Yes, sure. This is the message. <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing"; xmlns:s="http://www.w3.org/2003/05/soap-envelope";> <s:Header> <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action> <a:MessageID>urn:uuid:5c95445c-8f57-49b7-9030-23af6d989f0a</a:MessageID> <ActivityId CorrelationId="a2f6cc3b-bf91-4f90-ad06-ef751ca1b269" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics";>19c20fa7-c861-4128-8e8d-766b9926ff90</ActivityId> </s:Header> <s:Body> <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";> <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing";> <Address>http://localhost:9000/tradebusinessserviceSTS</Address> <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";> <Dns>OPS.Com</Dns> </Identity> </EndpointReference> </wsp:AppliesTo> <t:Entropy> <!--Removed--> </t:Entropy> <t:KeySize>256</t:KeySize> <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType> <t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType> <tr:ActAs xmlns:tr="http://docs.oasis-open.org/ws-sx/ws-trust/200802";> <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_a762551d-f167-4bcd-bd82-18cb650d084c" Issuer="PassiveSTS" IssueInstant="2009-11-05T20:31:03.293Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> <saml:Conditions NotBefore="2009-11-05T20:31:03.181Z" NotOnOrAfter="2009-11-06T06:31:03.181Z"> <saml:AudienceRestrictionCondition> <saml:Audience>http://localhost/trade/</saml:Audience> </saml:AudienceRestrictionCondition> </saml:Conditions> <saml:AttributeStatement> <saml:Subject> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> <saml:Attribute AttributeName="privatepersonalidentifier" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";> <saml:AttributeValue> <!--Removed--> </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> <ds:Reference URI="#_a762551d-f167-4bcd-bd82-18cb650d084c"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> <ds:DigestValue>nWnrqj91iQyZxA27R06YBcFNaEI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>LP886alP3p3DpSrLmSHsgXer+cXVhUylHwTyG0F/iRF3KPJoBcO2/TGogGgxBmn1P9g67nQJGuAKil/et6B5Xq+EbLyssrQQgfS4SVb7lhXku1mn47dhozq7npKi9O4IgEp+Zi5Npp3D6MZyBV3EfVslie9VfUIquAZszHg+zqE=</ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <X509Data> <X509Certificate>MIIBsTCCAV+gAwIBAgIQFa2WQ+HN8J1Oqb/k/DTGczAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA4MDMyNzA2MDg1NVoXDTM5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJVHJhZGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/eioYq7dcZ85yaKsjnzrajDrh+NPjmaBYxscAf0+vsN+dR7eKDKph4bMycnHGMzdZrE6KoQYZ8GFYuria7muLV3I3ESnbNZpeVFV35XeP5aMIYw1LkmLslqRvO7HnVrcotSmCUkjT64k0PVmtm2SCOOAxr2UH1BjbUKoJHwDxmwIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBACkuJgzyXvNAGjtJzrwteHxgo6ojzs4twc/XhLEG0NB4PKZOMiBJK75v0IATeUsf6Xxg0qG6QTmRuCPFdiXj1LM=</X509Certificate> </X509Data> </KeyInfo> </ds:Signature> </saml:Assertion> </tr:ActAs> <t:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</t:ComputedKeyAlgorithm> </t:RequestSecurityToken> </s:Body> </s:Envelope>
Thanks Pablo. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Thursday, November 05, 2009 4:56 PM To: [email protected] Subject: Re: Fourth interop test between .NET and Metro Pablo, That means there is no policy spotted in the sts wsdl for the request message. Can you send me the request meesage to STS? Thanks! Jiandong Pablo Cibraro wrote: > Jiandong, > > I am getting the following exception when the .NET trader client > implementation tries to negotiate a SAML token with the metro Active STS. > > [#|2009-11-05T15:21:58.904-0400|SEVERE|sun-appserver9.1|javax.enterprise.resource.xml.webservices.security|_ThreadID=13;_ThreadName=httpSSLWorkerThread-1316-1;_RequestID=78bbc6ca-ee7d-40ec-b727-f709265e7636;|Policy > is null|#] > > ERROR: Policy for the service could not be obtained > > I am using the following configuration, > > Configuration Service: .NET > Business Service: .NET > Passive STS: .NET > Active STS: Metro > Trader client: .NET > > Have you seen this error before ?. Do you know how to fix it ?. > > Thanks > Pablo. > >
