7gH9EGJLifOw+LNWUnlheuKUCG0yExtkJJT9O9geFZfWYrCyv/UYUKCBcKAhWeAPXyXGYbJ1726H0uqmY2bPNtO3nJJNEW8joZGn+enCLYuh5AkgQmSLyp3q1n7IdmBR8mt55Icp7y4NQ/OnLUYoHuuq7zN8oXg8yxWWsjlpkAL5HLbyr0a8OYZoW/dSovTxTP2uPaB1qee27JRMxqoPz1AUxTpKcqlq/k8xGfrZxTVKWi4LIpxh4eSYx7e194uX8E3LF6/7O0qKR/R1z0DCEbw+zJUr+WYXccGtqQtf73++0Zv3+tlMZBd5zXjDv8k1olUj1/Q/FWjO4Z2K/sK2rTFt9bN3LiBatKD/NxgRzUCGj/KUF8OeNMpeC8e5kqXv0QZoU3HuAZXL0L+BfEUVYxAuO6K/IJFAMAkLFVJQX7bcIVbW0f8T5eZUuzAoKAPcmaFJehb0vOjqK9l2zhFBIx0DZhdI9vYyeiKRBV2na583Z+fz5bZ0jAKv6Ge2tJ9toinYyrYDO8J8nGz0H0fAZLeNLyM8AQvMk+WKUOY7PNpCA4LqqyCESfBDN8UqsNyz91FvwtFlclpqbyWfmSHdeYv5x8vDFNpokVgxgcmrtoVz4rcCStf/fgy46P27qjpVNaKk9E88CIhoyEnv3zmzo6xJKx7YHD9xm/sUlmmvhSpiv1TJ+35k7J2iPsu1nP1Qx0nvAnkN8bDmCWPoc18iTHEqJOvviI9bqZGtb/CfAAstnz2SvGvJ0iXLAWy/EZUR+jer+bT3wrsvZy31O/u0/SdboyXBaKbcHpXqCNaAD1gOq0rBtHNT3h1Geni9qojjBYNA1BEFhGPxR2o+uvyxUmXZGD4ncoetPMejLZCxEJWCLoveFAg6NRq4OMWmDZof9JYJzbO0OQhvRQCikbtf2530gIPVDsEOZz+1iw2G50XOIcL31lLiJBAWChvqSzbvHGHHA5QkXngi2G0PYSv6NIjc4JuhzfwdR0FZxH8/jsoa9kz8LTheAzR3IFotDVE9S+bG4u7Zxh/rpI2qcxI7UzNrwEmdEUgVfdMPiabfd8TD02aqfHgDxwMPna2QKZSe+kEDxZ9kILLOukbAsiWMFbJAEdUdhi1fLugfL3s5Lr13KPEl6zv9lKcldIujYFGh1XY3droR355S1guCM03hLCPNjBLPF4mxImK9BMth0Bo5IBv7ccKTh3YuJpJkRkiO6/WkTzCY3idxSxXbHTsrXMZdagZxXElXTZgRsbx3N3/KV+ZCl0umR7dBe+1zvsePWPdetFjQuvB/RKOhrTOJXijrjHR/WO5xH0BzzfdIXusI1OGBUXWPfrW0vKdlX7f0OBMlSASa6BR75CDrezDogajr+qKLyix6i4Bfc4dK6zsZZz3UoYFkBQiXQnA4ilb7lnRmtl5VwUzjNi+rVCXLSMJk2/hAyE7CuOTsTlbqJ/JeHqrCHRTjYQOCW2PDQiUu4JISjyOEAzb0QEUxzNrYn+rvoKx445SI8v5g4yYxfUnvgW1ExQe19x3KdLd8vw+K2aK/E7A9P2Itj0GVdfl388YDB1kLDGkgZXQvVZmDkRKYYGLjuF194UJ2JGgqKZTfCbXVhz195nmqUsSUtbNRkWf1gJYo8PHShjQExQy6zhf95zEY1ctzVhnORE9YbyxbM0qA4cQFIUlBdcCaBWO99NhU2eDYFyLaSvVg3bconWaprGKpTl5zggQn3/SYzvSb2Tni7fGRI9RJHhqFiiArfqgBEl63QxldYFscIZXsKZaSWdzQAoYnx7mEQwDF7whvwaQddpkY1/7YO48PIhi1KhPSkRZzB+K1zyEHxDuVhExQ0VFAE2wBHsTCmZxkjI4gqJ9IZJNVD8NsEHNq48Vwf5AKt055VGhWKGElu46KWT31qAgLCUbADThIAydM16UAFVnqNjxzvyy7MvKqCG8zRhc8OqWI1fAS0kCCmTVeWss52OCroU8veKTn0Sg3e0m8/GURWq9OUUe/2fhuoVUg2JU3x5GchfPeTQwwmue60vMRtqQjbR0dAuam6TW2cO5q3TLgMo7ezQN/X82EgQMbJuMXeAu4R8x7vV6lm/z3uS5g5jCY3qF3qqKX9ySeMSpRVbaLl5567kzShcz4q77mY+m/KBV6AM3lcmFFsAFRdXaBHTSy8TVsd/zVbDN0V1Q1rfSvYs3fAXgkcLkT53nzS/E9fre0Znah38NER8YxSciHoUfyhXZC2FZ6BhPq6Tn64OZ1iyXc0Co8xMM+3iPU4hBq3Pz01+Z3G1+U9wZL/ZgAzSBuBGm9mVzusv95buOUhVFWL0b9P46RBgxrNe7XuGOtHaoWf/HvGHShUlJE8ae4QcpOo7bjlW51UvZscTZcW2dOsSIgw6ufsPksk/udgLPEwcCLccZj/Pdx44/uO4yFNFbopRT/kuxyTAactrdpTlxe4VthoCMmYNUlsxS5OU47hCZj5wRI07ePuKAKjicFKO1xJXcLFihPnla251v6rOBfD3SSNbr0woILLPbyjwsuNWW073mmlYhTERkwNFHkNV3OG+RFD6XZN+Vq5qpMitVGGweuPxmw/VejERC+6dz1k808t39KOqXE4zmKaUuQiV57EsT2Fc2q5rnmj4V7QwXc/HFF4e/l1XD5yUuG9rKOgY8d9W+Jx1ReIO7KW/rdUJZPf/iJEVQXNinybgKnToqy3GPv00yf+JtedgxanSyBFataqIbHnpyTBEvXqD1aGttWOeFUjIhEp2JqGc168F5jTsF9JD085kBu9MRxPOYdJYRdbBtGpXti0xq0OBq+wd0T9RD53435mRe0aEdx5y/g1H0L8L903Qg7WzFCprzoWqSH+k8mx4A2LbwrdXiJaM//EqzWPyQpKXhXslxD/DJRl/rdqYhJb9PGiQ2AKkk0armK9gC7rJKA66/TQRa7kDv1oCTElImuzU7tARjqjUsP2QBHej4RUXkSqYVVqkOxWUVTcDxOFxZ21sp/dBs+zHOkz7HMPvXEFM7ZmerGZNCpaSwPhwOoG5la+scJdtnrguIqBqJVPaJjiZHIfkEmO7O0zGYoeASlGHIDxBVMiBrt7xDvCVyxlXOZRqQRwEzWQwuEkYb5aIldOIh5SaLbu5fznhZEjt3xJUU4w6XHPFjaktXXYLoUwm7LDMrzw+Yw6MDD7Us2T8pLWk4LYYiSJp5espKXQSotvIIfPrf076Y5qQjM4e/F2Bz79V5V+zefU+AKT0phr9Y4Fl8lcRNl+UOLc0JxDO+jJJgln7kK+pfZQqPNqmj9ubD4hwf2O6qh+wxfuhIAn2Nnqo4VgJDNGS48oNsFpFrMm8J7zuaV4YBalbGgwhFVKNmo13ftVpCWW3HouXeKVCiWqLpuyEEraK5sVh/gXnrkvFidxZG2f8n+shozxeY9+eLAA2uzD6jzMeYfqgSG+eAT13FxqkKy6ecU9oC0qdJ1nYKYIBywlYvUDQHTFJjq8IdcVbSwovEeq3kNP6gnLgVGTefUiruLuJ6ADslRvI/m7ppoAxAIPvX/yK77Kid6T2ztjUHglz0FagUadrovtYCPVXV0oKq0GdA7gJde36WqampqlFiEL1MO9SmaBVUqi/eLLDCBXJcSDfME0Hqdjm5AKhOyIX/r2T5U0curlCzetlgjsdr1YUWqZ1A8O8MSvnPOgTzyqItYdrQkXgtKXOPQAO1nO799vKeFnrqc78/d36DfI5e52HzyB7p9xKhtR+SwaLMuLyA7xwYPOveDLGm3jmx24LrOYruHa8axEgVH3MY+0Mzr4QVOoe20qhGK0JuYf2ayi0s3vzGRSkRREDYL5rMJPx2yLx8yQQoxPbbChvREqHahvO0bOFZboQAkhm8Zvty79ICgSUHv7IzWMWP8H2JrHAKjSXemq33UOO8jxNY9E8DryA1QFAC4xFlffTxDU94vy28I5ud4VyNQHVFOG5NJ6R5fUUrGs8UaZvCPOjx5xU3H4LvdfCnbFAXjUy+0YjV9HSttF6xiKyx7TpyDp8ZZPXhiz+d2uFVlcw1bA+PbSkX3Derw2J7ixF9zfctvuN8lT38zYm1aeaymtn7S9jAANuXUnY7kGt3/XgedOOzNM5y//dwIy6edyZpEr7spKt1XVilyQIxZW0cqzBpsjbZ99Fq7Pvoy9rVRx5wkVHkd+5frwXMtw7fWElriortTyc1LTCkZa6BF5q2zwmBWYXeR4TD/IXGCN2LUcpzuBpahUe2OPMddU0fxnQvgD5Q1bjvJYD3YqjLSYWXMTFRaYSCDZvUpZk/NVWa5TSBEC9yh2vt8toQa+0N5uG0+17Dnbkmb1VHOzeluA0bixLRm7vcf4mEdlmQ1HKYNfWbU1joPao2H+k6eM0a+z4NTfArnq5JB9Ql6K4wCDrTj/qQVOPPxq26qZqlhFc6ydLP8EAcaOsjAdK59SJdndyCizYAR2kRLKHFslVBCq3LD86W+LqbjdZqzvOV4cc78Pyo37legMAZ0bqvpx7IDjFv6cCmTuarWyR69fKKfdCPTfQZtL16pjKrn0+D27CbShtvgApMXfTIDZeTzWsTXqECSLc2nCoa0CYDXsI5mUq6+KE+jDZXKfJNgw2Nkj5MHa+K2iVThjPw1JXxQx79Ysvcgh9aDWWVvVlBCyt1YnqQKNBiOjk6xp0RsGXXfoGs3ZXJsNAUllkH8D2P9+IE7v2Uuv03dCKr1s0WiIsA4RRqiJ4JOERpfj8RjQfPcmcA0Cq6nIFsJe6L6m0IREA4P2fip3E/Yokt82R5jGQUKXDABRaBqMMl/qyBD5JUcrJ2Qoipqn1joYNH7O9HLUk7GmSYYULh9GsmZVMLam41DXrMr5FFKIYkswG1DSTiBZtsZQVfPDH1y1V8mu4kfowW/YcmGYlPnpeqwqiP/EeyO84Jwe1XPdc8ZSOrXMAL3LJTS0PmiitokMmCpnqD8Qss9TqHBLzZKnN41zJUPZukQjLaiLydkKWwm9tomYHzjLPysxqtR2fYWzGeXFVzlcyfNyDI9LKZmMQOndLuSqjBoupSGn3MXhfBB4q1CT7KBLnILbmw+j/NwbZb02b4R5VLcLLXslZ/57QbP/C/b5DzZ+8p3aLLqOnutNgz9QIFWmbiQX/6Il4tBKR4H/5CpimBygvp8tSPewsGQ0yfSeAcLXkJNrBT6B8l8y6/Dr3OEqAVa23Y/ZsY2Mk3A5d6lfiR6YchjS0O
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
// 3. SCT request: This is the only time the WSC sends the SAML assertion to the WSP to authenticate; for
subsequent SOAP calls the SecurityContextToken (SCT) is passed from the WSC to WSP instead.
POST /doubleit/services/doubleit HTTP/1.1
Accept: text/xml, multipart/related
Content-Type: text/xml;
charset=utf-8
SOAPAction: "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT"
User-Agent:
Metro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000) JAXWS-RI/2.2.6 JAXWS/2.2
svn-revision#unknown
Host: localhost:8080
Connection: keep-alive
Content-Length: 10739
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">http://localhost:8080/doubleit/services/doubleit
</To>
<Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT
</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<FaultTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5002">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</FaultTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5003">uuid:493ae27e-3fe5-4fc9-99e1-653a71441e14
</MessageID>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">
<wsu:Created>2012-07-27T19:29:14Z</wsu:Created>
<wsu:Expires>2012-07-27T19:34:14Z</wsu:Expires>
</wsu:Timestamp>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="uuid-cc1a46be-a78c-4a7b-9edb-b9d806dcbdbf" IssueInstant="2012-07-27T19:29:14.637Z"
Issuer="DoubleItSTSIssuer" MajorVersion="1" MinorVersion="1">
<saml:Conditions NotBefore="2012-07-27T19:29:14.637Z" NotOnOrAfter="2012-07-27T19:29:50.637Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>http://localhost:8080/doubleit/services/doubleit
</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:Advice />
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier NameQualifier="http://sun.com">CN=alice
</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key
</saml:ConfirmationMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:ns5="http://www.w3.org/2001/XMLSchema-instance" ns5:type="KeyInfoType">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<ds:KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">UIqxhbscD43w9J953IzaFDUj/No=
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>j+2wJszQ61mDHi0noQ5o72A7dRPS9KuU2DFuwGtvQlLRuxCORvUNMzykLBzNfpr2IMw7B2K7KcDQ
z98V4APnhe5A//aBuML6inBkuol4WAOTUQ1E+jowvtKzIjlbAtP0elyMG7tWsf+4GbNUk56babTk
h2UdQnDr4485pWyX4hs=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="token-requestor"
AttributeNamespace="http://sun.com">
<saml:AttributeValue>authenticated</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#uuid-cc1a46be-a78c-4a7b-9edb-b9d806dcbdbf">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>lMa7Pwo7awl6bbG0PB8Cv+Gjbac=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>eHWBahs7vRaAvbshShS+601Uy9H0DISVexPp1fxKO0ngqIF13qygruQkraa8azX/ZSWQRwYfrA9z
eugQzmXj6jT1wZsjnLZH2yPwayOhg/UyklAAqStFcfG2C91FFX7tj+W5Zg3XsSlx6yCKTQrFenAp
czQQnZVbo0vJX3957f8=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDyDCCAzGgAwIBAgIJAL+muFEGT7kaMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJVUzER
MA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTExMC8GA1UEChMoU2FtcGxlIFNU
UyBLZXkgLS0gTk9UIEZPUiBQUk9EVUNUSU9OIFVTRTESMBAGA1UEAxMJVG9tIFRva2VuMSIwIAYJ
KoZIhvcNAQkBFhN0b210b2tlbkBzYW1wbGUuY29tMB4XDTExMTAwNzE2Mjg1N1oXDTIxMTAwNDE2
Mjg1N1owgZ8xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDESMBAGA1UEBxMJQmFsdGlt
b3JlMTEwLwYDVQQKEyhTYW1wbGUgU1RTIEtleSAtLSBOT1QgRk9SIFBST0RVQ1RJT04gVVNFMRIw
EAYDVQQDEwlUb20gVG9rZW4xIjAgBgkqhkiG9w0BCQEWE3RvbXRva2VuQHNhbXBsZS5jb20wgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOt5eoh1UkPJXpONsYXdjfeNvKLmXqkCvG8i71WOicLA
2XxhCFHHeL97aPpzx0FavzdN2RMMTi5znS7A1bSSkzbgzrkmM/EP3FKIplPSFjNxIxb6suSHJjXB
xto7GbW7X6uQ1OY//jPwO94eYy/my9NKTbUO9zqYx257oY/kiPjxAgMBAAGjggEIMIIBBDAdBgNV
HQ4EFgQU3jcGsGCCu8KiPH/qrN4Gxt6X/JIwgdQGA1UdIwSBzDCByYAU3jcGsGCCu8KiPH/qrN4G
xt6X/JKhgaWkgaIwgZ8xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDESMBAGA1UEBxMJ
QmFsdGltb3JlMTEwLwYDVQQKEyhTYW1wbGUgU1RTIEtleSAtLSBOT1QgRk9SIFBST0RVQ1RJT04g
VVNFMRIwEAYDVQQDEwlUb20gVG9rZW4xIjAgBgkqhkiG9w0BCQEWE3RvbXRva2VuQHNhbXBsZS5j
b22CCQC/prhRBk+5GjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE2PO9cvhbVpMLnj
5WXPgeFXFz+4GJ5+oRO62oUmWCQoTZ7pEP8qVIG4k6QA+MDgCOPnlNQc3xm+g3GeIva4kPMaSFFC
vr166isT/Q9IBmw/d73ySoeJYgCoF/wmFnsJB4IThBYWaXMcf6LJG5jV5LGgstiale2AtneA0Rbw
2fI2
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
<xenc:ReferenceList xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope">
<xenc:DataReference URI="#_5008" />
</xenc:ReferenceList>
<ds:Signature xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#_5002">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>q3OhGHNaPipxPuCMjJC+PyT68TI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5003">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>WSFCe99g/+V68BHgVOCHFzBnx3U=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5004">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>5Ab1ebo4/FraGgck/A8iDx1J9+I=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5005">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>NDSBwkh1pMA///hK+GSbu9ryJhA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5006">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>cPjyqXVnsyhmWgUM6Ef5CjFhEYI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5007">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>uY4ta0zfxNRKq9rhq1GIv5mmpiw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>/oRs4Tw/2MmgO1DcLgGubdW8rnI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>PLq8mKgJwmdatO8RsqzsLP0u6h8=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid-cc1a46be-a78c-4a7b-9edb-b9d806dcbdbf</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5007">
<xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5008"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid-cc1a46be-a78c-4a7b-9edb-b9d806dcbdbf</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>TOXgfMlDaHK0ZYKGy9Uuu4JIisGDBAdf+quR7RK69LDtWKR0dLVwnFtiqnXqlyp3tW1BvcWJgnWL3mIZqFNWAt4/0eZXOTgffuqKyuvuVesH2mvp2Tl1xjgt2Ae7Hasjm2ZOahoVJnmPNlltHF72Cpgp47dR94VfgymLIg+q5hvFBTY7ltsKd7u9yOdG8ZMxlBD7kpVcr7ePTG15K7y/sheSQs3SLb2JhwhVd/qbrUNhsCamGKht1w8ijfXUcDGsYJWwzh2tz0Rr8+OYr9ttSzUzF0hCWsEWC/O9ey7po44zz4knkNuknVYBWa5rdS7sspQJfO3R+WrHnBKJUWHqpOwHwMZGQm6FxfjORMIROnKgBTwUuEwfP3jijAhGszz2oF6+L9QMmMluP3cj1oexr6zRv28Qq72ya2PG2IXJLFFNiXwjHnkGFeDm8L+x2+0L7JqGARGdW8ZQEdvY3LCl4YZMS41unlpPWBTYdUtWNu3JcX9+NNx4WlsI17ZY0MMRVZrGjgR553RKtA8Xd96kDePoKmUCH5n2bN/uL4FU3VYWzemVgxIj2N9oKhUbWRpZMvPKBEq7HmeZkRxVEdSHF1eBlF+Osj48FFVVDVqdohwj6ZnPoE5MzhF4uWGF2p7Z3PcxLaBxhkmdyicZlldVtYC2XSm8PcGfqxLcfg1CPiTR0HPQN1S9VG1FrXnOeHwZxT19DtnGVcjriW/mcimXHwMlsKnUUsaQtkdEGqGBbY9hm98nlKdFoNyvzLKyN5+2JRZ4VovtmaWPQtqaVllIy+ww7RRGm64wjkCGfkcai1iPZvoxmkSxAx1+IbHvVFaKtSBCc9KCJ4V5Jhog3LQkw5qjkmZBCnlotZNGzvVrKveF0D7kRtOULwq2Wqmf45I5pjvgLD8op3hW9Pcai8AAywhNhCDMHq76F8wRsq0I3HefBf0I1ViPHDr8KmaSSukj
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
// 4. SCT response:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=utf-8
Transfer-Encoding:
chunked
Date: Fri, 27 Jul 2012 19:29:13 GMT
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<S:Header>
<Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5003">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT
</Action>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5002">uuid:7583610b-3bf9-4529-81e5-85033cfde9df
</MessageID>
<RelatesTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">uuid:493ae27e-3fe5-4fc9-99e1-653a71441e14
</RelatesTo>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">http://www.w3.org/2005/08/addressing/anonymous
</To>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">
<wsu:Created>2012-07-27T19:29:14Z</wsu:Created>
<wsu:Expires>2012-07-27T19:34:14Z</wsu:Expires>
</wsu:Timestamp>
<xenc:ReferenceList xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope">
<xenc:DataReference URI="#_5007" />
</xenc:ReferenceList>
<ds:Signature xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#_5002">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>j7IXvfHah1ZkaBT95uG831rvVUE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5003">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>So0tzYlrNYzBu49jKEIXqduBCS8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5004">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Z8CfjnqGqnyC5gfdmtNLt+msy8Y=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5005">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Nd/8wVmBdLowQKMblBRYK+6xcjA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5006">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Rtv+0Pthc7sGT50sp7zWnB9mCzI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>/oRs4Tw/2MmgO1DcLgGubdW8rnI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>71hE3qutafljTIIkjK8GLhXUqNY=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid-cc1a46be-a78c-4a7b-9edb-b9d806dcbdbf</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5006">
<xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5007"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid-cc1a46be-a78c-4a7b-9edb-b9d806dcbdbf</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>zR5bcAOwa86bS9l+QFGjaONiZLJGO8FiKfCI88KFFb1/oIYyNnS5G2ibZqteFRToonlIzyhhF0xfGUybJPIPP3Fqt13pwE3Dah8REt85Km70+EKrdDYMZFmYc48W6G2ZHJKTnYj5Uwgns0Zz79dp11O2sujvWGNVXEyp4R3+bqvONxDjXosPlqF0I1M/VIFYwpvwW4ziKjqTPU9cTMsy0Fe1RaFVFD6A3Xjz9B5pCjnYpUo83z7e7RjY5PrFovVc3al2Nf3p6gJMnFrfy9Ory+aXbLP5caN1J/3yA33trFTOPt777zvXD5et6MeHlL5H6wHnQaNhYXpSm4yY6yzjM837nNijoAAlPBHYlm75Y6LhkZNHHziyhwSkE5+iP83oeeMWbHD7VkZn35eOuBNChxRes57R4vAOqiV4k3MIZ/1w2LC8FUOOYBgrBY+pbqjbGt58SefzmTcMQb0xh0EEv0U1bXMT7Dm+GaznvDXYD8RH21yWM0EwkEhfuiTuDCNLp0tDsQe108QdUhhPhucspKJDOOUzK8PXZTAY2r8+XFiIpM3xW+nriykxvVKcajrGBl9YCiz5Yqaq7W9uYbFG+Wa8SeRe4qTlofgUzEco6VlCcxBV8J5Db0vlp9P7o+nBAUe6IngwIRbQ9k4WNmRy7Dh3pXSri5fDKCDIFXkLkIEmzQgKJ0YJT+iu0YH3iYK4xRvXMdjzhUHidln3PB47oetMVGmln6/AzdCHc8jXTMU2/NIf9yRcFCqHpj0uCTHzhYUlNt4tHJnfbivBpFSDDbd8q55CdAPnai2CbRpi2bXX6PE63036gQIKnhXsMGEB0QapA24++pLo5zs6dAd7aSSFuK9ktC0LSta0jBIb/JjSiliLCU6TOqV78T/dYBY9RB21d1b2vna1J6a0Mj7++dHwuiT81ApflWVDBGj2nQJbaz/9mjQnB31iB1yuSW0j+myIw3XexH695y5EQhVjqlxpjDQlEUzShTNi8ow+poeKoFO11UECzt7R/vjFaekzrLsblMaOEX4IBCgG4ni4ckun76/REXOUbMIkEyDtL7sAwieTQQGD6vSczzkR3S+wr+heX2Jj5XS0UDfIaNYDtUoYXCK1/9vN9IzKkiMBhqQji13medTfCQTCFXGJmDP/iI37bwKqu9qwJMsRP6qJhOu6WsrVEFjZYPtiqsG+6FSDFT90lc2D9BlVzjqKpB1vhw2A7KX2M4K+aS+sipIf6Z5GLUzqVtYs2V0Q3LMkL/bKLGxUnoWbVYIhfa4eE1eyIZzfi+GttSeONB7LW0iMqhBiyiV9QFhlbtGHG1YO/Qb1OcK722WMmsifWkcnmzviFxMT0H3ikVt/3snmVCpdoQG2Grvkg77CtVZ+BBVE3/MOAoqHjupKWWIDTd1zi+EaW0IIDVq4NykQwZsPrSYNgtCBOKUvNLN3GnxXONH9wsND5qOVAmkHOGbShHzBY9+Y/hnApSohDUVr20ZNI7Vdvbxpu6avqwsGwWoIUnXh4cInLW6XA4yio80zkWSfenIE1kTv/R08sCjmdKjlkW6Ckkdon+KQQbZfOI8aIPbaSXevrgefVYf4XuYr954taOB+qKvamHVURSkvVD4eVnxuBkhg/xvyibZZgmDpJvf54z09GHqXIy9EsNXt+WCEzux65wSvXlLZNJefhun5+Abx8w40eWX/HA+ML7bQv5ttdKO6kenkHWVs50UvWnj7+qmsOyOdE3kTIpURc+GjOu/4MNahwiKIM/a2qjnPqjngzk7UkPeyGDeSWqnny40MhK3n1bmKxBli33QU741qbRjNNyEm/pB2OolcLiSq+MV9kY7G/oDBKh12+Tl7KvBHXO/pyutPrfwiNAATkVnw6Gvu4FqgEY+MjCbeUeXwPPugX/i87jG/IUspUX0dRQLtPmElnJEgaWthqk2WSxI+Cft1jb6IbUCcVYZyIpgJQUqorx2lShn5q1aJGKOb545FotPRw14isVRT/jB3ZNquEhTrvbLLC9TjMGBMaKB881QbzM+T78a7J4exuMM6dhbiB6M6ZMoRtC+BvoauXfsjuA0lDwi6iEXh0CtasQc3RukHLiFjlIJg5X0o3w03XfXGXoSAFxvngFrnJpMWhrSsQrXzCaVAcbwUwcTHSiKgmT/TAzMQu27OmvQvmWqx7w3YEHcbXIuxMXSTH6NzH6doZwDpm5VEVnLr3+vmCJgFEC2VyRJJbX64kbglS8ATrGgbp2u2+tANVZotGJ3je4pPf69z4ckr1TLXzL62iJzqOOAx/ZtkQrDRfqDVFuMZpt4wCGPuHYBqHfvP0aU3ufw4jfPHYv/MlgIYL1+WZ/36tqE9QO8xMJCCT4BmVr5g5i959lG7omL+8szPA4THFWdoTp5HQxCIGaAcsKnSLQkJdMNmftuxHIxD01u5j0efI2+kGehH7igRNADNvj07z/V1EbnKy8HJ4ehh9uYoLDj2n0noL40Guzm8II89GJJSdlCte+eYflRmgvI+hiUt5Fi/t+eKQ2946MroeG/Nrpijood9ayxmZTPv4rOGC2u4Gj8TO0aKXfIhKpONTFKTJZlicYY7VTxddJ4lMWqrB7oeGBzstQw6rQXRfbwDEshNHBm4iVa+WZy32Z+Dbegb11V7DdC7ZcVk7Kd2MulE6VLpXeTt+eyd7gOG6s9Slsik5Ie4J4TPpE5eRqajFH1w10CwWBspOjy8KhaDQI6TLtAGYxVQHkFEVGnQF9pfrdAl5SmNJRjd26V5I463lSbQwxjGUmYj37Yxytr0g5JhNpiqpZ8x8zLN+HeUBGvjJBXIAUA90O5PS55qi+Lf1Nkir/tXLvka/Ulez4/808etJS74+5wfJyg=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
// 5. 1st request for doubled number; note SecurityContextToken and not SAML Assertion sent, and SCT
used for encryption by listed DerivedKeyTokens instead.
POST /doubleit/services/doubleit HTTP/1.1
Accept: text/xml, multipart/related
Content-Type: text/xml;
charset=utf-8
SOAPAction: "http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest"
User-Agent: Metro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000) JAXWS-RI/2.2.6 JAXWS/2.2
svn-revision#unknown
Host: localhost:8080
Connection: keep-alive
Content-Length: 6955
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5008">http://localhost:8080/doubleit/services/doubleit
</To>
<Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
S:mustUnderstand="1" wsu:Id="_5007">http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest
</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<FaultTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</FaultTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">uuid:ad19b3e8-360c-4340-b511-f66675ae1874
</MessageID>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_5">
<wsu:Created>2012-07-27T19:29:14Z</wsu:Created>
<wsu:Expires>2012-07-27T19:34:14Z</wsu:Expires>
</wsu:Timestamp>
<ns19:SecurityContextToken
xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="uuid-7fc60f37-eb5a-4f35-96a6-15af2bebf7f5">
<ns19:Identifier>urn:uuid:fdc34de2-4504-472b-ad1e-d3c8fba569b3</ns19:Identifier>
</ns19:SecurityContextToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#uuid-7fc60f37-eb5a-4f35-96a6-15af2bebf7f5"
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>24</ns19:Length>
<ns19:Nonce>sbOd6NsCDbYrmzzRUyvu86+2</ns19:Nonce>
</ns19:DerivedKeyToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_4">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#uuid-7fc60f37-eb5a-4f35-96a6-15af2bebf7f5"
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>32</ns19:Length>
<ns19:Nonce>AXfrprCwRMFZc3YkXaTKW8aI</ns19:Nonce>
</ns19:DerivedKeyToken>
<xenc:ReferenceList xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope">
<xenc:DataReference URI="#_5012" />
</xenc:ReferenceList>
<ds:Signature xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#_5004">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>hBJugkYVOYpH1mZAJLjBtOr3iYg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5005">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Jstv1vZYSbO+MMG4WomTp34xsWQ=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5006">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>nd8B0+bZuJwz3kdPWZ9XTNye7Ro=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5007">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>jf63rntDQ4DUYK4JbkQXQPBlVYs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5008">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>uKowBlUJ2poXz2GKMUuZ8JChyX0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5009">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>3yh7IKRGZDQc3gACby6DRbq2qko=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>BF350b6AnvdviVGICroc+DwcraM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>8DFcVyASeh+SSeqgQGNNO47Ts2g=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsu:Id="_5003">
<wsse:Reference URI="#_3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5009">
<xenc:EncryptedData xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_5012"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>nG0aUO8QS1/NGnN82tGxr2o+AxTavtIWDfj9c+fCSQ189wZyxzjKb5EICP0svAPNpefisCdCl1/ECJi4GpswxlcbGGjV4WGpjittlQRpCu2jpXbb1n6jJCsh+e6jhGtIlUiMcdTIGnCPzigp8w1oEu6Gfie7/+06tyIv6hLPxr1xBJbGRqHdpCzsrU2rJTLy
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
// 6. Response for doubled number; note SecurityContextToken not sent but referred to via ID in DerivedKeyTokens.
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=utf-8
Transfer-Encoding:
chunked
Date: Fri, 27 Jul 2012 19:29:13 GMT
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<S:Header>
<Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
S:mustUnderstand="1" wsu:Id="_5005">http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItResponse
</Action>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">uuid:fd5009b0-6661-426b-b927-dbb7ebbf325f
</MessageID>
<RelatesTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">uuid:ad19b3e8-360c-4340-b511-f66675ae1874
</RelatesTo>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">http://www.w3.org/2005/08/addressing/anonymous
</To>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_5">
<wsu:Created>2012-07-27T19:29:14Z</wsu:Created>
<wsu:Expires>2012-07-27T19:34:14Z</wsu:Expires>
</wsu:Timestamp>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">
<wsse:SecurityTokenReference>
<wsse:Reference URI="urn:uuid:fdc34de2-4504-472b-ad1e-d3c8fba569b3"
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>24</ns19:Length>
<ns19:Nonce>5LBUW0FkTv0o+urN7okagkND</ns19:Nonce>
</ns19:DerivedKeyToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_4">
<wsse:SecurityTokenReference>
<wsse:Reference URI="urn:uuid:fdc34de2-4504-472b-ad1e-d3c8fba569b3"
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>32</ns19:Length>
<ns19:Nonce>NZsxhwlgQ+e5EpfS/bEdWKLK</ns19:Nonce>
</ns19:DerivedKeyToken>
<xenc:ReferenceList xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope">
<xenc:DataReference URI="#_5011" />
</xenc:ReferenceList>
<ds:Signature xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#_5004">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RpMdVOblzCw7Qt/k/G/s0spNkj0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5005">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>CDFgVNcYLPA/vMlUS2SY/Fixdlw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5006">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>wsieKnxPI13q/ES7eITf4C+96O4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5007">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>iImH/BxkwjSnqsa1XgdAZxFS5nw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5008">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>F4pPe0vDLP0bCyHv62IqFgcYn1I=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>BF350b6AnvdviVGICroc+DwcraM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>nybw8Gsn8uY8iSOs4Y5fK0OYOdM=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsu:Id="_5003">
<wsse:Reference URI="#_3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5008">
<xenc:EncryptedData xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_5011"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>QTCroFwmzh+WS1bPr2rfXI8fhcfcBR998Zae2/Nf2IO6SQrN8h4CGXRLokNjzWnbPR4Z9mAo6mo4oGCJDnCD5XCriuy8fLOzF/EjdgZDq8t2W71+D6p84D464q9FXk8GmMJPMvfwFDN5HLvIhBtM+1b2pmeCRaz04bJ477gmqI1eIW4t2VPuuYOB4A/u8bXoR5o9it0qqyWSL8ll0EAnEw==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
// 7. 2nd request of a doubled number. Note SecurityContextToken has same ID as previous request but different
DerivedKeyTokens
POST /doubleit/services/doubleit HTTP/1.1
Accept: text/xml, multipart/related
Content-Type: text/xml;
charset=utf-8
SOAPAction: "http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest"
User-Agent: Metro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000) JAXWS-RI/2.2.6 JAXWS/2.2
svn-revision#unknown
Host: localhost:8080
Connection: keep-alive
Content-Length: 6955
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5008">http://localhost:8080/doubleit/services/doubleit
</To>
<Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
S:mustUnderstand="1" wsu:Id="_5007">http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest
</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<FaultTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</FaultTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">uuid:48936e05-ef4b-4b73-8b81-0b36eea793cb
</MessageID>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_5">
<wsu:Created>2012-07-27T19:29:14Z</wsu:Created>
<wsu:Expires>2012-07-27T19:34:14Z</wsu:Expires>
</wsu:Timestamp>
<ns19:SecurityContextToken
xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="uuid-7fc60f37-eb5a-4f35-96a6-15af2bebf7f5">
<ns19:Identifier>urn:uuid:fdc34de2-4504-472b-ad1e-d3c8fba569b3</ns19:Identifier>
</ns19:SecurityContextToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#uuid-7fc60f37-eb5a-4f35-96a6-15af2bebf7f5"
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>24</ns19:Length>
<ns19:Nonce>jk724iyR4o97KzJs5AJP1dkN</ns19:Nonce>
</ns19:DerivedKeyToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_4">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#uuid-7fc60f37-eb5a-4f35-96a6-15af2bebf7f5"
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>32</ns19:Length>
<ns19:Nonce>P7xGRdw5a+JfRqDXtHumPxiC</ns19:Nonce>
</ns19:DerivedKeyToken>
<xenc:ReferenceList xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope">
<xenc:DataReference URI="#_5012" />
</xenc:ReferenceList>
<ds:Signature xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#_5004">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>hBJugkYVOYpH1mZAJLjBtOr3iYg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5005">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>cOzpUEL+9/qh8YOnaJ7/MjAVOdc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5006">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>nd8B0+bZuJwz3kdPWZ9XTNye7Ro=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5007">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>jf63rntDQ4DUYK4JbkQXQPBlVYs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5008">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>uKowBlUJ2poXz2GKMUuZ8JChyX0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5009">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>3PbFRVXVluf9VGHsqr8fihKk+9Q=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>BF350b6AnvdviVGICroc+DwcraM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Q7OzPQV7DzTtXNGFIPLXDBAbCf0=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsu:Id="_5003">
<wsse:Reference URI="#_3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5009">
<xenc:EncryptedData xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_5012"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>IMqLMEvTQ9Z1AhgWJtuGLOpNCiygjwjj+ScrxGtSxZUsPZpPL4DYPvQOi7T4J69EP4MgrHXsxZGUd//+S22i0DnAT+ScfpVOua1a0OvUApJ7c9HUiNwRQ3/1U5yrspinDoa7/nL2/cODg27TvL2ekmXFfK8xNE0/kFi1ap/CQ9mDOwYON5RpDMBekIxqw7uF
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
// 8. Second response of a doubled number:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=utf-8
Transfer-Encoding:
chunked
Date: Fri, 27 Jul 2012 19:29:14 GMT
1816
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<S:Header>
<Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
S:mustUnderstand="1" wsu:Id="_5005">http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItResponse
</Action>
<MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">uuid:189c0ed6-f240-4b55-96d9-53d84e0843ed
</MessageID>
<RelatesTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">uuid:48936e05-ef4b-4b73-8b81-0b36eea793cb
</RelatesTo>
<To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">http://www.w3.org/2005/08/addressing/anonymous
</To>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_5">
<wsu:Created>2012-07-27T19:29:14Z</wsu:Created>
<wsu:Expires>2012-07-27T19:34:14Z</wsu:Expires>
</wsu:Timestamp>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">
<wsse:SecurityTokenReference>
<wsse:Reference URI="urn:uuid:fdc34de2-4504-472b-ad1e-d3c8fba569b3"
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>24</ns19:Length>
<ns19:Nonce>wkmYyASlAD8VyqeAVcau4Oyn</ns19:Nonce>
</ns19:DerivedKeyToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_4">
<wsse:SecurityTokenReference>
<wsse:Reference URI="urn:uuid:fdc34de2-4504-472b-ad1e-d3c8fba569b3"
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>32</ns19:Length>
<ns19:Nonce>s0qlZYCGunrT/TXD25m8uRm/</ns19:Nonce>
</ns19:DerivedKeyToken>
<xenc:ReferenceList xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope">
<xenc:DataReference URI="#_5011" />
</xenc:ReferenceList>
<ds:Signature xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#_5004">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>mDFupBC5w5ZTEN+ZV0mADqHu2QY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5005">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>CDFgVNcYLPA/vMlUS2SY/Fixdlw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5006">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>jDLDXmdL/4AkFYZUuCSoW5Tx7Oo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5007">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>iImH/BxkwjSnqsa1XgdAZxFS5nw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5008">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>eu6DgrEvCy7OdwFtoHI+jq7PL4M=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>BF350b6AnvdviVGICroc+DwcraM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>IKImpbfMJGzTb0PAu5dBV9Mmi+A=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsu:Id="_5003">
<wsse:Reference URI="#_3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5008">
<xenc:EncryptedData xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_5011"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>P+SF8nyUxQ4t7AqOSTTayka/W7W1/LIMXRop8koou77nEYw/qKPAzQYr0dm1ejRsOXRzPZXXFgHMY+3z6/La4FxDmuhCweC3So2jirUvh1ztQcsVVYeejNGfF5ucxk1VtZnlVcOc3mSWy8gQmTHY8g6SI0DGEzuHM+OSjjUckt1K9n3R3ew4dZ0LnIDpS9LKSEsx5XYMxXoaoeNuVbCvpw==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment