policy)

Jan Bernhardt (JIRA) Thu, 31 Jul 2014 01:30:25 -0700

    [ 
https://issues.apache.org/jira/browse/FEDIZ-70?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14080639#comment-14080639
 ]


Jan Bernhardt commented on FEDIZ-70:
------------------------------------

Just in case someone else is also wondering on how this patch can be used now 
;-)
Edit your realm config file from your IDP 
{{fediz-idp/WEB-INF/idp-config-realma.xml}} and add a {{policyNamespace}} 
property to your service configuration.

Example:
{code}
    <bean id="srv-fedizhelloworld" 
class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
        <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" 
/>
        <property name="protocol" 
value="http://docs.oasis-open.org/wsfed/federation/200706"; />
        <property name="serviceDisplayName" value="Fedizhelloworld" />
        <property name="serviceDescription" value="Web Application to 
illustrate WS-Federation" />
        <property name="role" value="ApplicationServiceType" />
        <property name="tokenType" 
value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
 />
        <property name="lifeTime" value="3600" />
        <property name="policyNamespace" 
value="http://schemas.xmlsoap.org/ws/2004/09/policy"; />
        <!-- <property name="encryptionCertificate" value="" /> -->
        <property name="requestedClaims">
            <util:list>
                <bean 
class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
                    <property name="claimType" 
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; />
                    <property name="optional" value="false" />
                </bean>
                <bean 
class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
                    <property name="claimType" 
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; />
                    <property name="optional" value="false" />
                </bean>
                <bean 
class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
                    <property name="claimType" 
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; />
                    <property name="optional" value="false" />
                </bean>
                <bean 
class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
                    <property name="claimType" 
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; />
                    <property name="optional" value="true" />
                </bean>                                                         
        
            </util:list>
        </property>
    </bean>
{code}

> Missing support for Web Services Policy 1.2 
> (http://schemas.xmlsoap.org/ws/2004/09/policy)
> ------------------------------------------------------------------------------------------
>
>                 Key: FEDIZ-70
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-70
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: IDP
>    Affects Versions: 1.1.0
>         Environment: Tomcat 7.0.47, JRE 1.7
> SharePoint 2010 as SP
>            Reporter: Stepan Hrbacek
>            Assignee: Oliver Wulff
>              Labels: http://schemas.xmlsoap.org/ws/2004/09/policy, 
> http://www.w3.org/ns/ws-policy
>             Fix For: 1.1.1, 1.2.0
>
>
> I am trying to setup Claims authentication to SharePoint 2010 via Apache CXF 
> Fediz IDP and I have SharePoint rejects claims created by Fediz because it 
> does not support Web Services Policy 1.5 (http://www.w3.org/ns/ws-policy) 
> that is by default used in Fediz - following error is reported (see mailing 
> list [Claims authentication to SharePoint 2010 via Apache CXF Fediz 
> IDP|http://mail-archives.apache.org/mod_mbox/cxf-users/201402.mbox/%3C79AB4452999C844D9920E0363533273111A8C322%40S10BE002.SH10.lan%3E]):
> --------------------------
> 02/06/2014 11:18:00.40        w3wp.exe (0x1268)                               
> 0x0BD4  SharePoint Foundation
>               General                         8nca    Verbose         
> Application error when access /_trust/,
> Error=ID3007: The element 'AppliesTo' with namespace 
> 'http://www.w3.org/ns/ws-policy' is unrecognized.
>   at 
> Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.ReadRSTRXml(XmlReader
> reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext 
> context, WSTrustConstantsAdapter
> trustConstants)     at 
> Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.CreateResponse(XmlReader
> reader, WSTrustSerializationContext context, WSTrustResponseSerializer 
> responseSerializer,
> WSTrustConstantsAdapter trustConstants)     at 
> Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.ReadXml(XmlReader
> reader, WSTrustSerializationContext context)     at 
> Microsoft.IdentityModel.Protocols.WSFederation.WSFederationSer...
> 94b07bcc-8709-4449-8c8f-c4e175e2949b
> --------------------------
> Would it be please possible to extend the 
> org.apache.cxf.fediz.service.idp.beans.STSClientAction so that the WSP and 
> Addressing namespaces are configurable in idp-servlet.xml?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (FEDIZ-70) Missing support for Web Services Policy 1.2 (http://schemas.xmlsoap.org/ws/2004/09/policy)

Reply via email to