Hi Prabath, Thank you very much for reply. My requirement is little bit changed, I want signed SAML token from STS, since SAML token issued by STS would contain some user info in AttributeStatement, requirement says it must be signed. The policy file which you sent is more about signing the message using issued SAML token. In my case SAML token is not protection token, its a supporting token. I am new to WS security, and I am not able to find the sample which uses this type of requirement. I read from specification and it says signed supporting token is used for this purpose (getting signed token from STS). I would higly appreciate if you can provide any sample policy file for this type of requirement.
Thanks, Amitesh amiteshksingh wrote: > > Hi, > I am not finding any sample which desribes the use of signed supporting > token uses issued token and requesting for SAML. > > I would appreciate, if anybody can provide that one. > > I am using the below policy > > <sp:SignedSupportingTokens > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:IssuedToken > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> > <Issuer > xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <Address > xmlns="http://www.w3.org/2005/08/addressing";>http://localhost:8090/axis2/services/STS</Address> > <Metadata > xmlns="http://www.w3.org/2005/08/addressing";> > <mex:Metadata > > xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <mex:MetadataSection > Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex";> > <mex:MetadataReference> > <Address > > xmlns="http://www.w3.org/2005/08/addressing";>http://localhost:8090/axis2/services/mex</Address> > </mex:MetadataReference> > </mex:MetadataSection> > </mex:Metadata> > </Metadata> > </Issuer> > <sp:RequestSecurityTokenTemplate> > <t:TokenType > xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType> > <t:KeyType > xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType> > <t:KeySize > xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>256</t:KeySize> > <t:CanonicalizationAlgorithm > xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/10/xml-exc-c14n#</t:CanonicalizationAlgorithm> > > <t:EncryptionAlgorithm > xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptionAlgorithm> > > <t:EncryptWith > xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptWith> > > <t:SignWith > xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2000/09/xmldsig#hmac-sha1</t:SignWith> > > </sp:RequestSecurityTokenTemplate> > > <wsp:Policy> > <sp:RequireDerivedKeys/> > > <sp:RequireInternalReference/> > </wsp:Policy> > </sp:IssuedToken> > > </wsp:Policy> > </sp:SignedSupportingTokens> > > but I am not able to get the saml assetion. I am getting the below error > > Exception in thread "main" org.apache.axis2.AxisFault: Error in signature > with a custom token > at > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70) > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:429) > at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401) > at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > at > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548) > at > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528) > at com.accenture.apsp.security.Client.main(Client.java:82) > Caused by: org.apache.rampart.RampartException: Error in signature with a > custom token > at > org.apache.rampart.builder.BindingBuilder.doSymmSignature(BindingBuilder.java:683) > at > org.apache.rampart.builder.SymmetricBindingBuilder.doSignBeforeEncrypt(SymmetricBindingBuilder.java:504) > at > org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:90) > at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144) > at > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64) > ... 9 more > Caused by: org.apache.ws.security.WSSecurityException: Signature creation > failed; nested exception is: > org.apache.xml.security.signature.XMLSignatureException: Id not found > Original Exception was > org.apache.xml.security.signature.ReferenceNotInitializedException: Id not > found > Original Exception was > org.apache.xml.security.signature.ReferenceNotInitializedException: Id not > found > Original Exception was > org.apache.xml.security.signature.ReferenceNotInitializedException: Id not > found > Original Exception was > org.apache.xml.security.utils.resolver.ResourceResolverException: Id not > found > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:683) > at > org.apache.rampart.builder.BindingBuilder.doSymmSignature(BindingBuilder.java:665) > ... 13 more > Caused by: org.apache.xml.security.signature.XMLSignatureException: Id not > found > Original Exception was > org.apache.xml.security.signature.ReferenceNotInitializedException: Id not > found > Original Exception was > org.apache.xml.security.signature.ReferenceNotInitializedException: Id not > found > Original Exception was > org.apache.xml.security.signature.ReferenceNotInitializedException: Id not > found > Original Exception was > org.apache.xml.security.utils.resolver.ResourceResolverException: Id not > found > at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source) > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:677) > ... 14 more > -- View this message in context: http://www.nabble.com/Issue-in-SignedSupportingTokens-with-IssuedToken-requesting-for-SAML-tp24663093p24709948.html Sent from the Axis - User mailing list archive at Nabble.com.
