> I have tested the samples of RC2 and I have encountered a problem in sample > 05. The response is: > > <?xml version="1.0" encoding="UTF-8"?> > > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> > > <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> > > <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action> > > <wsa:RelatesTo>urn:uuid:DC6CBC0805A79583451210760374233</wsa:RelatesTo> > > </soapenv:Header> > > <soapenv:Body> > > <soapenv:Fault xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "> > > <faultcode>wsse:InvalidSecurity</faultcode> > > <faultstring>General security error (SAML token security failure); nested > exception is: > > org.opensaml.MalformedException: Subject is invalid, requires either > NameIdentifier or at least one ConfirmationMethod</faultstring> > > <detail/> > > </soapenv:Fault> > > </soapenv:Body> > > </soapenv:Envelope> In fact the SAML assertion looks like this: > > <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp=" > urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml=" > urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi=" > http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd=" > http://www.w3.org/2001/XMLSchema"; AssertionID=" > _7816cc0f3175b845fe6885392887dcfb" > IssueInstant="2008-05-14T08:55:39.906Z"Issuer ="SAMPLE_STS" MajorVersion="1" > MinorVersion="1"> > > <Conditions NotBefore="2008-05-14T08:55:39.906Z" NotOnOrAfter=" > 2008-05-14T09:00:39.906Z"/> > > <AttributeStatement> > > <Subject> > > <SubjectConfirmation> > > <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ > ConfirmationMethod> > > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > > <xenc:EncryptedKey xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id=" > EncKeyId-urn:uuid:FF61AF1C61F5F11915121075533990612"> > > <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5 "/> > > <ds:KeyInfo> > > <wsse:SecurityTokenReference xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "> > > <wsse:KeyIdentifier EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > " ValueType=" > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 > ">HYL371NzoOs2+IA24VDkBGcUFQM=</wsse:KeyIdentifier> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > <xenc:CipherData> > > <xenc:CipherValue>aRbQNN6......xenc:CipherValue> > > </xenc:CipherData> > > </xenc:EncryptedKey> > > </KeyInfo> > > </SubjectConfirmation> > > </Subject> > > <Attribute AttributeName="Name" AttributeNamespace=" > https://rahas.apache.org/saml/attrns";> > > <AttributeValue>Colombo/Rahas</AttributeValue> > > </Attribute> > > </AttributeStatement> > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > > <ds:SignedInfo> > > <ds:CanonicalizationMethod Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > > <ds:Reference URI="#_7816cc0f3175b845fe6885392887dcfb"> > > <ds:Transforms> > > <ds:Transform Algorithm=" > http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"PrefixList ="code ds kind > rw saml samlp typens #default xsd xsi"/> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > > <ds:DigestValue>mIaVRuYws25Y9M/LYs8p2jUxp6c=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > <ds:SignatureValue>gspHip...</ds:SignatureValue> > > <ds:KeyInfo> > > <ds:X509Data> > > <ds:X509Certificate>MIICTjC.....</ds:X509Certificate> > > </ds:X509Data> > > </ds:KeyInfo> > > </ds:Signature> > > </Assertion> Does anybody else have the same error? > > Thanks, Plamena
Hi, i didn't try the smaples but get the same error. See http://markmail.org/message/qxzaqknirrm2mt6p?q=list:org%2Eapache%2Ews%2Eaxis-user+uhlitzsch&page=1 . I looks like rampart doesn't find the policy data. Regards -- GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen! Jetzt dabei sein: http://www.shortview.de/[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
