Quantcast

Is there any options to not to encrypt messages in Metro?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Is there any options to not to encrypt messages in Metro?

gchoi
This post was updated on .
When client send token request to Metro STS, the body of request is encrypted as well as response from STS. When we use https, I don't want to encryt messages. Is there any option to turn off encryption? I really want to see content of body of the soap message.


                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                <ds:DigestValue>vmmQhbNJuikFDhkdF4upECcSAE0=</ds:DigestValue>
                        </ds:Reference>
                        </ds:SignedInfo>
                        <ds:SignatureValue>FAIHk6eF3g3NhjoBBmXaZW6cQ4qviKiGukHXDCORCTNtXrhvom3ZXHUVSGZCGrHC52xmEWeD6QscZlmP7biJU1Yv4ziqB3bBxJXenTE3eDJHGR5+tkyiQazhRC7+FSebEFhrJnW3lJml27BDMCsE8U166LOIW4YME1tzkdaY2SHB51ddfqzfPufhmG46p0QpYjjtjOWRCQBTVKGs0qlP7RQMxQi3U3QNVF6HuOTaI+22lvXihCDsJnPj1OnADoCzVA9WpXbDj3P++xUX3la8y3mASVB6HUc7EFUWsAMVmaMWzj0OLPxufkfdCqNtZd5bTPw/Icvn5pwGG4LpKNTqrA==
                        </ds:SignatureValue>
                        <ds:KeyInfo>
                                <wsse:SecurityTokenReference>
                                        <wsse:Reference URI="#uuid_b05b461c-1aff-44ec-b391-211d2deeb7ee" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                                </wsse:SecurityTokenReference>
                        </ds:KeyInfo>
                </ds:Signature>
        </wsse:Security>
        </S:Header>
        <S:Body wsu:Id="_5007">
                <xenc:EncryptedData xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" Id="_5009" Type="http://www.w3.org/2001/04/xmlenc#Content">
                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                        <xenc:CipherData>
                                <xenc:CipherValue>ovzqkIAX4LUtCZkvJzNp03BRFV9gJo/W/ffCyCG4cYc30kGuTXeqbAlpmOdE5UVR3x10YoYnVdqSMg5J/+R0uxN2FJH7eXwJib0USIDL7bXwfK31pLEgShjYbp+tswyaWhx5p4UmobOjpUdyQBMUHajfFQZPpug13ws3RAs5MQnw/Q0o06nsVO/ahiesac3G9RujoFMzdFJBxMb5U02DCW9v8iTRN5sJFrCt8AIyu+aTWnWhd/T/bnOYgFYWVBHt+qln5jIAe6bomR3fs+/gzWEcfrnaer5Zhy7zq9A5EPI3kJzLUJLv1ezQSGNXiVQC5di2q9dCrWCMA3hBrBgDLALVLvic7y9WvpoaTsH4ixdqSDayV+dmSzA5Tvu1THPCNek0sU+nohAKLQBprpG90YivATlBeNBf2MEa0uybYqwMdMcLCeNEVqw2d/mQG+5onDN9VVJ9M8awSiHagcD7NTk2ZC3BCZmfeIFPjCfNWMVtyPdrA0OGGT5S4bq/1YimNXnQWNbG2t5EJ1gV4TdW1bpy1ipqAj1qtHqcsvmmeFxQFVLBqq0hAU4mW/b2KuSi/WG1RrmlP+RNAOw10n5k+IWrmJcpvmKM6c2Jh2L1Lv2bAe3GYApy6K4Qp8gYUXaSAEk8zOGDx7M39nseE+HggrPH8KL3/AiE8fGQQN4OwReqpx5QUr+AeBsEXr3SORPP7h5/hrJvwLq7ak1KWszxS2gfHFspRoQkFAVDXR1dwSCJo0PagXaKaQ86TzDeV/GHGBSV7I1yZK5lXqVvwTtsZ3PbxQfq53+zhwlBLS+heF56gH7ZmArbUNZRolDOBWwbiurU78xPqCFfxaf2yA8babIsPqvTIl7afZJs6uvSss97Glh7dCXCtVn34LEp0hcqhU3tyFFihMkDZijzHab5U2TvEuFitortyfdaNLJRCjybPfCCABP8pp3pgSrsfRKi7bb/jL1kUYgAt9xzBiDF65jZcp1Wj9Fxn5EoyAtUbGkaJv4uG7LomWeCixl7hMprnltKt7mxrZIAD+vs503repziOl97hBuFhxSzY/8hlWRzFE0EjM0LcIWXBs94HDcqLVtvbLPYpJRTD+dQNAC28WW5F1JEYmlESrNDpW6JPEK/QKGCPY9b35JvucC7iK/pZOBGt+Wqbq58542U/LBqCpWvNSWgsJ0NthAJ1MhhBfyTTefijgKTRZoGRPzP7C6rFj/Nvh5wkmOm0NxnlBHc4JGKbfW00XNKHZ5pV9szV2MZIeQpzBW7PW0zHHeea/2K5OFXsaKpQrh2erhp5AISXjt1xdIW4kGrEn+cYwS148KlQhsRsEjjMmlXtmegbxuBWvvh0ib34OtL6cS/E63bgg==
                                </xenc:CipherValue>
                        </xenc:CipherData>
                </xenc:EncryptedData>
        </S:Body>
</S:Envelope>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is there any options to not to encrypt messages in Metro?

ss400
Comment out encrypted parts in the policy for your STS:

    <wsp:Policy wsu:Id="ISecurityTokenService_Binding_IssueToken_Input_Policy">
        <wsp:ExactlyOne>
            <wsp:All>

                <sp:SignedParts>
                    <sp:Body/>
                    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
                    <sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
                    <sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
                    <sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
                </sp:SignedParts>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Is there any options to not to encrypt messages in Metro?

gchoi
Thank you very much. It worked. Basically I commented out sp:EncryptedParts
element from STS and SP configuration. It helps a lot during development
stage.

Gina

-----Original Message-----
From: ss400 [mailto:[hidden email]]
Sent: Thursday, April 19, 2012 10:30 AM
To: [hidden email]
Subject: Re: Is there any options to not to encrypt messages in Metro?

Comment out encrypted parts in the policy for your STS:

    <wsp:Policy
wsu:Id="ISecurityTokenService_Binding_IssueToken_Input_Policy">
        <wsp:ExactlyOne>
            <wsp:All>

                <sp:SignedParts>
                    <sp:Body/>
                    <sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="AckRequested"
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
                    <sp:Header Name="SequenceAcknowledgement"
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
                    <sp:Header Name="Sequence"
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
                    <sp:Header Name="CreateSequence"
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
                </sp:SignedParts>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>

--
View this message in context:
http://metro.1045641.n5.nabble.com/Is-there-any-options-to-not-to-encrypt-mes
sages-in-Metro-tp5651826p5651900.html
Sent from the Metro - Users mailing list archive at Nabble.com.
Loading...