Hi all
I do some basic authorization checks within my JAX-WS implementation code and
was wondering how to return a standard SOAP fault according to the WS-Security
spec here:
Web Services Security: SOAP Message Security Version 1.1.1
Hi there
I've created the following simple JAX-RS implementation:
@Service
@Configuration
public class ApiServiceImpl implements DefaultApi {
@Context
SecurityContext securityContext;
@Override
public string sayHi(String name) {
securityContext.getUserPrincipal()
}
}
));
return endpoint.create();
}
}
It's important to let Spring instantiate the API implementation class
(DefaultApi) as well thus you can also inject beans there as well.
Thanks
Oli
Von: Oliver Wulff
Gesendet: Samstag, 21. November 2020 00:02
An: users
Hi there
I use the cxf spring boot starter for jaxrs in version 3.3.5:
cxf-spring-boot-starter-jaxrs
My REST service expects a java.time.LocalDate as a query parameter. When
testing the API I get the error:
"Parameter Class java.time.LocalDate has no constructor with single String
parameter,
Hi there
This is an interesting question and I just came recently across the following
specification which is in draft status:
https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16
But I have to look into it in more detail.
Thanks
Oli
Von: Raggy
Hi there
We have the use case that CXF services are deployed into a Karaf instance. Some
services must be bound to localhost only and others must be publicly available
(0.0.0.0). I've configured more than one connector in Karaf. Is there an option
to bind a jaxws:endpoint in the spring
Hi there
I'm working to use logstash-forwarder to feed log data to a central logstash
server which processes the messages and sends it to ElasticSearch.
I recommend to use the JSON layout in log4j to avoid additional parsing on
logstash side (no grok filter required).
HTH
Oli
Fediz doesn't support the Apache HTTP server. The best approach would be to
implement an apache module and would be a great extension to the apache http
server project.
A workaround solution could be to set up a tomcat instance behind the apache
server to which you dispatch unauthenticated
:
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Rajeev Parekh [rpar...@indigoconsulting.com]
Sent: 09 October 2014 15:48
To: users
to modify spring configs and restart the idp. The REST interface
is described here:
http://owulff.blogspot.ch/2014/01/features-coming-in-fediz-12-rest.html
HTH
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration
will look at the ticket, this should help
On 10/8/2014 9:12 AM, Oliver Wulff wrote:
If you use OAuth for authentication purposes only, it should work
with
1.2 which is not released yet. A JIRA ticket is also open:
https://issues.apache.org/jira/browse/FEDIZ-72
All you have to do
I describe on the following blog entry how to configure an ASP.NET application
with Windows Identity Foundation (WIF is included in .NET 4.5):
http://owulff.blogspot.ch/2012/02/configure-fediz-idp-and-aspnet-using.html
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution
If you use OAuth for authentication purposes only, it should work with 1.2
which is not released yet. A JIRA ticket is also open:
https://issues.apache.org/jira/browse/FEDIZ-72
All you have to do is implement the interface TrustedIdpProtocolHandler as
described in the above Jira.
You must
Hi
Documentation is updated. Thanks for spotting this.
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Rajeev Parekh [rpar
Hi there
Based on community discussions, Fediz IDP works with ASP.NET RP and the other
way around.
Is Tomcat 6 a must? Tomcat 7 works fine. There are some changes required to get
it working for Tomcat 6 but we never invested in building a plugin because it's
quite old.
Thanks
--
Oliver
Hi Stepan
Let's move the discussion to the dev list.
You're right that solution #1 is the right approach. It's is also tracked in
the following JIRA:
I'd like to keep the complexity and dependencies within the Fediz plugin
(bundled with the application/idp) as small as possible and add this
to SharePoint 2010 via Apache CXF Fediz IDP
Hi Oli.
The workaround works very well. I now can sign in to SharePoint!!!
I have filed the JIRA issue https://issues.apache.org/jira/browse/FEDIZ-70.
Thank you for your help!
Stepan.
-Original Message-
From: Oliver Wulff [mailto:owu...@talend.com
Hi there
The org.apache.cxf.fediz.service.idp.beans.STSClientAction which is configured
in idp-servlet.xml doesn't provide you the attribute to set this.
Can you log a JIRA for this issue please?
As a workaround, you can patch the STSClientAction here:
IdpSTSClient sts = new
://svn.apache.org/viewvc/cxf/fediz/tags/fediz-1.1.0/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml?view=markup
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
jaxws:properties
entry key=ws-security.callback-handler
value=demo.PasswordCallbackHandler /
entry key=ws-security.bst.validator
value-ref=kerberosValidator /
/jaxws:properties
/jaxws:endpoint
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution
I've got Kerberos with CXF/WSS4J and STS for Microsoft AD running in a customer
environment.
Were you successful?
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
.
The Apache CXF Team
http://cxf.apache.org/
--
Oliver Wulff
owu...@apache.orgmailto:owu...@apache.org -
http://owulff.blogspot.comhttp://owulff.blogspot.com/
Talend Community Coder - http://coders.talend.com
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: fachhoch [fachh...@gmail.com]
Sent: 24 September 2013 18:43
To: users
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Michał Zieliński [michal.g.zielin...@gmail.com]
Sent: 04 September 2013 22:17
To: users@cxf.apache.org
certificateValidation to PeerTrust. You don't have to configure the subject.
If you want to configure the subject it should look like (regular expression):
subject=.*CN=WIN-6LS98RP43K9.*
HTH
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application
A reverse proxy can act as a relying party as well. Usually, a reverse proxy is
delegating user information in a non-standard way (custom http headers) to the
proxied application servers.
It depends whether the reverse proxy supports WS-Federation out-of-the-box or
whether you have to plug it
...@lifia.info.unlp.edu.ar]
Sent: 19 July 2013 16:44
To: users@cxf.apache.org
Cc: Oliver Wulff
Subject: Re: Running Fediz Spring example webapp
El 15/07/13 12:14, Oliver Wulff escribió:
Please update the issuer url to the following (WEB-INF/fediz_config.xml, I'll
delete the one in src/main/config
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Burton, Tom F (DOR) [tom.bur...@alaska.gov]
Sent: 16 July 2013 21:10
To: users@cxf.apache.org
in fediz.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Federico Tello Gentile [fgent...@lifia.info.unlp.edu.ar]
Sent: 16 July
, but not the session with the IDP.
There is also the concept of single logout but this means that you logout from
all the applications which are accessed after the IDP session is created. Is
this the functionality you're looking for?
Thanks
--
Oliver Wulff
Blog: http://owulff.blogspot.com
)
https://localhost:9443/fediz-idp/federation
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Federico Tello Gentile [fgent
.
What do you think?
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Burton, Tom F (DOR) [tom.bur...@alaska.gov]
Sent: 03
server with another JDK/JRE.
Try to add the following dependency:
dependency
groupIdorg.apache.servicemix.bundles/groupId
artifactIdorg.apache.servicemix.bundles.saaj-impl/artifactId
version1.3.9_2/version
/dependency
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution
Hi Tom
I've raised the following JIRA to customize the sign in query string:
https://issues.apache.org/jira/browse/FEDIZ-62
I'll look into this within the next days.
Could you maybe raise a JIRA and apply a patch as a proposal for the extended
logging?
Thanks
Oli
--
Oliver Wulff
Blog
supers.) However,
I don't have experience with such things so I might need advice as I go.
Are you allowed to send me what you did for WebSphere?
Cheers,
Benji
-Original Message-
From: Oliver Wulff [mailto:owu...@talend.com]
Sent: Monday, January 14, 2013 2:53 PM
To: users@cxf.apache.org
instead of having to pull this information in each application
individually.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From
()/
There is an example available for spring security. Here is the spring security
documentation of it:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml?view=markup
HTH
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
, kind regards,
Ivan
+49 179 3814022
2013/5/27 Oliver Wulff owu...@talend.com
Hi
1) Yes, CXF supports caching the token per user dependent on AppliesTo and
Lifetime. So each component must have a different AppliesTo value.
2) This is supported. Just use the WebServiceContext API. Fixed
this API:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/
3) Never tested.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
If you don't mind I'd like to move this dicussion to the dev list.
Just thinking out loud... the Fediz IDP should become an application but might
still require to deploy the WAR into your favorite servlet container.
When the new feature (FEDIZ-3) is completed we're close for 1.1.0 release. But
There are two requests to the STS. The first request is sent only once with
username/password of the browser user (TransportBinding policy with
UsernameToken as SupportingToken). The second request is on-behalf-of the
browser user where there is no WS-Security header sent but you must provide a
I don't really understand your question. The Fediz Plugin (deployed on the
relying party side) is a framework component which must be plugged into an
existing container.
The IDP will provide new functionality with the new release. What exactly are
you looking for as a deliverable?
Thanks
Oli
Hi Chris
Well, the Fediz Valve is a special valve (subclass of authenticator which
subclasses valve). But I don't think that Glassfish provides its security
extension based on the valve concept.
What should work is to use Spring Security inside Glassfish and configure the
Fediz plugin for
Great overview. Would be great to have something like this on the wiki. I
spotted one thing. The public key in the RP is the STS App Public Key instead
of STS Container SSL Public Key.
The keystore to validate the SAML token signature is configured here:
Hi Chris
There is no out-of-the-box support for a DB credentail store but it can be
plugged in.
Due to the reason that authentication is configured through JAAS, you could use
another JAAS LoginModule for DB.
Do you need the DB resource for the claims as well? This would require to
implement
Absolutely, you might only need access to the STS if you expose business web
services to other companies which are protected by a token issued by your STS.
Oli
From: chris snow [chsnow...@gmail.com]
Sent: 01 May 2013 20:33
To: users@cxf.apache.org
I'm working on FEDIZ-3 with Thierry as this is a major improvement which I
really like to get into 1.1. Hopefully done within this month.
Thanks
Oli
From: Colm O hEigeartaigh [cohei...@apache.org]
Sent: 02 May 2013 11:32
To: users@cxf.apache.org
Subject:
Maybe the following thread helps:
http://mail-archives.apache.org/mod_mbox/cxf-users/201201.mbox/%3c79ab4452999c844d9920e0363533273110b...@s10be002.sh10.lan%3E
Oli
From: dhogan [dirk.ho...@forgerock.com]
Sent: 08 April 2013 23:37
To: users@cxf.apache.org
and replace it at a latter stage by a
self-signed certificate and all SP do still trust it.
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From
-vouches-use-case.html
HTH
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Colm O hEigeartaigh [cohei...@apache.org]
Sent: 22
document which is based on SAML 2.0 metadata. See here:
http://cxf.apache.org/fediz-metadata.html
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
Hi there
I got something working for websphere (custom TAI). But as Dan said, we don't
have the licenses for it but it might be an option to add the sources only and
not list it in the plugins/pom.xml with some instructions how to install the
missing websphere libraries and then run the build.
on the application
side as well.
We are working on a new IDP for version 1.1 which supports form based
authentication as well. The current 1.1.0 snapshot works already:
https://repository.apache.org/content/groups/snapshots/org/apache/cxf/fediz/fediz-idp/1.1.0-SNAPSHOT/
HTH
--
Oliver Wulff
requires which claims and requests that from the STS.
HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Alrick Telfer [aatel...@gmail.com
=MyDatasourceClaimsHandler
property name=whatever
value=value /
/bean
That's all. HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Alrick Telfer
Hi there
There is no relation to redhat for this project.
Right now, we're working on the 1.1 release with a lot of new features support
like jetty container, spring security integration, re-implementation of the idp
component, etc.
HTH
--
Oliver Wulff
Blog: http
lapse is
pretty small. I therefore find it hard to imagine that that is what's
causing this.
The first question that this brings to mind is the value of the timer that
is set by Tomcat. Is this a configurable item?
Cheers,
Frank
Op dinsdag 18 december 2012 schreef Oliver Wulff (owu
Hi Frank
Tomcat creates an internal session to cache some information. If the response
from the IDP is sent too late by the browser, the session is gone and fediz
returns a 408 error.
HTH
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Hi there
As any other authenticator in tomcat, it will check whether there is already an
authenticated user and beyond that, it will check the validity of the token. If
expired, it will redirect to the IDP to get a new token.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
You can terminate the session within your application and logout from the idp.
Then, you will be re-authenticated when accessing another federation enabled
application.
The single logout (to logout from all applications) is not yet supported.
Thanks
Oli
--
Oliver Wulff
Blog: http
(then you don't have to clean the active logins in the browser thus you really
get re-authenticated).
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
the application as you can use the
token only once to access an application and the token is valid for one
application only.
HTH
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http
supports HomeRealm discovery and
redirection to the Requestor IDP) you should be fine with the Fediz IDP.
Otherwise, the fediz plugin is used with Microsoft ADFS and a combination of
the Adnovum Nevis IDP and the CXF STS.
HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution
The Servlet Filter adds the token to the TLS and therefore, he should also
remove it before the response is sent back.
I'm planning to create a fediz-cxf module which contains this kind of
functionality in fediz 1.1
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
agreed. Will fix this for 1.0.2.
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Daniel Kulp [dk...@apache.org]
Sent: 15 October 2012
IMHO, 5 seconds difference with respect to the clock between the IDP/STS and
the RP should be sufficient. Of course you can always change it but are you
running into issues with that Gina?
Thanks
Oli
From: Colm O hEigeartaigh [cohei...@apache.org]
Sent:
Hi Gina
You're right. The values are in seconds. The default value for maximumClockSkew
is 5 seconds. For now, freshness can be ignored. It will match to wfresh
parameter. Hopefully, I can get it in for 1.0.2 which will use CXF 2.6.3 as
well.
Thanks
Oli
--
Oliver Wulff
Blog: http
with a roadmap proposal.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Glen Mazza [gma...@talend.com]
Sent: 21 September 2012 15
plugin as well as the fediz idp. Feel free to raise a JIRA request thus
this requirement can be tracked.
Thanks
Oli
[1]
http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http
of
FederationPrincipal: + p.getName());
BTW, your code snippet is a little bit confusing as you always log that the
principal is not instance of federation principal.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application
There is an example in the fediz idp servlet (method createClaimsElement)
https://svn.apache.org/repos/asf/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http
Hi Frank
It depends on the value you configure for roleURI. See the advanced example
here:
http://cxf.apache.org/fediz-configuration.html
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http
Sorry, I misunderstood your question. The value you get from getUserPrincipal()
matches with the subject in the SAML token.
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
Hi Frank
Do you have a stacktrace from the tomcat log?
Could you also share the fediz_config.xml?
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
CXF also supports RBAC based on role information in received SAML tokens.
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Andrei
it because the SAML assertion is signed and the
signature is trusted.
HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: 杨华杰 [yhj
Ok, just vote on the JIRA you would like to get resolved for priorization
purposes.
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: 杨华
is described here:
http://owulff.blogspot.ch/2012/02/configure-fediz-idp-and-aspnet-using.html
Some customers use the fediz idp for their ASP.NET based applications.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application
other
applications as well? This is possible with the signout action as defined by
ws-federation.
What do you think?
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
;?
WS-Trust 1.4 still uses the same namespace as 1.3 but it introduced new
optional element as part of the RST/RSTR which use a newer namespace.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http
is described here:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/README.txt?view=markup
The design of the example is described here:
http://owulff.blogspot.ch/2012/04/sso-across-web-applications-and-web.html
Let me know what you think.
Thanks
Oli
--
Oliver Wulff
kerberos ticket. It was the responsibility of the
client to request a new ticket on behalf of the original ticket from the KDC
but this was out of my control.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application
Hi Gina
Can you please raise a JIRA?
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Daniel Kulp [dk...@apache.org]
Sent
://coheigea.blogspot.ch/2012/06/transforming-claims-and-tokens-in-cxf.html
HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: DTaylor
://owa.talend.com/owa/redir.aspx?C=9efe363f3ea74f41bbc3f89637b1d89dURL=http%3a%2f%2fcxf.apache.org%2f
--
Oliver Wulff
owu...@apache.org -
http://owulff.blogspot.ch/https://owa.talend.com/owa/redir.aspx?C=9efe363f3ea74f41bbc3f89637b1d89dURL=http%3a%2f%2fdankulp.com%2fblog
Talend Community Coder -
http
the mailing lists and let us know your thoughts.
The Apache CXF Team
http://cxf.apache.org/
--
Oliver Wulff
owu...@apache.org - http://owulff.blogspot.ch/
Talend Community Coder - http://coders.talend.com
this to the wiki.
Thanks
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Gina Choi [ginacho...@gmail.com]
Sent: 28 June 2012 23:27
To: cohei
as the certificate has a different lifecycle than the
application itself. You shouldn't have to deploy a new application war just
because a new certificate has to be deployed.
HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.comhttp://owulff.blogspot.com/
Solution Architect
http
the README here for more information:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/
HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
destination/sp first which means you must first
access the application.
Could you please explain the use case? How is the .NET client getting into the
possession of the wresult without accessing the application first?
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.comhttp
#Request_Dumper_Valve
Haven't found the link for Tomcat 7 but I think it's still there.
HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.comhttp://owulff.blogspot.com/
Solution Architect
http://coders.talend.com
http://coders.talend.comTalend Application Integration Division
http
is used.
IMHO, we should change it.
What do you think about the following proposal: WEB-INF/spring-config.xml?
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.comhttp://owulff.blogspot.com/
Solution Architect
http://coders.talend.com
http://coders.talend.comTalend
. But I can update the few that are deployed as WARs if
desired.
Glen
On 06/06/2012 08:02 AM, Oliver Wulff wrote:
Hi all
Romain made me aware of that the examples in fediz are not compliant with the
CDI spec which means you can't deploy the samples in a JEE6 server.
The resource location
Hi Gina
I guess it's the same policy flaw with KeyValueToken - at least the error
message is the same.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
:8443/Airline/code/Welcome.jsp which causes
page not found. If run my sample app on the server machine
wkensv0305.global.sdl.corp, I don't have this issue.
The original request goes already to the server machine wkensv0305.
Thanks
Oli
--
Oliver Wulff
Blog: http
.
Thanks
--
Oliver Wulff
Blog: http://owulff.blogspot.comhttp://owulff.blogspot.com/
Solution Architect
http://coders.talend.com
http://coders.talend.comTalend Application Integration Division
http://www.talend.com
From: Gina Choi [ginacho...@gmail.com
Hi Gina
Add an empty wsp:Policy element as a child to sp:HttpsToken:
/wsp:policy
There was a fix in CXF to be spec compliant.
HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.comhttp://owulff.blogspot.com/
Solution Architect
http://coders.talend.com
http://coders.talend.comTalend
Hi Gina
The fix was that CXF complains if this element is missing.
Another option is that you download this wsdl, fix the incorrect policy
definition and reference the local wsdl file in the STSClient bean.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.comhttp
a callback handler could read the password from
an encrypted file.
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
From: Colm O hEigeartaigh
with the property ws-security.password
You want to use symmetric binding for the communication with ADFS and the
ASP.NET service?
HTH
--
Oliver Wulff
Blog: http://owulff.blogspot.comhttp://owulff.blogspot.com/
Solution Architect
http://coders.talend.com
http://coders.talend.comTalend
1 - 100 of 248 matches
Mail list logo
