Ahh, I see. Okay first its been a while since I have used axis 2 / rampart on 
the client side. I have an Android client which has extreme difficulty 
supporting axis2 so I created the SOAP message using basic Java http classes.

 

But I have done it using axis2/rampart. I will see if I can dig them up. But 
you are likely missing something simple. It ends up looking like this with the 
SAML token highlighted in blue. Get the latest version of Rampart as well. 
Earlier versions were not generating the token correctly. It was missing some 
namespaces (I think it used the xsi prefix without defining it in older 
versions but I forget…) which often occurred in other parts of the security 
header so it didn’t cause a problem. But the token should be stand-alone.

 

POST /axis2/services/Exchange HTTP/1.1

Content-Type: application/soap+xml; charset=UTF-8; 
action="urn:ihe:pcd:2010:CommunicatePCDData"

User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.0.4; Nexus S Build/IMM26)

Host: 192.168.1.3:8443

Connection: Keep-Alive

Accept-Encoding: gzip

Content-Length: 8348

 

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope 
xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>

    <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";>

        <wsse:Security soapenv:mustUnderstand="true" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>

            <wsu:Timestamp wsu:Id="Timestamp-3">

                <wsu:Created>2013-03-01T16:54:54.336</wsu:Created>

                <wsu:Expires>2013-03-01T16:59:54.336</wsu:Expires>

            </wsu:Timestamp>

                <saml2:Assertion 
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" 
xmlns:xs="http://www.w3.org/2001/XMLSchema"; 
ID="urn:uuid:CCD9102DB9CE2669531362156867799" 
IssueInstant="2013-03-01T16:54:27.792Z" Version="2.0">

                     <saml2:Issuer>LNI SAML Token Service</saml2:Issuer>

                     <ds:Signature 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>

                           <ds:SignedInfo>

                                <ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />

                                <ds:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />

                                <ds:Reference 
URI="#urn:uuid:CCD9102DB9CE2669531362156867799">

                                     <ds:Transforms>

                                           <ds:Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />

                                           <ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>

                                                <ec:InclusiveNamespaces 
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xs" />

                                           </ds:Transform>

                                     </ds:Transforms>

                                     <ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />

                                     
<ds:DigestValue>hL3WFtfHoQamGfaXGbMfGS7Nn0o=</ds:DigestValue>

                                </ds:Reference>

                           </ds:SignedInfo>

                          
<ds:SignatureValue>dldKDhBH2YIAT7hQVdAFn1dbgZtQguJKHNOTz0QtfwAAAKb8iwYZMQuv/DwlgC0cIYprGWqp+4qnpX0Jp3OY8PpQESbrTl9/MumZcmQYEla8Ojey116mBGPiYmpnp1lNQvwwaZBqvOTChXRj0uns13wRteQy7vx99eQeubneIgo=</ds:SignatureValue>

                           <ds:KeyInfo>

                                <ds:X509Data>

                                     
<ds:X509Certificate>MIICvjCCAiegAwIBAgIES1f+AjANBgkqhkiG9w0BAQUFADCBiTEhMB8GCSqGSIb3DQEJARYSbmFuZGFuYUBhcGFjaGUub3JnMQswCQYDVQQGEwJMSzEQMA4GA1UECAwHV2VzdGVybjEQMA4GA1UEBwwHQ29sb21ibzEPMA0GA1UECgwGQXBhY2hlMRAwDgYDVQQLDAdSYW1wYXJ0MRAwDgYDVQQDDAdzZXJ2aWNlMB4XDTEwMDEyMTA3MTA1OFoXDTM1MDExNTA3MTA1OFowgYkxITAfBgkqhkiG9w0BCQEWEm5hbmRhbmFAYXBhY2hlLm9yZzELMAkGA1UEBhMCTEsxEDAOBgNVBAgMB1dlc3Rlcm4xEDAOBgNVBAcMB0NvbG9tYm8xDzANBgNVBAoMBkFwYWNoZTEQMA4GA1UECwwHUmFtcGFydDEQMA4GA1UEAwwHc2VydmljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlAwDwx/FRgDReNc8Xuzo7/gHejimFkseCm+7WaFZp0dGwTnEJWNwWZk4yMw/1FqWCgGHAbJBT25TAljleKDMUlZJPaU6PkJD8Hn94A1EstBDYA70pH3wt1moDxYbcG2QLxC1WrFM6aqR3NB92zG8T3Q9X4jxGGWPkd39IndfdDMCAwEAAaMxMC8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIEsDANBgkqhkiG9w0BAQUFAAOBgQBeAOERzydvAUNipBKOVg3FcjGTyMg3lzo7S1DFg7qTM4FZwUf2zw9XMagVLJRsaw+Asj8mqnugTpB4jBJCrCGZ7YEviXz4PnqQjuuov5rXtFIc1Bp/PQmQt+LiZ2zln+fFxnSoHEzUsqs5zhdy/uIP0srAtBosdHxL9BJHxd7wQw==</ds:X509Certificate>

                                </ds:X509Data>

                           </ds:KeyInfo>

                     </ds:Signature>

                     <saml2:Subject>

                           <saml2:SubjectConfirmation 
Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">

                                <saml2:SubjectConfirmationData 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
NotBefore="2013-03-01T16:54:27.792Z" NotOnOrAfter="2013-03-01T17:37:39.792Z" 
xsi:type="saml2:KeyInfoConfirmationDataType">

                                     <ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>

                                           <xenc:EncryptedKey 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Id="EK-C82A2592DB5193D51C13621568677947">

                                                <xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />

                                                <ds:KeyInfo>

                                                     
<wsse:SecurityTokenReference 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>

                                                           <wsse:KeyIdentifier 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
 
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>EPlMdE3oRiNlo8bGg3BLR3uGWT8=</wsse:KeyIdentifier>

                                                     
</wsse:SecurityTokenReference>

                                                </ds:KeyInfo>

                                                <xenc:CipherData>

                                                     
<xenc:CipherValue>JkAWwNH+FdRevF6o9zjB+FTmwxe58jYFeHQO684YNeM5zSLvKna47h/v1OowtnDf5htaBo3uEqp8xPf+IDOYjNQLHfsDHZ60EvVUjrHKXALE5pRcFtqX93iiUE/Ke4zpVvGQjyMxer454Qo/SL98xd6v4jpDc/zKMK4iGPO+YaI=</xenc:CipherValue>

                                                </xenc:CipherData>

                                           </xenc:EncryptedKey>

                                     </ds:KeyInfo>

                                </saml2:SubjectConfirmationData>

                           </saml2:SubjectConfirmation>

                     </saml2:Subject>

                     <saml2:Conditions NotBefore="2013-03-01T16:54:27.792Z" 
NotOnOrAfter="2013-03-01T17:37:39.792Z" />

                     <saml2:AttributeStatement>

                           <saml2:Attribute Name="program" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

                                <saml2:AttributeValue 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:type="xs:string">Continua</saml2:AttributeValue>

                           </saml2:Attribute>

                           <saml2:Attribute Name="user" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

                                <saml2:AttributeValue 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:type="xs:string">Sisansarah</saml2:AttributeValue>

                           </saml2:Attribute>

                     </saml2:AttributeStatement>

                </saml2:Assertion>

           </wsse:Security>

        <wsa:To 
soapenv:mustUnderstand="true">https://192.168.1.3:8443/axis2/services/Exchange</wsa:To>

        <wsa:ReplyTo soapenv:mustUnderstand="true">

            
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>

        </wsa:ReplyTo>

        <wsa:MessageID 
soapenv:mustUnderstand="true">urn:uuid:1_1362156894340</wsa:MessageID>

        <wsa:Action 
soapenv:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>

    </soapenv:Header>

    <soapenv:Body>

           <pcd:CommunicatePCDData xmlns:pcd="urn:ihe:pcd:dec:2010">

           MSH|^~\&amp;|LNI Example 
AHD^ECDE3D4E58532D31^EUI-64||||20130301115450.720-0500||ORU^R01^ORU_R01|002013030111545720|P|2.6|||NE|AL|||||IHE
 PCD ORU-R012006^HL7^2.16.840.1.113883.9.n.m^HL7&#xD;

        
PID|||28da0026bc42484^^^1.19.6.24.109.42.1.3^PI||Piggy^Sisansarah^L.^^^^L&#xD;

        OBR|1|JOXP-PCD^LNI Example AHD^ECDE3D4E58532D31^EUI-64|JOXP-PCD^LNI 
Example AHD^ECDE3D4E58532D31^EUI-64|182777000^monitoring of 
patient^SNOMED-CT|||20130301115452.000-0500|20130301115455.001-0500&#xD;

          
OBX|1||531981^MDC_MOC_VMS_MDS_AHD^MDC|0|||||||X|||||||ECDE3D4E58532D31^^ECDE3D4E58532D31^EUI-64&#xD;OBX|2|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|0.0.0.1|2^auth-body-continua||||||R&#xD;OBX|3|ST|532352^MDC_REG_CERT_DATA_CONTINUA_VERSION^MDC|0.0.0.1.1|2.0||||||R&#xD;OBX|4|CWE|532353^MDC_REG_CERT_DATA_CONTINUA_CERT_DEV_LIST^MDC|0.0.0.1.2|4||||||R&#xD;OBX|5|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|0.0.0.2|2^auth-body-continua||||||R&#xD;OBX|6|ST|532354^MDC_REG_CERT_DATA_CONTINUA_REG_STATUS^MDC|0.0.0.2.1|1^(0)||||||R&#xD;OBX|7|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|0.0.0.3|2^auth-body-continua||||||R&#xD;OBX|8|CWE|532355^MDC_REG_CERT_DATA_CONTINUA_AHD_CERT_LIST^MDC|0.0.0.3.1|0||||||R&#xD;OBX|9|CWE|68220^MDC_TIME_SYNC_PROTOCOL^MDC|0.0.0.4|532224^MDC_TIME_SYNC_NONE^MDC||||||R&#xD;OBX|10||528391^MDC_DEV_SPEC_PROFILE_BP^MDC|1|||||||X|||||||1234567800112233^^1234567800112233^EUI-64&#xD;OBX|11|ST|531970^MDC_ID_MODEL_MANUFACTURER^MDC|1.0.0.1|Lamprey
 Networks||||||R&#xD;

           OBX|12|ST|531969^MDC_ID_MODEL_NUMBER^MDC|1.0.0.2|Blood Pressure 
1.0.0||||||R&#xD;

           
OBX|13|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|1.0.0.3|2^auth-body-continua||||||R&#xD;OBX|14|ST|532352^MDC_REG_CERT_DATA_CONTINUA_VERSION^MDC|1.0.0.3.1|2.0||||||R&#xD;OBX|15|CWE|532353^MDC_REG_CERT_DATA_CONTINUA_CERT_DEV_LIST^MDC|1.0.0.3.2|24583~8199~16391~7||||||R&#xD;OBX|16|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|1.0.0.4|2^auth-body-continua||||||R&#xD;OBX|17|CWE|532354^MDC_REG_CERT_DATA_CONTINUA_REG_STATUS^MDC|1.0.0.4.1|1^(0)||||||R&#xD;OBX|18|CWE|68219^MDC_TIME_CAP_STATE^MDC|1.0.0.5|1^(0)||||||R&#xD;OBX|19|CWE|68220^MDC_TIME_SYNC_PROTOCOL^MDC|1.0.0.6|532224^MDC_TIME_SYNC_NONE^MDC||||||R&#xD;OBX|20|NM|68221^MDC_TIME_SYNC_ACCURACY^MDC|1.0.0.7|0|264339^MDC_DIM_MICRO_SEC^MDC|||||R&#xD;OBX|21|DTM|67975^MDC_ATTR_TIME_ABS^MDC|1.0.0.8|20130301115423.00||||||R|||20130301115450.733-0500&#xD;OBX|22||150020^MDC_PRESS_BLD_NONINV^MDC|1.0.1|||||||X|||20130301115452.733-0500&#xD;OBX|23|NM|150021^MDC_PRESS_BLD_NONINV_SYS^MDC|1.0.1.1|105|266016^MDC_DIM_MMHG^MDC|||||R&#xD;OBX|24|NM|150022^MDC_PRESS_BLD_NONINV_DIA^MDC|1.0.1.2|70|266016^MDC_DIM_MMHG^MDC|||||R&#xD;OBX|25|NM|150023^MDC_PRESS_BLD_NONINV_MEAN^MDC|1.0.1.3|81.7|266016^MDC_DIM_MMHG^MDC|||||R&#xD;OBX|26|NM|149546^MDC_PULS_RATE_NON_INV^MDC|1.0.0.9|80|264864^MDC_DIM_BEAT_PER_MIN^MDC|||||R|||20130301115453.733-0500&#xD;

           </pcd:CommunicatePCDData>

     </soapenv:Body>

</soapenv:Envelope>

 

From: Rangasamy, Prakash [mailto:prakash.rangas...@scientificgames.com] 
Sent: Fri, April 03, 2015 1:04 AM
To: java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Hi Brian,

                we have STS server which generates Token, that is perfectly 
fine. My doubt is, how to include the token to soap header. I tried to include 
the token to soap request through setproperty(refer code snippet below) 

options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, 
responseToken.getId());

 

but when we examine the soap request in log, not able to locate the attached 
SAMl  token.

 

1.    I don't know where we are sending to the server the SAML assertion in the 
soapMessage, is this because the information is encryptied?

2.    Could you please share me some tutorial about rampart policy(how to sign, 
encrypt, include SAML)

 

your reply is highly appreciated..

 

Thanks,

Prakash

From: Brian Reinhold [mailto:brianreinh...@lampreynetworks.com] 
Sent: 03 April 2015 AM 03:22
To: java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Prakash,

 

I am not sure what you are trying to do. Usually the client requests a token 
from a SAML server (perhaps with WS-Trust) and the token is generated on the 
server which you then use as an opaque block in a message to the server. Are 
you creating the token on the client?

 

Brian

 

From: Rangasamy, Prakash [mailto:prakash.rangas...@scientificgames.com] 
Sent: Thu, April 02, 2015 12:38 PM
To: java-dev@axis.apache.org
Subject: SAML Assertion not attached to soap header

 

Hi,
 I'm new in SAML with Axis2 Rampart. we are developing a web service client to 
communicate to secure web service which has SAML enabled. 
we included the SAML Assertion to soap request thru KEY_CUSTOM_ISSUED_TOKEN. 
but when we examine the request sent to endpoint, SAML Assertion is not present 
in header.

Is this issue in rampart or im missing something in the config. 

thanks,
Prakash

 

 

Prakash Rangasamy | Software Analyst |  <http://www.ballytech.com> Bally 
Technologies  | (O) +1 702 532 2662 | (M) +91 77 6039 7260


May be privileged. May be confidential. Please delete if not the addressee.
Prakash Rangasamy

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15

Reply via email to