The signature method is HMAC-SHA1
, and I already have <SignedInfo>
generated. The problem is that I am not sure what to use as the key in the HMAC calculation.
I noticed that there are two <Entropy>
with enclosing <BinarySecret>
from the initial request (RST) and response (RSTR). I read from WS-Trust that this indicates that I could generate a proof key using these two binary values from the <BinarySecret>
and PSHA1
as specified in <ComputeKey>
tag from the response. However, I could never get the same signature value as the one in the sample from the service provider.
Any information would help!
As an example:
- The binary secret from RST is
grrlUUfhuNwlvQzQ4bV6TT3wA8ieZPltIf4+H7nIvCE=
- The binary secret from RSTR is
YLABh3ZmZyiO5gvVLZe9J4JPd9w59KGeTFwE85XlzxE=
- The correct signature value is
nXJEN8p1nupMA/00TK03VZlADkU=
- The signature value I generate is
bEGpeRFsznafFRf86g281zKV3Ro=
- The content of SignInfo is as follow
<SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <Reference URI="#_0"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>CwMGnFZklO7XsDfFguzl0tw7iHM=</DigestValue> </Reference> </SignedInfo>