Hi Amitesh;
Please have a look at [1]. It explains exactly what you want I guess.
Thanks & regards.
-Prabath
[1]:http://blog.facilelogin.com/2009/05/accessing-proxy-services-in-wso2-esb.html
amiteshksingh wrote:
Hi Prabath,
Thank you very much for reply.
My requirement is little bit changed, I want signed SAML token from STS,
since SAML token issued by STS would contain some user info in
AttributeStatement, requirement says it must be signed. The policy file
which you sent is more about signing the message using issued SAML token. In
my case SAML token is not protection token, its a supporting token. I am new
to WS security, and I am not able to find the sample which uses this type of
requirement. I read from specification and it says signed supporting token
is used for this purpose (getting signed token from STS). I would higly
appreciate if you can provide any sample policy file for this type of
requirement.
Thanks,
Amitesh
amiteshksingh wrote:
Hi,
I am not finding any sample which desribes the use of signed supporting
token uses issued token and requesting for SAML.
I would appreciate, if anybody can provide that one.
I am using the below policy
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:IssuedToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<Issuer
xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<Address
xmlns="http://www.w3.org/2005/08/addressing";>http://localhost:8090/axis2/services/STS</Address>
<Metadata
xmlns="http://www.w3.org/2005/08/addressing";>
<mex:Metadata
xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<mex:MetadataSection
Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex";>
<mex:MetadataReference>
<Address
xmlns="http://www.w3.org/2005/08/addressing";>http://localhost:8090/axis2/services/mex</Address>
</mex:MetadataReference>
</mex:MetadataSection>
</mex:Metadata>
</Metadata>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<t:TokenType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
<t:KeyType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
<t:KeySize
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>256</t:KeySize>
<t:CanonicalizationAlgorithm
xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/10/xml-exc-c14n#</t:CanonicalizationAlgorithm>
<t:EncryptionAlgorithm
xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptionAlgorithm>
<t:EncryptWith
xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptWith>
<t:SignWith
xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2000/09/xmldsig#hmac-sha1</t:SignWith>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
but I am not able to get the saml assetion. I am getting the below error
Exception in thread "main" org.apache.axis2.AxisFault: Error in signature
with a custom token
at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:429)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)
at com.accenture.apsp.security.Client.main(Client.java:82)
Caused by: org.apache.rampart.RampartException: Error in signature with a
custom token
at
org.apache.rampart.builder.BindingBuilder.doSymmSignature(BindingBuilder.java:683)
at
org.apache.rampart.builder.SymmetricBindingBuilder.doSignBeforeEncrypt(SymmetricBindingBuilder.java:504)
at
org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:90)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144)
at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
... 9 more
Caused by: org.apache.ws.security.WSSecurityException: Signature creation
failed; nested exception is:
org.apache.xml.security.signature.XMLSignatureException: Id not found
Original Exception was
org.apache.xml.security.signature.ReferenceNotInitializedException: Id not
found
Original Exception was
org.apache.xml.security.signature.ReferenceNotInitializedException: Id not
found
Original Exception was
org.apache.xml.security.signature.ReferenceNotInitializedException: Id not
found
Original Exception was
org.apache.xml.security.utils.resolver.ResourceResolverException: Id not
found
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:683)
at
org.apache.rampart.builder.BindingBuilder.doSymmSignature(BindingBuilder.java:665)
... 13 more
Caused by: org.apache.xml.security.signature.XMLSignatureException: Id not
found
Original Exception was
org.apache.xml.security.signature.ReferenceNotInitializedException: Id not
found
Original Exception was
org.apache.xml.security.signature.ReferenceNotInitializedException: Id not
found
Original Exception was
org.apache.xml.security.signature.ReferenceNotInitializedException: Id not
found
Original Exception was
org.apache.xml.security.utils.resolver.ResourceResolverException: Id not
found
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:677)
... 14 more
