Ok. That is the problem: <a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
You use the old version of WS-Trust 1.2
(http://schemas.xmlsoap.org/ws/2005/02).
We have set up Metro ActiveSTS to use WS-Trust1.3/WS-Trust 1.4 with
namespace http://docs.oasis-open.org/ws-sx/ws-trust/200512
(ActAs is only introduced in WS-Trust 1.4; looks like Geneva also back
supports it with the old version.).
This is also the reason for some of the issues you experienced with your
Third interop test between .NET and Metro.
Thanks!
Jiandong
Pablo Cibraro wrote:
Yes, sure. This is the message.
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing";
xmlns:s="http://www.w3.org/2003/05/soap-envelope";>
<s:Header>
<a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID>urn:uuid:5c95445c-8f57-49b7-9030-23af6d989f0a</a:MessageID>
<ActivityId CorrelationId="a2f6cc3b-bf91-4f90-ad06-ef751ca1b269"
xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics";>19c20fa7-c861-4128-8e8d-766b9926ff90</ActivityId>
</s:Header>
<s:Body>
<t:RequestSecurityToken
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<EndpointReference
xmlns="http://www.w3.org/2005/08/addressing";>
<Address>http://localhost:9000/tradebusinessserviceSTS</Address>
<Identity
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";>
<Dns>OPS.Com</Dns>
</Identity>
</EndpointReference>
</wsp:AppliesTo>
<t:Entropy>
<!--Removed-->
</t:Entropy>
<t:KeySize>256</t:KeySize>
<t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
<tr:ActAs
xmlns:tr="http://docs.oasis-open.org/ws-sx/ws-trust/200802";>
<saml:Assertion MajorVersion="1" MinorVersion="1"
AssertionID="_a762551d-f167-4bcd-bd82-18cb650d084c" Issuer="PassiveSTS" IssueInstant="2009-11-05T20:31:03.293Z"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-11-05T20:31:03.181Z"
NotOnOrAfter="2009-11-06T06:31:03.181Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>http://localhost/trade/</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="privatepersonalidentifier"
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
<saml:AttributeValue>
<!--Removed-->
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference
URI="#_a762551d-f167-4bcd-bd82-18cb650d084c">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>nWnrqj91iQyZxA27R06YBcFNaEI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>LP886alP3p3DpSrLmSHsgXer+cXVhUylHwTyG0F/iRF3KPJoBcO2/TGogGgxBmn1P9g67nQJGuAKil/et6B5Xq+EbLyssrQQgfS4SVb7lhXku1mn47dhozq7npKi9O4IgEp+Zi5Npp3D6MZyBV3EfVslie9VfUIquAZszHg+zqE=</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<X509Data>
<X509Certificate>MIIBsTCCAV+gAwIBAgIQFa2WQ+HN8J1Oqb/k/DTGczAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA4MDMyNzA2MDg1NVoXDTM5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJVHJhZGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/eioYq7dcZ85yaKsjnzrajDrh+NPjmaBYxscAf0+vsN+dR7eKDKph4bMycnHGMzdZrE6KoQYZ8GFYuria7muLV3I3ESnbNZpeVFV35XeP5aMIYw1LkmLslqRvO7HnVrcotSmCUkjT64k0PVmtm2SCOOAxr2UH1BjbUKoJHwDxmwIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBACkuJgzyXvNAGjtJzrwteHxgo6ojzs4twc/XhLEG0NB4PKZOMiBJK75v0IATeUsf6Xxg0qG6QTmRuCPFdiXj1LM=</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
</tr:ActAs>
<t:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</t:ComputedKeyAlgorithm>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
Thanks
Pablo.
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Thursday, November 05, 2009 4:56 PM
To: [email protected]
Subject: Re: Fourth interop test between .NET and Metro
Pablo,
That means there is no policy spotted in the sts wsdl for the request
message.
Can you send me the request meesage to STS?
Thanks!
Jiandong
Pablo Cibraro wrote:
Jiandong,
I am getting the following exception when the .NET trader client implementation
tries to negotiate a SAML token with the metro Active STS.
[#|2009-11-05T15:21:58.904-0400|SEVERE|sun-appserver9.1|javax.enterprise.resource.xml.webservices.security|_ThreadID=13;_ThreadName=httpSSLWorkerThread-1316-1;_RequestID=78bbc6ca-ee7d-40ec-b727-f709265e7636;|Policy
is null|#]
ERROR: Policy for the service could not be obtained
I am using the following configuration,
Configuration Service: .NET
Business Service: .NET
Passive STS: .NET
Active STS: Metro
Trader client: .NET
Have you seen this error before ?. Do you know how to fix it ?.
Thanks
Pablo.
