Monday, February 13, 2006
Pablo Cibraro and the WSE Newsgroups (and solving the WSE3002 error)

Pablo Cibraro (who should be an MVP) is, in my opinion, one of the most knowledgable WSE guys around. He is up there with Michele and Softwaremaker (who have both moved on to be WCF gurus, of course). But besides having a wealth of practical knowledge, he spends an inordinate amount of time sharing it in the WSE newsgroups, answering myriad questions and following up on many of them.

He has answered questions for me too.

But today, he really impressed me even more. I was runing up against a problem that I could not figure out or find the answer to anywhere. In fact, I found two other questions on the web with the same problem but no answers.

The more I dug into the problem the more I learned and I finally was able to google the right keywords. And where did I find the solution to my problem? In Pablo's blog (see below). He does not post very often, but boy am I glad he wrote about this. I had even been fiddling in the right section of my web.config file, but just wasn't tweaking quite the correct thing.

So thanks Pablo!

And for google's sake, the problem was some encryption being done in a request for a securityContextToken in WSE3.0. On Windows 2000 machines, it was encrypting the requested key with RSA15, but WIndows XP clients were encrypting with OAEP and the win2003 server was expecting OAEP.

Windows 2000 does not have the ability to wrap with OAEP. So I had to force all clients to wrap security tokens with RSA15 (Win2000 will do it by default, but XP won't) and then force the server to use RSA15 also.

But I couldn't figure out how. Pablo's post on using the web.config in WSE 3.0 to override the default encryption led me to my solution. He also followed up with a reply in the newsgroup as I was typing this very post.

The error

An unsupported signature or encryption algorithm was used --->
System.Exception: WSE3002: The receiver is expecting the key wrapping algorithm to be http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p, but the incoming message used http://www.w3.org/2001/04/xmlenc#rsa-1_5. You can change the key wrapping algorithm through configuring security token manager.

The solution in both web.config of the service and app.config of the client (inside of the security tags of the microsoft.web.services3 tags):

<binarySecurityTokenManager>
    <add
valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
     <keyAlgorithm name="RSA15" />
    </add>
   </binarySecurityTokenManager>



Don't Forget: www.acehaid.org
WSE
Monday, February 13, 2006 10:56:26 AM (Eastern Standard Time, UTC-05:00)  #     |  Comments [0]  |