Hello!
I'd like log the SAML validation of my cxf server, with Log4j2, but failed.
I created the file:
WebContent\META-INF\cxf\org.apache.cxf.Logger
with the content:
org.apache.cxf.common.logging.Slf4jLogger
(with and without linebreak)
I setup the log4j2.xml:
Thanx.
This is working.
Csaba
On 2021-09-21 16:08, Freeman Fang wrote:
Hi,
You can specify certAlias name in
Something like
what_ever_suitable
Hopefully this is what you are looking for.
Cheers
Freeman
On Tue, Sep 21, 2021 at 9:50 AM Tóth Csaba wrote:
Hello!
For a webservice
Hello!
For a webservice client, (over https) the server sent certificate has
wrong "name", but it has an good "alternative name".
I got javax.net.ssl.SSLHandshakeException: SSLHandshakeException.
I have very basic conduit settings:
Hello!
My apache webclient send the http header like this:
Content-Type: application/xop+xml; charset=UTF-8;
type="application/soap+xml; action=\"ws-action\""
The problem is: the action and the content type is inside the type field.
Where I find to search the problem? (the generated
Hello!
I wrote an log4j logging interceptor (in and out) because I need a
unique message id push in the ThreadContext at the very begin, and pop
this after the response sent back.
(if there any, please note me)
I started from the org.apache.cxf.ext.logging.LoggingInInterceptor, (to
get the
just get the first credential in the KeyInfo (the PublicKey in your case).
It looks like your trust setup is not working with PublicKey. With this fix
it will also grab any X.509 Certificates and use these as well for trust
verification.
Colm.
On Fri, May 15, 2020 at 8:11 AM Tóth Csaba wrote
214) Its a bug or features?
Thanx
Csaba
On 2020-05-14 14:12, Colm O hEigeartaigh wrote:
I think you need to either turn on debug logging or do some debugging and
figure out what is going on with the trust validation process in WSS4J.
Colm.
On Thu, May 14, 2020 at 12:58 PM Tóth Csaba wrote:
Ok
in the local trust
store (embedded in a certificate), or signature verification will fail.
Colm.
On Thu, May 14, 2020 at 12:19 PM Tóth Csaba wrote:
Hello!
Sorry, maybe I was wrong: It is processed, without any error, (I dotn
have stack trace), but
inside
?
Colm.
On Thu, May 14, 2020 at 12:05 PM Tóth Csaba wrote:
Hello!
I have a system, what accept the request only with SAML token.
Its worked until the last request.
until now the SAML in the request:
http://www.w3.org/2000/09/xmldsig#;>
h
Hello!
I have a system, what accept the request only with SAML token.
Its worked until the last request.
until now the SAML in the request:
http://www.w3.org/2000/09/xmldsig#;>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
realm", "
http://cxf.apache.org/custom;);
...
Colm.
On Tue, Feb 18, 2020 at 7:12 PM Tóth Csaba wrote:
Hello!
I have problem with my SAML validation.
- I already did, that inside the validation i can call an LDAP request,
get the given cert from the LDAP, and check agains the cert in the S
it into the LDAP query.
How can I get the full request, or at least the SOAP body from the (it
can be any form: stream, string, dom, object...)
org.apache.cxf.ws.security.trust.STSSamlAssertionValidator.validate()
function?
Thanx
Csaba
On 2019-09-02 12:17, Tóth Csaba wrote:
Thanx!
It's look like
would be
nice if you could share a sample project to simulate the problem.
Thanks
On Wed, Oct 2, 2019 at 9:41 PM Tóth Csaba wrote:
Hello!
I try to set up message log for server with spring with log4j2.
I already created the META-INF/cxf/org.apache.cxf.Logger file wit
Hello!
I try to set up message log for server with spring with log4j2.
I already created the META-INF/cxf/org.apache.cxf.Logger file with the
content: org.apache.cxf.common.logging.Log4jLogger
Set up the log4j2 config file.
insert logging into the cxf-servlet.xml:
/9d09fe641e0d714605c8c70f5ed224901ba97bcc/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java#L97
Colm.
On Fri, Aug 30, 2019 at 5:20 PM Tóth Csaba wrote:
Hello!
The request contains a SAML in the security header.
This SAML contains
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id"
xmlns:saml-a="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi=&
then it's handled by the STS
code, so you will need to either replace or override this class:
https://github.com/apache/cxf/blob/master/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Colm.
On Tue, Aug 6, 2019 at 9:03 PM Tóth Csaba wrote:
> He
Hello!
I have a request with the STS to validate a incoming SAML with a
certificate what come from another source: example need to query it from
a database, based on the data in the request.
How start it? I know the SAML validation is in the deep and need the
certificate to be in a
Hello!
I write a WS client what communicate over SSL with the server. (The
server accept the request only SSL).
I'd like to log the request, response. The request is done, but if the
server give back nothing (the http body is empty, but there are header)
nothing appear in the logs. No
the response prior to the correlation being done.
Dan
On Oct 31, 2018, at 8:31 AM, Tóth Csaba wrote:
Hello!
Thanx, Ok.
I understand, But, I dont have any control of the service. So If the service
dont send the correct message Id back, I cant do nothing.
I'd like to turn off the response side
"MessageID" sent by the client, and so CXF throws an
exception as expected.
Colm.
On Tue, Oct 30, 2018 at 2:52 PM Tóth Csaba wrote:
Hello!
Request header:
http://www.w3.org/2005/08/addressing
">urn:hl7-org:v3:PRPA_IN201305UV02
http://w
http://localhost:8085/mesa/test
urn:hl7-org:v3:PRPA_IN201306UV02
uuid:1.2.3.4.5.11312R1
uuid:d00e3a83-7d95-499e-a1b5-c8da600bbbf2.1
Thanx
Csaba
On 2018-10-30 15:22, Colm O hEigeartaigh wrote:
What do the request and response messages look like?
Colm.
On Tue, Oct 30, 2018 at 1:11 PM
Hello!
I tried to write a we client. I need to send addressing info (its
already working), but it cant parse the response:
the error:
WARN org.apache.cxf.ws.addressing.soap.MAPCodec - Failed to
correlate message, aborting dispatch.
And the proxy response object is become null.
At the
Hello!
In the STS wsdl
(https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/sts/wsdl/ws-trust-1.4-service.wsdl)
something is not clear for me:
in the definition there are two namespace definition:
- target namespace ->
e to make sure the client sent addressing
headers. I’m going to poke around and see if it’s something that
can be changed.
Dan
On Jul 18, 2018, at 11:43 AM, Tóth Csaba <mailto:ig...@domen.hu>> wrote:
Hello!
I have a (proxy) client inside a server environment. (I have more
clients)
Hello!
I have a (proxy) client inside a server environment. (I have more
clients) And, need to turn on the WSA, and the mustUnderstand attribute
in some fields (not all, and not for all client)
I already set up the config:
http://myEndpoint;>
Hello!
I'd like to turn on the logging for the cxf. I readed all the tutorials
and examples, but not working. I know I miss some basic thing...
I create the file:
META-INF\cxf\org.apache.cxf.Logger
and write inside:
org.apache.cxf.common.logging.Log4jLogger
download and put into the libs the
the switching
between them. The client proxies aren’t too expensive to create.
On Wed, Jun 13, 2018 at 11:18 AM Tóth Csaba wrote:
Hello!
I need to put a client into the webapp what communicate over ssl and
before every call need to evaluate and maybe change the endpoint url.
I set up the system
Hello!
If somebody prepare the two service (same server cert, different client
cert, over tls, some simple webservice), I can create a client for it,
and than we have a test case.
Csaba
On 2018-06-19 11:06, Tóth Csaba wrote:
Hello!
No, i dont have test case, I'm not an expert to create
wrote:
Do you have a test-case I can run to reproduce the problem?
Colm.
On Tue, Jun 19, 2018 at 8:52 AM, Tóth Csaba <mailto:ig...@domen.hu>> wrote:
Hello!
I did some research:
I tired to debug the certification selection methods, and found
this class (TLSClientParamet
the issue?
Colm.
On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba wrote:
Hello!
I need to put a client into the webapp what communicate over ssl and
before every call need to evaluate and maybe change the endpoint url.
I set up the system via cxf-servlet.xml:
https://myserver.com/mypath
Hello!
I need to put a client into the webapp what communicate over ssl and
before every call need to evaluate and maybe change the endpoint url.
I set up the system via cxf-servlet.xml:
https://myserver.com/mypath;>
Hello!
I'd like some config loading with conditionals: I'd like to put the
config outside the war/webapp directory (the tomcat running in
autodeploy mode, and dont have rights to change it).
I'd like, the cxf search the config file in the location1, and if not
found in the location2, and until
AX-WS service using the XSLTFeature here:
>
> https://github.com/apache/cxf/commit/80e7e9720a77196ed6f996c46f7cff648a77628b
>
> Colm.
>
> On Thu, Apr 5, 2018 at 6:30 AM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>>
>> I'd like to develope a service, what c
Hello!
I'd like to develope a service, what can handle a big, complex request,
but I need only a part of this request, so I think I try do a XSLT on
the body first, and than give the new XML to deseriasabling.
I have two question:
- is there some example/tutorial to do a XSLT for the
nnect somehow the conduit to the proxy bean?
>>
>> Thanx
>> Csaba
>>
>>
>> On 2018.03.20. 16:25, Colm O hEigeartaigh wrote:
>>> I think it will read the global CA configuration anyway first, but then
>> use
>>> the conduit keystore configuration.
ink it will read the global CA configuration anyway first, but then use
> the conduit keystore configuration. If you enable SSL debug logging can you
> see the certs stored in your truststore being loaded? Do you still see the
> same error?
>
> Colm.
>
> On Tue, Mar 20, 2018 at
wrote:
> What if you use something like this instead?
>
> https://localhost:.*;>
>
> If that doesn't work (with the correct domain name) then it looks like the
> config is not getting picked up properly.
>
> Colm.
>
> On Mon, Mar 19, 2018 at 4:56 PM, Tóth Csaba <ig...
Hello!
I'd like call webservice from a server. I created everything, jut I need
help to config the conduit proper:
.*_EXPORT_.*
.*_EXPORT1024_.*
.*_WITH_DES_.*
.*_WITH_AES_.*
Hello!
I need an Attribute in the
Subject/NameID/SubjectConfirmation/SubjectConfirmationData in the response.
I check the code, and in the openSAML 3.3 not supported this.
I put the SAML2ComponentBuilder.createSubjectConfirmationData() some
line, what create as a Attribute class, but I can only
Hello!
I'd like to fill the NameID in the SubjectConfirmation element for the SAML.
I only found the Method attribute in the
org.apache.wss4j.common.saml.bean.SubjectBean (property
subjectConfirmationMethod), but no any attributes.
Need I extends something, or just i search on wrong place?
Hello!
I'd like to take apart the cxf config file into multiple file:
example the classes, end everything in the main config, the
keystore/certs/signing config (org.apache.cxf.sts.StaticSTSProperties)
want to place in another file.
Is any example for it?
Thanx
Csaba
ww.w3.org/2006/07/ws-policy; URI is deprecated and wasn't
> supported before in AppliesTo.
>
> Colm.
>
> On Tue, Feb 6, 2018 at 9:41 AM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>>
>> I need to handle in the STS a request, inside the AppliesTo e
Hello!
I need to handle in the STS a request, inside the AppliesTo element is
an adressing endpointReference:
The example:
http://www.w3.org/2006/07/ws-policy;>
http://www.w3.org/2005/08/addressing;>
https://localhost:17001/services/iti18
How, and where can I handle very easy.
Now I
in the QName.
Then it working.
Csaba
On 2018.01.31. 10:43, Colm O hEigeartaigh wrote:
> Can you post the full opensaml code you are using and I'll take a look?
>
> Colm.
>
> On Tue, Jan 30, 2018 at 6:37 PM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>> unfortu
ement -> empty xsi:String
element
I ran out of ideas
Csaba
On 2018.01.30. 13:17, Tóth Csaba wrote:
> Hello!
>
> Yes, its an option, just dont know, how will this signed.
> but. Thanx
> I will try.
>
> Csaba
>
> On 2018.01.30. 13:11, Colm O hEigeartaigh wrote:
>> I
, 2018 at 12:02 PM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>>
>> The problem is not about the place, where I can do that. the problem,
>> that I cant create the given XML fragment, because:
>> a, I dont get the attributes back (the SAML dont contains
ystests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
>
> Colm.
>
> On Mon, Jan 29, 2018 at 6:48 PM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>> Thanx, but look like not helped:
&g
ame error.
somehow the
net.shibboleth.utilities.java.support.xml.NamespaceSupport.appendNamespaceDeclaration()
try
to mix the element's Namespace and the attribute's NameSpace, and
because its different I get
3011fa97122bcd495d268ff33a5107f/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java#L578
>
> Colm.
>
> On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>>
>> I need to put an XML fragment to one of the SAML Attribute:
&
Hello!
I need to put an XML fragment to one of the SAML Attribute:
http://www.w3.org/2005/08/addressing;>
http://www.w3.org/2001/XMLSchema-instance;>
(the xsi:type is not an standard schema type)
I get this information from an Claim. I parse already, and I have all
the fields. I
Hello'
SOLVED!
The soapUI deleted the SAML part from the message.
I used two "different" request, and one has another settings.
Csaba
On 2018.01.28. 21:52, Tóth Csaba wrote:
> Hello!
>
> I set up a claim handling with custom claims handler (its working well),
>
Hello!
I set up a claim handling with custom claims handler (its working well),
I lost the SAML from the messageContext at the tokenIssueOperation at
public RequestSecurityTokenResponseType issueSingle(
RequestSecurityTokenType request,
Principal principal,
(and its hard to config thru the config files)
thanx
Csaba
On 2018.01.26. 18:49, Tóth Csaba wrote:
> Hello!
> I'm now very confused:
>
> I have this config file:
>
>
> http://www.springframework.org/schema/beans;
> xmlns:cxf="http://cxf.apache.org/core;
>
STS in the service
> keystore and it can validate the certificate locally. Is the STS cert (or
> CA cert) in your crypto properties file pointing to by the
> security.signature.properties configuration variable on the service side?
>
> Colm.
>
> On Fri, Jan 26, 2018 at 11:56 AM
services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml#L44
>
> On Thu, Jan 25, 2018 at 2:38 PM, Tóth Csaba <ig...@domen.hu
> <mailto:ig...@domen.hu>> wrote:
>
> Hello!
> this is the full trace:
>
>
ean that there was a "saml2p:Status" element in the security header
> before the Assertion? If so then this is not valid, only the SAML Assertion
> should be there.
>
> Colm.
>
> On Thu, Jan 25, 2018 at 8:47 AM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>>
>&
Hello!
I dig deeper in the code:
The problem with the SAML was:
In the securty element contains not only the SAML, its contains before
the SAML an
and an element
(in his case The same is not processed)
If I delete it, its go thru the SAML validator
Csaba
On 2018.01.24. 19:25, Tóth Csaba
rk or not):
>
> http://cxf.apache.org/docs/transformationfeature.html
>
> Colm.
>
>
> On Tue, Jan 23, 2018 at 6:19 PM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>> Its in the header:
>>
>> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/enve
hat does the request look like, e.g. where is the SAML token in the
> request? Is it referred to directly in the SOAP Body?
>
> Colm.
>
> On Tue, Jan 23, 2018 at 4:37 PM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>>
>> I'd like to parse the inc
Hello!
I'd like to parse the incomming SAML token to get the fields (user, etc)
and give it to the issuer.
I found, that is done in the
org.apache.cxf.sts.operation.TokenIssueOperation class but
stsProperties.getSamlRealmCodec() is always null in my code (how can i
set it, need to create a new
Hi!
I have a example RST request (get from the customer) , what contains in
the body a {http://www.w3.org/2006/07/ws-policy}AppliesTo element.
I dig down and find out that the
org.apache.cxf.sts.request.RequestParser, what try to understand the
request, check the namespace for the AppliesTo
anced/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl#L148
>
> Colm.
>
> On Tue, Jan 16, 2018 at 10:23 PM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>>
>> I try to create a own STS service, an
Hello!
I try to create a own STS service, and I need to use soap 1.2
First I created a own service based on the
DefaultSecurityTokenServiceProvider:
@WebService(targetNamespace =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/;,
portName = "UT_Port",
serviceName = "SecurityTokenService",
Hello!
I try to create a own STS service, and I need to use soap 1.2
First I created a own service based on the
DefaultSecurityTokenServiceProvider:
@WebService(targetNamespace =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/;,
portName = "UT_Port",
serviceName = "SecurityTokenService",
65 matches
Mail list logo