Ahh, I see. Okay first its been a while since I have used axis 2 / rampart on the client side. I have an Android client which has extreme difficulty supporting axis2 so I created the SOAP message using basic Java http classes.
But I have done it using axis2/rampart. I will see if I can dig them up. But you are likely missing something simple. It ends up looking like this with the SAML token highlighted in blue. Get the latest version of Rampart as well. Earlier versions were not generating the token correctly. It was missing some namespaces (I think it used the xsi prefix without defining it in older versions but I forget…) which often occurred in other parts of the security header so it didn’t cause a problem. But the token should be stand-alone. POST /axis2/services/Exchange HTTP/1.1 Content-Type: application/soap+xml; charset=UTF-8; action="urn:ihe:pcd:2010:CommunicatePCDData" User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.0.4; Nexus S Build/IMM26) Host: 192.168.1.3:8443 Connection: Keep-Alive Accept-Encoding: gzip Content-Length: 8348 <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security soapenv:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Timestamp wsu:Id="Timestamp-3"> <wsu:Created>2013-03-01T16:54:54.336</wsu:Created> <wsu:Expires>2013-03-01T16:59:54.336</wsu:Expires> </wsu:Timestamp> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="urn:uuid:CCD9102DB9CE2669531362156867799" IssueInstant="2013-03-01T16:54:27.792Z" Version="2.0"> <saml2:Issuer>LNI SAML Token Service</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#urn:uuid:CCD9102DB9CE2669531362156867799"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>hL3WFtfHoQamGfaXGbMfGS7Nn0o=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>dldKDhBH2YIAT7hQVdAFn1dbgZtQguJKHNOTz0QtfwAAAKb8iwYZMQuv/DwlgC0cIYprGWqp+4qnpX0Jp3OY8PpQESbrTl9/MumZcmQYEla8Ojey116mBGPiYmpnp1lNQvwwaZBqvOTChXRj0uns13wRteQy7vx99eQeubneIgo=</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIICvjCCAiegAwIBAgIES1f+AjANBgkqhkiG9w0BAQUFADCBiTEhMB8GCSqGSIb3DQEJARYSbmFuZGFuYUBhcGFjaGUub3JnMQswCQYDVQQGEwJMSzEQMA4GA1UECAwHV2VzdGVybjEQMA4GA1UEBwwHQ29sb21ibzEPMA0GA1UECgwGQXBhY2hlMRAwDgYDVQQLDAdSYW1wYXJ0MRAwDgYDVQQDDAdzZXJ2aWNlMB4XDTEwMDEyMTA3MTA1OFoXDTM1MDExNTA3MTA1OFowgYkxITAfBgkqhkiG9w0BCQEWEm5hbmRhbmFAYXBhY2hlLm9yZzELMAkGA1UEBhMCTEsxEDAOBgNVBAgMB1dlc3Rlcm4xEDAOBgNVBAcMB0NvbG9tYm8xDzANBgNVBAoMBkFwYWNoZTEQMA4GA1UECwwHUmFtcGFydDEQMA4GA1UEAwwHc2VydmljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlAwDwx/FRgDReNc8Xuzo7/gHejimFkseCm+7WaFZp0dGwTnEJWNwWZk4yMw/1FqWCgGHAbJBT25TAljleKDMUlZJPaU6PkJD8Hn94A1EstBDYA70pH3wt1moDxYbcG2QLxC1WrFM6aqR3NB92zG8T3Q9X4jxGGWPkd39IndfdDMCAwEAAaMxMC8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIEsDANBgkqhkiG9w0BAQUFAAOBgQBeAOERzydvAUNipBKOVg3FcjGTyMg3lzo7S1DFg7qTM4FZwUf2zw9XMagVLJRsaw+Asj8mqnugTpB4jBJCrCGZ7YEviXz4PnqQjuuov5rXtFIc1Bp/PQmQt+LiZ2zln+fFxnSoHEzUsqs5zhdy/uIP0srAtBosdHxL9BJHxd7wQw==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Subject> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml2:SubjectConfirmationData xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" NotBefore="2013-03-01T16:54:27.792Z" NotOnOrAfter="2013-03-01T17:37:39.792Z" xsi:type="saml2:KeyInfoConfirmationDataType"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-C82A2592DB5193D51C13621568677947"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">EPlMdE3oRiNlo8bGg3BLR3uGWT8=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>JkAWwNH+FdRevF6o9zjB+FTmwxe58jYFeHQO684YNeM5zSLvKna47h/v1OowtnDf5htaBo3uEqp8xPf+IDOYjNQLHfsDHZ60EvVUjrHKXALE5pRcFtqX93iiUE/Ke4zpVvGQjyMxer454Qo/SL98xd6v4jpDc/zKMK4iGPO+YaI=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> </saml2:SubjectConfirmationData> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2013-03-01T16:54:27.792Z" NotOnOrAfter="2013-03-01T17:37:39.792Z" /> <saml2:AttributeStatement> <saml2:Attribute Name="program" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Continua</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="user" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Sisansarah</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> </saml2:Assertion> </wsse:Security> <wsa:To soapenv:mustUnderstand="true">https://192.168.1.3:8443/axis2/services/Exchange</wsa:To> <wsa:ReplyTo soapenv:mustUnderstand="true"> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> </wsa:ReplyTo> <wsa:MessageID soapenv:mustUnderstand="true">urn:uuid:1_1362156894340</wsa:MessageID> <wsa:Action soapenv:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action> </soapenv:Header> <soapenv:Body> <pcd:CommunicatePCDData xmlns:pcd="urn:ihe:pcd:dec:2010"> MSH|^~\&|LNI Example AHD^ECDE3D4E58532D31^EUI-64||||20130301115450.720-0500||ORU^R01^ORU_R01|002013030111545720|P|2.6|||NE|AL|||||IHE PCD ORU-R012006^HL7^2.16.840.1.113883.9.n.m^HL7
 PID|||28da0026bc42484^^^1.19.6.24.109.42.1.3^PI||Piggy^Sisansarah^L.^^^^L
 OBR|1|JOXP-PCD^LNI Example AHD^ECDE3D4E58532D31^EUI-64|JOXP-PCD^LNI Example AHD^ECDE3D4E58532D31^EUI-64|182777000^monitoring of patient^SNOMED-CT|||20130301115452.000-0500|20130301115455.001-0500
 OBX|1||531981^MDC_MOC_VMS_MDS_AHD^MDC|0|||||||X|||||||ECDE3D4E58532D31^^ECDE3D4E58532D31^EUI-64
OBX|2|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|0.0.0.1|2^auth-body-continua||||||R
OBX|3|ST|532352^MDC_REG_CERT_DATA_CONTINUA_VERSION^MDC|0.0.0.1.1|2.0||||||R
OBX|4|CWE|532353^MDC_REG_CERT_DATA_CONTINUA_CERT_DEV_LIST^MDC|0.0.0.1.2|4||||||R
OBX|5|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|0.0.0.2|2^auth-body-continua||||||R
OBX|6|ST|532354^MDC_REG_CERT_DATA_CONTINUA_REG_STATUS^MDC|0.0.0.2.1|1^(0)||||||R
OBX|7|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|0.0.0.3|2^auth-body-continua||||||R
OBX|8|CWE|532355^MDC_REG_CERT_DATA_CONTINUA_AHD_CERT_LIST^MDC|0.0.0.3.1|0||||||R
OBX|9|CWE|68220^MDC_TIME_SYNC_PROTOCOL^MDC|0.0.0.4|532224^MDC_TIME_SYNC_NONE^MDC||||||R
OBX|10||528391^MDC_DEV_SPEC_PROFILE_BP^MDC|1|||||||X|||||||1234567800112233^^1234567800112233^EUI-64
OBX|11|ST|531970^MDC_ID_MODEL_MANUFACTURER^MDC|1.0.0.1|Lamprey Networks||||||R
 OBX|12|ST|531969^MDC_ID_MODEL_NUMBER^MDC|1.0.0.2|Blood Pressure 1.0.0||||||R
 OBX|13|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|1.0.0.3|2^auth-body-continua||||||R
OBX|14|ST|532352^MDC_REG_CERT_DATA_CONTINUA_VERSION^MDC|1.0.0.3.1|2.0||||||R
OBX|15|CWE|532353^MDC_REG_CERT_DATA_CONTINUA_CERT_DEV_LIST^MDC|1.0.0.3.2|24583~8199~16391~7||||||R
OBX|16|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|1.0.0.4|2^auth-body-continua||||||R
OBX|17|CWE|532354^MDC_REG_CERT_DATA_CONTINUA_REG_STATUS^MDC|1.0.0.4.1|1^(0)||||||R
OBX|18|CWE|68219^MDC_TIME_CAP_STATE^MDC|1.0.0.5|1^(0)||||||R
OBX|19|CWE|68220^MDC_TIME_SYNC_PROTOCOL^MDC|1.0.0.6|532224^MDC_TIME_SYNC_NONE^MDC||||||R
OBX|20|NM|68221^MDC_TIME_SYNC_ACCURACY^MDC|1.0.0.7|0|264339^MDC_DIM_MICRO_SEC^MDC|||||R
OBX|21|DTM|67975^MDC_ATTR_TIME_ABS^MDC|1.0.0.8|20130301115423.00||||||R|||20130301115450.733-0500
OBX|22||150020^MDC_PRESS_BLD_NONINV^MDC|1.0.1|||||||X|||20130301115452.733-0500
OBX|23|NM|150021^MDC_PRESS_BLD_NONINV_SYS^MDC|1.0.1.1|105|266016^MDC_DIM_MMHG^MDC|||||R
OBX|24|NM|150022^MDC_PRESS_BLD_NONINV_DIA^MDC|1.0.1.2|70|266016^MDC_DIM_MMHG^MDC|||||R
OBX|25|NM|150023^MDC_PRESS_BLD_NONINV_MEAN^MDC|1.0.1.3|81.7|266016^MDC_DIM_MMHG^MDC|||||R
OBX|26|NM|149546^MDC_PULS_RATE_NON_INV^MDC|1.0.0.9|80|264864^MDC_DIM_BEAT_PER_MIN^MDC|||||R|||20130301115453.733-0500
 </pcd:CommunicatePCDData> </soapenv:Body> </soapenv:Envelope> From: Rangasamy, Prakash [mailto:prakash.rangas...@scientificgames.com] Sent: Fri, April 03, 2015 1:04 AM To: java-dev@axis.apache.org Subject: RE: SAML Assertion not attached to soap header Hi Brian, we have STS server which generates Token, that is perfectly fine. My doubt is, how to include the token to soap header. I tried to include the token to soap request through setproperty(refer code snippet below) options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId()); but when we examine the soap request in log, not able to locate the attached SAMl token. 1. I don't know where we are sending to the server the SAML assertion in the soapMessage, is this because the information is encryptied? 2. Could you please share me some tutorial about rampart policy(how to sign, encrypt, include SAML) your reply is highly appreciated.. Thanks, Prakash From: Brian Reinhold [mailto:brianreinh...@lampreynetworks.com] Sent: 03 April 2015 AM 03:22 To: java-dev@axis.apache.org Subject: RE: SAML Assertion not attached to soap header Prakash, I am not sure what you are trying to do. Usually the client requests a token from a SAML server (perhaps with WS-Trust) and the token is generated on the server which you then use as an opaque block in a message to the server. Are you creating the token on the client? Brian From: Rangasamy, Prakash [mailto:prakash.rangas...@scientificgames.com] Sent: Thu, April 02, 2015 12:38 PM To: java-dev@axis.apache.org Subject: SAML Assertion not attached to soap header Hi, I'm new in SAML with Axis2 Rampart. we are developing a web service client to communicate to secure web service which has SAML enabled. we included the SAML Assertion to soap request thru KEY_CUSTOM_ISSUED_TOKEN. but when we examine the request sent to endpoint, SAML Assertion is not present in header. Is this issue in rampart or im missing something in the config. thanks, Prakash Prakash Rangasamy | Software Analyst | <http://www.ballytech.com> Bally Technologies | (O) +1 702 532 2662 | (M) +91 77 6039 7260 May be privileged. May be confidential. Please delete if not the addressee. Prakash Rangasamy _____ No virus found in this message. Checked by AVG - www.avg.com Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15 No virus found in this message. Checked by AVG - www.avg.com Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15 _____ No virus found in this message. Checked by AVG - www.avg.com Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15 No virus found in this message. Checked by AVG - www.avg.com Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15