OpenSSO & Rampart,
I'm trying to use the Rampart/Axis2 client libraries to retrieve a SAML
assertion from an OpenSSO STS. When I run the code I get the following
OpenSSO error:
INFO: Verification successful for URI "#Timestamp-3098834"
javax.xml.ws.WebServiceException: java.lang.NullPointerException
at
com.sun.xml.wss.provider.wsit.ServerSecurityTube.processException(ServerSecurityTube.java:201)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:593)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at
com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
at
com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
at
com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:129)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:160)
at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:75)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
com.sun.identity.wss.sts.SecurityTokenService.doPost(SecurityTokenService.java:123)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.NullPointerException
at
com.sun.xml.ws.message.AbstractHeaderImpl.isIgnorable(AbstractHeaderImpl.java:109)
at
com.sun.xml.ws.protocol.soap.MUTube.getMisUnderstoodHeaders(MUTube.java:114)
at
com.sun.xml.ws.protocol.soap.ServerMUTube.processRequest(ServerMUTube.java:75)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
... 32 more
Here's the trace from wireshark:
POST /opensso/sts HTTP/1.1
Content-Type: application/soap+xml; charset=UTF-8; action="
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue";
User-Agent: Axis2
Host: localhost:8080
Transfer-Encoding: chunked
f9c
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="
http://www.w3.org/2003/05/soap-envelope";><soapenv:Header xmlns:wsa="
http://schemas.xmlsoap.org/ws/2004/08/addressing";>
<wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="true"><wsu:Timestamp xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-5626173"><wsu:Created>2009-03-09T15:30:07.898Z</wsu:Created><wsu:Expires>2009-03-09T15:35:07.898Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1";
wsu:Id="CertId-148082">MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA==</wsse:BinarySecurityToken><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-3860801">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
/>
<ds:Reference URI="#Id-5555373">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>XihwRktko5xqz/3M42Jfqb/Cdco=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-5626173">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>b4TersBSTdXDwb2rGoljh8T4S7c=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
YxYsEuE1XIySWGUGGVoT54t9hUQe4w2VrMZZbVq8jrPlLhNvVlMtquHAz4Mmo6X4qGwXlZFPR9fI
GUVym6rhdfqZrSjNeeT1Vz7NMWE19nIWVLtio3ZfEMkjiipS9Nj04KQNLd8E4atohb5E1Ek3KVxa
SCLUzlO8BJvLFMqO0E8=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-30633470">
<wsse:SecurityTokenReference xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-25610032"><wsse:Reference URI="#CertId-148082" ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1";
/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security><wsa:To>http://localhost:8080/opensso/sts
</wsa:To><wsa:ReplyTo><wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address></wsa:ReplyTo><wsa:MessageID>urn:uuid:B261E76879E28B7ECD1236612606354</wsa:MessageID><wsa:Action>
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action></soapenv:Header><soapenv:Body
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-5555373"><wst:RequestSecurityToken xmlns:wst="
http://schemas.xmlsoap.org/ws/2005/02/trust";><wst:RequestType>
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
</wst:RequestType><wst:Lifetime><wsu:Created>2009-03-09T15:30:06.208Z</wsu:Created><wsu:Expires>2009-03-09T15:35:06.208Z</wsu:Expires></wst:Lifetime><wst:TokenType>http
204
://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
</wst:TokenType><wst:KeyType>
http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</wst:KeyType><wst:KeySize>256</wst:KeySize><wst:Entropy><wst:BinarySecret
Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
">OgPDrwxe4BRXXHs+ZNcCYYjuX674GXSA</wst:BinarySecret></wst:Entropy><wst:ComputedKeyAlgorithm>
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
</wst:ComputedKeyAlgorithm></wst:RequestSecurityToken></soapenv:Body></soapenv:Envelope>
0
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: application/soap+xml;charset=utf-8
Transfer-Encoding: chunked
Date: Mon, 09 Mar 2009 15:30:08 GMT
Connection: close
6c
<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="
http://www.w3.org/2003/05/soap-envelope";><S:Body>
2000
<S:Fault
xmlns:ns4="http://schemas.xmlsoap.org/soap/envelope/";><S:Code><S:Value>S:Receiver</S:Value></S:Code><S:Reason><S:Text
xml:lang="en">java.lang.NullPointerException</S:Text></S:Reason><S:Detail><ns2:exception
xmlns:ns2="http://jax-ws.dev.java.net/";
class="javax.xml.ws.WebServiceException" note="To disable this feature, set
com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system
property to
false"><message>java.lang.NullPointerException</message><ns2:stackTrace><ns2:frame
class="com.sun.xml.wss.provider.wsit.ServerSecurityTube"
file="ServerSecurityTube.java" line="201"
method="processException"/><ns2:frame class="com.sun.xml.ws.api.pipe.Fiber"
file="Fiber.java" line="593" method="__doRun"/><ns2:frame
class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="557"
method="_doRun"/><ns2:frame class="com.sun.xml.ws.api.pipe.Fiber"
file="Fiber.java" line="542" method="doRun"/><ns2:frame
class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="439"
method="runSync"/><ns2:frame class="com.sun.xml.ws.server.WSEndpointImpl$2"
file="WSEndpointImpl.java" line="243" method="process"/><ns2:frame
class="com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit"
file="HttpAdapter.java" line="444" method="handle"/><ns2:frame
class="com.sun.xml.ws.transport.http.HttpAdapter" file="HttpAdapter.java"
line="244" method="handle"/><ns2:frame
class="com.sun.xml.ws.transport.http.servlet.ServletAdapter"
file="ServletAdapter.java" line="135" method="handle"/><ns2:frame
class="com.sun.xml.ws.transport.http.servlet.WSServletDelegate"
file="WSServletDelegate.java" line="129" method="doGet"/><ns2:frame
class="com.sun.xml.ws.transport.http.servlet.WSServletDelegate"
file="WSServletDelegate.java" line="160" method="doPost"/><ns2:frame
class="com.sun.xml.ws.transport.http.servlet.WSServlet"
file="WSServlet.java" line="75" method="doPost"/><ns2:frame
class="sun.reflect.NativeMethodAccessorImpl"
file="NativeMethodAccessorImpl.java" line="native"
method="invoke0"/><ns2:frame class="sun.reflect.NativeMethodAccessorImpl"
file="NativeMethodAccessorImpl.java" line="39" method="invoke"/><ns2:frame
class="sun.reflect.DelegatingMethodAccessorImpl"
file="DelegatingMethodAccessorImpl.java" line="25"
method="invoke"/><ns2:frame class="java.lang.reflect.Method"
file="Method.java" line="597" method="invoke"/><ns2:frame
class="com.sun.identity.wss.sts.SecurityTokenService"
file="SecurityTokenService.java" line="123" method="doPost"/><ns2:frame
class="javax.servlet.http.HttpServlet" file="HttpServlet.java" line="637"
method="service"/><ns2:frame class="javax.servlet.http.HttpServlet"
file="HttpServlet.java" line="717" method="service"/><ns2:frame
class="org.apache.catalina.core.ApplicationFilterChain"
file="ApplicationFilterChain.java" line="290"
method="internalDoFilter"/><ns2:frame
class="org.apache.catalina.core.ApplicationFilterChain"
file="ApplicationFilterChain.java" line="206" method="doFilter"/><ns2:frame
class="com.sun.identity.setup.AMSetupFilter" file="AMSetupFilter.java"
line="91" method="doFilter"/><ns2:frame
class="org.apache.catalina.core.ApplicationFilterChain"
file="ApplicationFilterChain.java" line="235"
method="internalDoFilter"/><ns2:frame
class="org.apache.catalina.core.ApplicationFilterChain"
file="ApplicationFilterChain.java" line="206" method="doFilter"/><ns2:frame
class="org.apache.catalina.core.StandardWrapperValve"
file="StandardWrapperValve.java" line="233" method="invoke"/><ns2:frame
class="org.apache.catalina.core.StandardContextValve"
file="StandardContextValve.java" line="191" method="invoke"/><ns2:frame
class="org.apache.catalina.core.StandardHostValve"
file="StandardHostValve.java" line="128" method="invoke"/><ns2:frame
class="org.apache.catalina.valves.ErrorReportValve"
file="ErrorReportValve.java" line="102" method="invoke"/><ns2:frame
class="org.apache.catalina.core.StandardEngineValve"
file="StandardEngineValve.java" line="109" method="invoke"/><ns2:frame
class="org.apache.catalina.connector.CoyoteAdapter"
file="CoyoteAdapter.java" line="286" method="service"/><ns2:frame
class="org.apache.coyote.http11.Http11Processor" file="Http11Processor.java"
line="845" method="process"/><ns2:frame
class="org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler"
file="Http11Protocol.java" line="583" method="process"/><ns2:frame
class="org.apache.tomcat.util.net.JIoEndpoint$Worker"
file="JIoEndpoint.java" line="447" method="run"/><ns2:frame
class="java.lang.Thread" file="Thread.java" line="619"
method="run"/></ns2:stackTrace><ns2:cause
class="java.lang.NullPointerException" note="To disable this feature, set
com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system
property to false"><ns2:stackTrace><ns2:frame
class="com.sun.xml.ws.message.AbstractHeaderImpl"
file="AbstractHeaderImpl.java" line="109" method="isIgnorable"/><ns2:frame
class="com.sun.xml.ws.protocol.soap.MUTube" file="MUTube.java" line="114"
method="getMisUnderstoodHeaders"/><ns2:frame
class="com.sun.xml.ws.protocol.soap.ServerMUTube" file="ServerMUTube.java"
line="75" method="processRequest"/><ns2:frame
class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="598"
method="__doRun"/><ns2:frame class="com.sun.xml.ws.api.pipe.Fiber"
file="Fiber.java" line="557" method="_doRun"/><ns2:frame
class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="542"
method="doRun"/><ns2:frame class="com.sun.xml.ws.api.pipe.Fiber"
file="Fiber.java" line="439" method="runSync"/><ns2:frame
class="com.sun.xml.ws.server.WSEndpointImpl$2" file="WSEndpointImpl.java"
line="243" method="process"/><ns2:frame
class="com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit"
file="HttpAdapter.java" line="444" method="handle"/><ns2:frame
class="com.sun.xml.ws.transport.http.HttpAdapter" file="HttpAdapter.java"
line="244" method="handle"/><ns2:frame
class="com.sun.xml.ws.transport.http.servlet.ServletAdapter"
file="ServletAdapter.java" line="135" method="handle"/><ns2:frame
class="com.sun.xml.ws.transport.http.servlet.WSServletDelegate"
file="WSServletDelegate.java" line="129" method="doGet"/><ns2:frame
class="com.sun.xml.ws.transport.http.servlet.WSServletDelegate"
file="WSServletDelegate.java" line="160" method="doPost"/><ns2:frame
class="com.sun.xml.ws.transport.http.servlet.WSServlet"
file="WSServlet.java" line="75" method="doPost"/><ns2:frame
class="sun.reflect.NativeMethodAccessorImpl"
file="NativeMethodAccessorImpl.java" line="native"
method="invoke0"/><ns2:frame class="sun.reflect.NativeMethodAccessorImpl"
file="NativeMethodAccessorImpl.java" line="39" method="invoke"/><ns2:frame
class="sun.reflect.DelegatingMethodAccessorImpl"
file="DelegatingMethodAccessorImpl.java" line="25"
method="invoke"/><ns2:frame class="java.lang.reflect.Method"
file="Method.java" line="597" method="invoke"/><ns2:frame
class="com.sun.identity.wss.sts.SecurityTokenService"
file="SecurityTokenService.java" line="123" method="doPost"/><ns2:frame
class="javax.servlet.http.HttpServlet" file="HttpServlet.java" line="637"
method="service"/><ns2:frame class="javax.servlet.http.HttpServlet"
file="HttpServlet.java" line="717" method="service"/><ns2:frame
class="org.apache.catalina.core.ApplicationFilterChain"
file="ApplicationFilterChain.java" line="290"
method="internalDoFilter"/><ns2:frame
class="org.apache.catalina.core.ApplicationFilterChain"
file="ApplicationFilterChain.java" line="206" method="doFilter"/><ns2:frame
class="com.sun.identity.setup.AMSetupFilter" file="AMSetupFilter.java"
line="91" method="doFilter"/><ns2:frame
class="org.apache.catalina.core.ApplicationFilterChain"
file="ApplicationFilterChain.java" line="235"
method="internalDoFilter"/><ns2:frame
class="org.apache.catalina.core.ApplicationFilterChain"
file="ApplicationFilterChain.java" line="206" method="doFilter"/><ns2:frame
class="org.apache.catalina.core.StandardWrapperValve"
file="StandardWrapperValve.java" line="233" method="invoke"/><ns2:frame
class="org.apache.catalina.core.StandardContextValve"
file="StandardContextValve.java" line="191" method="invoke"/><ns2:frame
class="org.apache.catalina.core.StandardHostValve"
file="StandardHostValve.java" line="128" method="invoke"/><ns2:frame
class="org.apache.catalina.valves.ErrorReportV
34b
alve" file="ErrorReportValve.java" line="102" method="invoke"/><ns2:frame
class="org.apache.catalina.core.StandardEngineValve"
file="StandardEngineValve.java" line="109" method="invoke"/><ns2:frame
class="org.apache.catalina.connector.CoyoteAdapter"
file="CoyoteAdapter.java" line="286" method="service"/><ns2:frame
class="org.apache.coyote.http11.Http11Processor" file="Http11Processor.java"
line="845" method="process"/><ns2:frame
class="org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler"
file="Http11Protocol.java" line="583" method="process"/><ns2:frame
class="org.apache.tomcat.util.net.JIoEndpoint$Worker"
file="JIoEndpoint.java" line="447" method="run"/><ns2:frame
class="java.lang.Thread" file="Thread.java" line="619"
method="run"/></ns2:stackTrace></ns2:cause></ns2:exception></S:Detail></S:Fault></S:Body></S:Envelope>
The same code works with the rampart STS
Thanks
Marc
