Hi Gina Add an empty wsp:Policy element as a child to sp:HttpsToken: </wsp:policy>
There was a fix in CXF to be spec compliant. HTH ------ Oliver Wulff Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/> Solution Architect http://coders.talend.com <http://coders.talend.com>Talend Application Integration Division http://www.talend.com ________________________________ From: Gina Choi [[email protected]] Sent: 31 May 2012 22:14 To: [email protected]; [email protected] Subject: Active Profile Problem with Apache CXF and ADFS2.0(STS) Hi All, Previously I was able to run Fediz WS-Federation with ADFS2.0 with help from Oliver Wulff. Thank you. Now I try to test if Apache CXF can support ADFS2.0 actvie profile. I followed Glen Mazza's blog - http://www.jroller.com/gmazza/entry/cxf_sts_tutorial. Thanks, Glen. It was very helpful. Basically it has WSP, WSC and STS(Apache CXF) and WSP is configured to use Symmetric bindings. Authentication between WSC and STS is done using UT. Now I am trying to switch Apache STS to ADFS2.0 and updated WSP wsdl file and client configuration file accordingly. 1. WSP I have updated <sp:Issuer> element from WSP wsdl like bellow. I could comment out this elment, but it seems the only place that I can specify ADFS endpoint which is https://strts01.ams.dev/adfs/services/trust/13/usernamemixed <sp:Issuer> <wsaw:Address>https://strts01.ams.dev/adfs/services/trust/13/usernamemixed</wsaw:Address> <wsaw:Metadata> <wsx:Metadata> <wsx:MetadataSection> <wsx:MetadataReference> <wsaw:Address>https://strts01.ams.dev/adfs/services/trust/mex</wsaw:Address> </wsx:MetadataReference> </wsx:MetadataSection> </wsx:Metadata> </wsaw:Metadata> </sp:Issuer> 2. WSC I updated client configuration file as follow. <bean class="org.apache.cxf.ws.security.trust.STSClient"> <constructor-arg ref="cxf"/> <property name="wsdlLocation" value="https://strts01.ams.dev/adfs/services/trust/mex"/> <property name="serviceName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService"/> <property name="endpointName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}UserNameWSTrustBinding_IWSTrust13Async2"/> When I run client, but I am getting following error message. It basically read everything in ADFS2.0 wsdl file and complaining if something it doesn't like it. The port that I am trying to use is UserNameWSTrustBinding_IWSTrust13Async2 and it uses UserNameWSTrustBinding_IWSTrust13Async2_policy, but as you can see from bellow, CXF failed to build this policy. I put port name in value field of the endpointName in client configuration file, but I am not sure if I set it correctly. The ADFS2.0 endpoint that I am trying to use is https://strts01.ams.dev/adfs/services/trust/13/usernamemixed I have attached zipped ADFS wsdl file. I would appreciate if anyone let me know if what I try to do is feasible. WARNING: Failed to build the policy 'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:HttpsToken/wsp:Policy must have a value May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy WARNING: Failed to build the policy 'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:HttpsToken/wsp:Policy must have a value May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy WARNING: Failed to build the policy 'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy must have a value May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy WARNING: Failed to build the policy 'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must have a value May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy WARNING: Failed to build the policy 'CustomBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy must have a value May 31, 2012 3:37:51 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy must have a value at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77) at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50) at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138) at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224) at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174) at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124) at org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57) at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85) at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57) at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41) at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138) at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224) at org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217) at org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215) at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174) at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124) at org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100) at org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417) at org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150) at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139) at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549) at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295) at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278) at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61) at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319) at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304) at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250) at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228) at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235) at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103) at org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77) at org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842) at org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569) at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609) at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602) at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594) at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404) at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) at $Proxy25.doubleIt(Unknown Source) at client.WSClient.doubleIt(WSClient.java:18) at client.WSClient.main(WSClient.java:11) Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: sp:HttpsToken/wsp:Policy must have a value at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156) at $Proxy25.doubleIt(Unknown Source) at client.WSClient.doubleIt(WSClient.java:18) at client.WSClient.main(WSClient.java:11) Caused by: java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy must have a value at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77) at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50) at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138) at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224) at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174) at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124) at org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57) at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85) at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57) at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41) at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138) at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224) at org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217) at org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215) at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174) at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124) at org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100) at org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417) at org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150) at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139) at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549) at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295) at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278) at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61) at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319) at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304) at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250) at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228) at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235) at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103) at org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77) at org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842) at org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569) at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609) at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602) at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594) at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404) at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) ... 3 more Gina
