Hi all, When debugging the code, it was found that there's a bug when applying a security policy to the STS service. Thanks @Hasintha for the input given.
Thanks, Kasun. On Tue, Jun 21, 2016 at 11:55 AM, Kasun Bandara <[email protected]> wrote: > Hi Hasintha, > > Thanks for the prompt response. I checked the corresponding policy files > in both the versions ( > */_system/config/repository/axis2/service-groups/org.wso2.carbon.sts-5.0* > in registry). 'rampartConfig' section wasn't there in the latest pack, even > though it was in the older pack. (i.e when service is secured with > UTOverTransport > policy) > > Thanks, > Kasun. > > On Tue, Jun 21, 2016 at 11:42 AM, Hasintha Indrajee <[email protected]> > wrote: > >> Services which are secured with policies are stored in registry . Can you >> please check whether "rampartConfig" section is there in the policy which >> is stored in the registry after applying the policy ? Please check in both >> versions. >> >> On Tue, Jun 21, 2016 at 11:34 AM, Kasun Bandara <[email protected]> wrote: >> >>> Hi all, >>> >>> I'm attempting $subject on latest IS pack [1] . Below is the sample STS >>> request that's I'm attempting. >>> >>> <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; >>> xmlns:wsa="http://www.w3.org/2005/08/addressing"; >>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" >>> xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wst=" >>> http://schemas.xmlsoap.org/ws/2005/02/trust"; >>> xmlns:wsu=" >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >>> xmlns:wsse=" >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >>> >>> xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL";> >>> <s:Header> >>> <wsa:Action s:mustUnderstand="1"> >>> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action> >>> <wsa:To s:mustUnderstand="1"> >>> https://localhost:9443/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint >>> </wsa:To> >>> <wsa:MessageID>1454429880</wsa:MessageID> >>> <wsse:Security> >>> <wsse:UsernameToken wsu:Id="user"> >>> <wsse:Username>kasun</wsse:Username> >>> <wsse:Password>kasun8888</wsse:Password> >>> </wsse:UsernameToken> >>> <wsu:Timestamp Id="Timestamp"> >>> <wsu:Created>2016-06-02T15:40:01Z</wsu:Created> >>> <wsu:Expires>2018-02-02T16:23:01Z</wsu:Expires> >>> </wsu:Timestamp> >>> </wsse:Security> >>> </s:Header> >>> <s:Body> >>> <wst:RequestSecurityToken Id="RST0"> >>> <wst:RequestType> >>> http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType> >>> <wsp:AppliesTo> >>> <wsa:EndpointReference> >>> <wsa:Address>urn:federation:MicrosoftOnline</wsa:Address> >>> </wsa:EndpointReference> >>> </wsp:AppliesTo> >>> <wst:KeyType> >>> http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</wst:KeyType> >>> </wst:RequestSecurityToken> >>> </s:Body> >>> </s:Envelope> >>> >>> >>> I get the following SOAP response error after invoking the above request. >>> >>> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope >>> "> >>> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> >>> <wsse:Security soapenv:mustUnderstand="true" xmlns:wsse=" >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>> "> >>> <wsu:Timestamp wsu:Id="Timestamp-1" xmlns:wsu=" >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>> "> >>> <wsu:Created>2016-06-21T05:49:42.359Z</wsu:Created> >>> <wsu:Expires>2016-06-21T05:54:42.359Z</wsu:Expires> >>> </wsu:Timestamp> >>> </wsse:Security> >>> <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault >>> </wsa:Action> >>> <wsa:RelatesTo>1454429880</wsa:RelatesTo> >>> </soapenv:Header> >>> <soapenv:Body> >>> <soapenv:Fault> >>> <soapenv:Code> >>> <soapenv:Value>soapenv:Receiver</soapenv:Value> >>> </soapenv:Code> >>> <soapenv:Reason> >>> <soapenv:Text >>> xml:lang="en-US">java.lang.NullPointerException</soapenv:Text> >>> </soapenv:Reason> >>> <soapenv:Detail/> >>> </soapenv:Fault> >>> </soapenv:Body> >>> </soapenv:Envelope> >>> >>> In addition to this i can see following error stack in carbon logs. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> *TID: [-1234] [] [2016-06-21 11:19:42,267] ERROR >>> {org.apache.axis2.transport.http.AxisServlet} - >>> java.lang.NullPointerException at >>> org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:93) >>> at org.apache.rampart.RampartEngine.process(RampartEngine.java:470) at >>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) >>> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at >>> org.apache.axis2.engine.Phase.invoke(Phase.java:313) at >>> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at >>> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) at >>> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)* >>> >>> The same request works as expected with a older rampart version. When >>> debugging this issue it was found that the Rampart Configuration class >>> isn't initiated in the latest pack when starting the server, even though it >>> initiates in the older pack. (i.e STS endpoint is secured with a >>> UTOverTransport policy) >>> >>> Appreciate any feedback on this. >>> >>> >>> >>> Thanks, >>> Kasun. >>> >>> >>> [1] >>> http://maven.wso2.org/nexus/content/repositories/snapshots/org/wso2/is/wso2is/5.2.0-SNAPSHOT/ >>> >>> >>> >>> >>> >>> -- >>> Kasun Bandara >>> *Software Engineer* >>> Mobile : +94 (0) 718 338 360 >>> <%2B94%20%280%29%20773%20451194> >>> [email protected] <[email protected]> >>> >> >> >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 >> >> > > > -- > Kasun Bandara > *Software Engineer* > Mobile : +94 (0) 718 338 360 > <%2B94%20%280%29%20773%20451194> > [email protected] <[email protected]> > -- Kasun Bandara *Software Engineer* Mobile : +94 (0) 718 338 360 <%2B94%20%280%29%20773%20451194> [email protected] <[email protected]>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
