Hi, I also tried the STS client with non-repudiation. But gives the following error. Is there any configs need to be changed in the sample?
org.apache.rahas.TrustException: Error in obtaining token from : " https://localhost:9443/services/wso2carbon-sts"; at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:174) at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:182) at org.wso2.carbon.identity.samples.sts.Client.run(Client.java:130) at org.wso2.carbon.identity.samples.sts.Client.main(Client.java:94) Caused by: org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:105) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:171) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555) at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:165) ... 3 more Thanks, Ashen On Fri, Jan 6, 2017 at 12:12 AM, Gayan Gunawardana <[email protected]> wrote: > Steps and sample can be found from [1],[2]. Issue seems to be a problem of > default keystore. When I trace the request and response from tcpmon found > below issue. > > > *Request* > <?xml version='1.0' encoding='UTF-8'?> > <soapenv:Envelope xmlns:soapenv="http://www.w3. > org/2003/05/soap-envelope"> > <soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/ > addressing"> > <wsse:Security xmlns:wsse="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > soapenv:mustUnderstand="true"> > <wsu:Timestamp xmlns:wsu="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > wsu:Id="Timestamp-1"> > <wsu:Created>2017-01-05T08:35:31.570Z</wsu:Created> > <wsu:Expires>2017-01-05T08:40:31.570Z</wsu:Expires> > </wsu:Timestamp> > <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > EncodingType="http://docs.oasis-open.org/wss/2004/01/ > oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId- > F1F5AE821BB8A9B28714836053316591">MIIBlzCCAQCgAwIBAgIEUVqxuDANBg > kqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVhZG1pbjAeFw0xMzA0MDIxMDIzNT > JaFw0xMzA3MDExMDIzNTJaMBAxDjAMBgNVBAMTBWFkbWluMIGfMA0GCSqGSI > b3DQEBAQUAA4GNADCBiQKBgQCTx+Xh1YkBdaeMW36Z0QqR9vmnBAccIH+ > 9rYaMaXV1m5pWUFHsT9utjEX23c4vkJ8O3Hpgh56/BUfzStb09UuONBU6BHVAe3uTDmLE42 > T3s/OaBsrUq3cPSmLCS8+J65ItdlT4jWjhJHIehyjU+IyvN3IWd63lowWleqk5na4tbQIDAQA > BMA0GCSqGSIb3DQEBBQUAA4GBAGcrYWf2NvDiG3jnUxYP4cDaMD586xyzk0m > ROI2VVDpK3oFQn6mqj3wgnjPMq3Eb8TIIuludo7c6OBzSEACoGd/ > fObcCJsdXI4FXeAVQBSOx91vtz3khMbmFsVJRS3HE8vRhxjQAjCmsAPHcy8Z > ezuTuKHs1J1U9SS64Ox1FIfoY</wsse:BinarySecurityToken> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > Id="Signature-2"> > <ds:SignedInfo> > <ds:CanonicalizationMethod Algorithm="http://www.w3.org/ > 2001/10/xml-exc-c14n#" /> > <ds:SignatureMethod Algorithm="http://www.w3.org/ > 2000/09/xmldsig#rsa-sha1" /> > <ds:Reference URI="#Id-100433527"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/ > 2001/10/xml-exc-c14n#" /> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/ > 2000/09/xmldsig#sha1" /> > <ds:DigestValue>qdHksp42FlO9WVg6HKledVDda18=</ > ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#Timestamp-1"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/ > 2001/10/xml-exc-c14n#" /> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/ > 2000/09/xmldsig#sha1" /> > <ds:DigestValue>E6aaITdDYeveyle1XmVeWmfbYAE=</ > ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue>aWwbjN8BbgEI3pFwET9De9/ > UhYKeGC3Ndx0VSXEPMhtxYS3n4Q0ZuG2eX8ZobgcMPmYjs1gAoxF09sf7fdzmrSMW+Gt8Wn+ > N05gLh8u4fNY7Bi4DBM1YNW11pqxWpX8LG19prh0KbwkuJIIKQCuP08Zaku+ > HHgPvis6OPHhdObY=</ds:SignatureValue> > <ds:KeyInfo Id="KeyId-F1F5AE821BB8A9B28714836053316652"> > <wsse:SecurityTokenReference xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId- > F1F5AE821BB8A9B28714836053316663"> > <wsse:Reference URI="#CertId- > F1F5AE821BB8A9B28714836053316591" ValueType="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > </wsse:Security> > <wsa:To>http://localhost:9762/services/wso2carbon-sts</wsa:To> > <wsa:ReplyTo> > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/ > addressing/role/anonymous</wsa:Address> > </wsa:ReplyTo> > <wsa:MessageID>urn:uuid:c514e93f-6a96-4640-8304- > 400320f95d5a</wsa:MessageID> > <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue > </wsa:Action> > </soapenv:Header> > <soapenv:Body xmlns:wsu="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > wsu:Id="Id-100433527"> > <wst:RequestSecurityToken xmlns:wst="http://schemas. > xmlsoap.org/ws/2005/02/trust"> > <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/ > 02/trust/Issue</wst:RequestType> > <wsp:AppliesTo xmlns:wsp="http://schemas. > xmlsoap.org/ws/2004/09/policy"> > <wsa:EndpointReference xmlns:wsa="http://schemas. > xmlsoap.org/ws/2004/08/addressing"> > <wsa:Address>https://localhost:10443/services/echo< > /wsa:Address> > </wsa:EndpointReference> > </wsp:AppliesTo> > <wst:Lifetime> > <wsu:Created>2017-01-05T08:35:31.256Z</wsu:Cr29ceated> > <wsu:Expires>2017-01-05T08:40:31.256Z</wsu:Expires> > </wst:Lifetime> > <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss- > saml-token-profile-1.1#SAMLV2.0</wst:TokenType> > <wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/ > Bearer</wst:KeyType> > <wst:Claims xmlns:wsp="http://schemas. > xmlsoap.org/ws/2005/02/trust" wsp:Dialect="http://wso2.org/claims";> > <wsid:ClaimType xmlns:wsid="http://schemas. > xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/givenname"; /> > <wsid:ClaimType xmlns:wsid="http://schemas. > xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/emailaddress"; > /> > </wst:Claims> > </wst:RequestSecurityToken> > </soapenv:Body> > </soapenv:Envelope> > > > > *Response *<?xml version='1.0' encoding='UTF-8'?> > <soapenv:Envelope xmlns:soapenv="http://www.w3. > org/2003/05/soap-envelope"> > <soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/ > addressing"> > <wsse:Security xmlns:wsse="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > soapenv:mustUnderstand="true"> > <wsu:Timestamp xmlns:wsu="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > wsu:Id="Timestamp-11"> > <wsu:Created>2017-01-05T08:35:31.867Z</wsu:Created> > <wsu:Expires>2017-01-05T08:40:31.867Z</wsu:Expires> > </wsu:Timestamp> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > Id="Signature-12"> > <ds:SignedInfo> > <ds:CanonicalizationMethod Algorithm="http://www.w3.org/ > 2001/10/xml-exc-c14n#"/> > <ds:SignatureMethod Algorithm="http://www.w3.org/ > 2000/09/xmldsig#rsa-sha1"/> > <ds:Reference URI="#Id-1962192193"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/ > 2001/10/xml-exc-c14n#"/> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/ > 2000/09/xmldsig#sha1"/> > <ds:DigestValue>h5oo0fYSZXjhsCDyzJF2XFTbjEg=</ > ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#Timestamp-11"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/ > 2001/10/xml-exc-c14n#"/> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/ > 2000/09/xmldsig#sha1"/> > <ds:DigestValue>0SnksGqgO8yrwWLuJUUEw52habw=</ > ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue>Pzwh9XSrKLMpze42EcGfYZweb+ > Th4FxX4rRt2+axHQRlt/p+A8YMwYUicKF93+a7RDiOhOdUOaoanIoN/CQaYtSskQZzK+ > LaqP9o1kcJCLulPgkGeYiC/fb3AilOuKKS+s5JWMchfgw2ebLgYTO43AalYwCtqNf > /VMycIpb30B4=</ds:SignatureValue> > <ds:KeyInfo Id="KeyId-649751EC57E04F21D3148360533186817"> > <wsse:SecurityTokenReference xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId- > 649751EC57E04F21D3148360533186918"> > <wsse:KeyIdentifier EncodingType="http://docs. > oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- > security-1.0#Base64Binary" ValueType="http://docs.oasis- > open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">a/ > jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > </wsse:Security> > <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/ > addressing/role/anonymous</wsa:To> > <wsa:MessageID>urn:uuid:8904e3e1-9aea-4271-bac1- > c99c52ce641f</wsa:MessageID> > <wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/ > addressing/fault</wsa:Action> > <wsa:RelatesTo>urn:uuid:c514e93f-6a96-4640-8304- > 400320f95d5a</wsa:RelatesTo> > </soapenv:Header> > <soapenv:Body xmlns:wsu="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > wsu:Id="Id-1962192193"> > <soapenv:Fault xmlns:axis2ns11="http://www. > w3.org/2003/05/soap-envelope"> > <soapenv:Code> > <soapenv:Value>axis2ns11:Sender</soapenv:Value> > <soapenv:Subcode> > <soapenv:Value xmlns:axis2ns12="http://docs. > oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > ">axis2ns12:FailedCheck</soapenv:Value> > </soapenv:Subcode> > </soapenv:Code> > <soapenv:Reason> > <soapenv:Text xml:lang="en-US">The signature or decryption > was invalid (The provided certificate is invalid); nested exception is: > java.security.cert.CertificateExpiredException: NotAfter: Mon Jul 01 > 15:53:52 IST 2013</soapenv:Text> > </soapenv:Reason>11 > <soapenv:Detail/>32 > </soapenv:Fault> > </soapenv:Body> > </soapenv:Envelope> > > Similar kind of issue reported in [1] as well. > > > > > > *[1] > https://docs.wso2.com/display/IS510/Accessing+Claim+Aware+Services+using+STS+Secured+with+Non-repudiation > <https://docs.wso2.com/display/IS510/Accessing+Claim+Aware+Services+using+STS+Secured+with+Non-repudiation>[2]https://github.com/wso2/product-is/tree/v5.1.0/modules/samples/sts/sts-client > <https://github.com/wso2/product-is/tree/v5.1.0/modules/samples/sts/sts-client>[3] > https://wso2.org/jira/si/jira.issueviews:issue-html/WSAS-957/WSAS-957.html > <https://wso2.org/jira/si/jira.issueviews:issue-html/WSAS-957/WSAS-957.html>* > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Ashen Weerathunga* Software Engineer WSO2 Inc.: http://wso2.com lean.enterprise.middleware Email: [email protected] Mobile: +94716042995 <94716042995> LinkedIn: *http://lk.linkedin.com/in/ashenweerathunga <http://lk.linkedin.com/in/ashenweerathunga>* <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
