Hello, my name is Michele Amico and I'm an italian student at Università di Pisa. I'm writing here because RAMPART ML looks to be down. I'm working on Rampart and SAML 1.1 version. I have a general problem with STS custom.
At this moment I need to use a custom SAMLTokenIssuer but I would like to modify the less possible default STS shipped with rampart (using STSClient, STSMessageReceiver, etc.). I would like to use the whole framework as it is by default, and modify only SAMLTokenIssuer class, using another class. I tought I could do this using this documentation: http://axis.apache.org/axis2/java/rampart/setting-up-sts.html To start, I tried to modify sample05 (rampart 1.5 release), creating two service archive, one for the "echo service" and one for "STS". If services.xml of the STS is the one by default it works. When I try to follow the documentation to make a custom STS I receive an error. This is my services.xml: ---------------------------------------------------------------------------------------------------------------- <service name="STS"> <module ref="rampart" /> <module ref="addressing" /> <module ref="rahas" /> <operation name="IssueToken" mep="http://www.w3.org/2006/01/wsdl/in-out "> <messageReceiver class="org.apache.rahas.STSMessageReceiver"/> <!-- Action mapping to accept RST requests --> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT </actionMapping> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue </actionMapping> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew </actionMapping> <actionMapping> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping> <actionMapping> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping> <actionMapping> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping> <parameter name="token-dispatcher-configuration"> <token-dispatcher-configuration> <!-- Issuers. You may have many issuers. --> <issuer class="custom.MyIssuer" default="true"> <configuration type="parameter">saml-issuer-config</configuration> <tokenType> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 </tokenType> </issuer> </token-dispatcher-configuration> </parameter> <parameter name="saml-issuer-config"> <saml-issuer-config> <issuerName>SAMPLE_STS</issuerName> <issuerKeyAlias>service</issuerKeyAlias> <issuerKeyPassword>apache</issuerKeyPassword> <cryptoProperties> <crypto provider="org.apache.ws.security.components.crypto.Merlin"> <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property> <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property> </crypto> </cryptoProperties> <timeToLive>300000</timeToLive> <keySize>256</keySize> <addRequestedAttachedRef /> <addRequestedUnattachedRef /> <!-- Key computation mechanism 1 - Use Request Entropy 2 - Provide Entropy 3 - Use Own Key --> <keyComputation>2</keyComputation> <!-- proofKeyType element is valid only if the keyComputation is set to 3 i.e. Use Own Key Valid values are: EncryptedKey & BinarySecret --> <proofKeyType>BinarySecret</proofKeyType> <trusted-services> <service alias="service">*</service> </trusted-services> </saml-issuer-config> </parameter> </operation> <wsp:Policy wsu:Id="SigOnly" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <ramp:RampartConfig xmlns:ramp=" http://ws.apache.org/rampart/policy"> <ramp:user>service</ramp:user> <ramp:encryptionUser>client</ramp:encryptionUser> <ramp:passwordCallbackClass>testRobot.PWCBHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </service> -------------------------------------------------------------------------------------------------------------------------- Class custom.MyIssuer is a copy of default SAMLTokenIssuer.java. To compile I copy SAMLTokenIssuerConfig.java, AbstractIssuerConfig.java and TokenIssuerUtil.java This doesn't work and I can't understand what is missing. I hope someone could help me. The error I have on the client is: ------------------------------- Exception in thread "main" org.apache.rahas.TrustException: Error in obtaining token from : "http://localhost:8080/axis2/services/STS" [java] at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:153) [java] at testRobot.Client.main(Unknown Source) [java] Caused by: org.apache.axis2.AxisFault: Missing wsse:Security header in request [java] at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172) [java] at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99) [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318) [java] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) [java] at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) [java] at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364) [java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417) [java] at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) [java] at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) [java] at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:540) [java] at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:147) [java] ... 1 more [java] Caused by: org.apache.rampart.RampartException: Missing wsse:Security header in request [java] at org.apache.rampart.RampartEngine.process(RampartEngine.java:124) [java] at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) [java] ... 10 more [java] Java Result: 1 ---------------------------------- And on the axis2server: -------------------------------------- [WARN] triggerActionNotSupportedFault: messageContext: [MessageContext: logID=urn:uuid:593AF8FB2CF54976F31296757850420] problemAction: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue [ERROR] The [action] cannot be processed at the receiver. org.apache.axis2.AxisFault: The [action] cannot be processed at the receiver. at org.apache.axis2.addressing.AddressingFaultsHelper.triggerAddressingFault(AddressingFaultsHelper.java:373) at org.apache.axis2.addressing.AddressingFaultsHelper.triggerActionNotSupportedFault(AddressingFaultsHelper.java:336) at org.apache.axis2.dispatchers.AddressingBasedDispatcher.checkAction(AddressingBasedDispatcher.java:141) at org.apache.axis2.dispatchers.AddressingBasedDispatcher.invoke(AddressingBasedDispatcher.java:126) at org.apache.axis2.engine.Phase.invoke(Phase.java:318) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167) at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266) at org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) at org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) ------------------------------------------------------------------------------------------------------ Thank a lot for the help. Bye, Michele Amico