I'm not sure what the problem is but my client includes the SAML token . It looks like this
<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <sp:Issuer> <Address xmlns="http://www.w3.org/2005/08/addressing";>https://lnihealth.com/axis2/services/STSRampart</Address> </sp:Issuer> <sp:RequestSecurityTokenTemplate> <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType> <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType> <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>256</t:KeySize> </sp:RequestSecurityTokenTemplate> <wsp:Policy> <sp:RequireInternalReference/> </wsp:Policy> </sp:IssuedToken> </wsp:Policy> </sp:SupportingTokens> The token is received from an STS service and it is signed. Of course I have to give the axis2 client the obtained SAML token in code: Axis2TokenProvider prov = new Axis2Saml2TokenProvider(sts, cfgCntxt); secToken = prov.getToken(); ... opts.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, secToken.getId()); Brian -----Original Message----- From: Abdul Mujeeb (JIRA) [mailto:[email protected]] Sent: Wednesday, July 17, 2013 2:01 AM To: [email protected] Subject: [jira] [Created] (AXIS-2894) Error constructing valid security header for a SAML policy Abdul Mujeeb created AXIS-2894: ---------------------------------- Summary: Error constructing valid security header for a SAML policy Key: AXIS-2894 URL: https://issues.apache.org/jira/browse/AXIS-2894 Project: Axis Issue Type: Bug Reporter: Abdul Mujeeb The endpoint web service is deployed on weblogic with a SAML policy applied on it and expects a SAML token, but when I use Axis + Rampart + Neethi to construct an axis2 client for the given policy. <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsp:All> <ns1:AsymmetricBinding xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:Policy> <ns1:InitiatorToken> <wsp:Policy> <ns1:X509Token ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <ns1:WssX509V3Token10 /> </wsp:Policy> </ns1:X509Token> </wsp:Policy> </ns1:InitiatorToken> <ns1:RecipientToken> <wsp:Policy> <ns1:X509Token ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> <wsp:Policy> <ns1:WssX509V3Token10 /> </wsp:Policy> </ns1:X509Token> </wsp:Policy> </ns1:RecipientToken> <ns1:AlgorithmSuite> <wsp:Policy> <ns1:Basic256 /> </wsp:Policy> </ns1:AlgorithmSuite> <ns1:Layout> <wsp:Policy> <ns1:Lax /> </wsp:Policy> </ns1:Layout> <ns1:IncludeTimestamp /> <ns1:ProtectTokens /> <ns1:OnlySignEntireHeadersAndBody /> </wsp:Policy> </ns1:AsymmetricBinding> <ns2:SignedSupportingTokens xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:Policy> <ns2:SamlToken ns2:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <ns2:WssSamlV11Token10 /> </wsp:Policy> </ns2:SamlToken> </wsp:Policy> </ns2:SignedSupportingTokens> <ns3:Wss10 xmlns:ns3="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:Policy> <ns3:MustSupportRefKeyIdentifier /> <ns3:MustSupportRefIssuerSerial /> </wsp:Policy> </ns3:Wss10> <ns4:EncryptedParts xmlns:ns4="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <ns4:Body /> </ns4:EncryptedParts> <ns5:SignedParts xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <ns5:Body /> </ns5:SignedParts> </wsp:All> </wsp:Policy> The generated SOAP request doesn't include the SAML token in the SOAP message. It is for some reason excluding signedSupportingTokens part of SAML -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2013.0.3349 / Virus Database: 3204/6496 - Release Date: 07/16/13 ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2013.0.3349 / Virus Database: 3204/6496 - Release Date: 07/16/13 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
