Cool, that fixed the issue. Now I am getting a different exception :(. It looks
like a problem in the classes that parse the SAML token.
Caused by: com.sun.xml.ws.api.security.trust.WSTrustException:
java.lang.NullPointerException
at
com.sun.xml.ws.security.trust.util.WSTrustUtil.addSamlAttributes(WSTrustUtil.java:452)
at
com.sun.xml.ws.security.trust.impl.DefaultSAMLTokenProvider.createSAML11Assertion(DefaultSAMLTokenProvider.java:328)
at
com.sun.xml.ws.security.trust.impl.DefaultSAMLTokenProvider.generateToken(DefaultSAMLTokenProvider.java:137)
at
com.sun.xml.ws.security.trust.impl.WSTrustContractImpl.issue(WSTrustContractImpl.java:468)
at
com.sun.xml.ws.security.trust.impl.WSTrustContractImpl.issue(WSTrustContractImpl.java:119)
at
com.sun.xml.ws.security.trust.sts.BaseSTSImpl.issue(BaseSTSImpl.java:323)
at
com.sun.xml.ws.security.trust.sts.BaseSTSImpl.invoke(BaseSTSImpl.java:186)
This is the message I am sending,
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing";
xmlns:s="http://www.w3.org/2003/05/soap-envelope";>
<s:Header>
<a:Action
s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
<a:MessageID>urn:uuid:da07e494-db6b-4bcc-9b6d-33da8e4260a7</a:MessageID>
<ActivityId CorrelationId="60d4ee43-dffd-4819-ac32-8ec3178055f2"
xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics";>d0345bad-835f-4113-bd1f-53cd83bb4ae6</ActivityId>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
</s:Header>
<s:Body>
<trust:RequestSecurityToken
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<EndpointReference
xmlns="http://www.w3.org/2005/08/addressing";>
<Address>http://localhost:9000/tradebusinessserviceSTS</Address>
<Identity
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";>
<Dns>OPS.Com</Dns>
</Identity>
</EndpointReference>
</wsp:AppliesTo>
<trust:Entropy>
<trust:BinarySecret
u:Id="uuid-4ccc7bdf-36c4-45d6-ba4a-bcd4908ff63d-4"
Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce";
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>/79WCRSK74FVVUaBwXAIY41i91HIiANhnTrOTWK4LrM=</trust:BinarySecret>
</trust:Entropy>
<trust:KeySize>256</trust:KeySize>
<trust:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</trust:TokenType>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
<tr:ActAs
xmlns:tr="http://docs.oasis-open.org/ws-sx/ws-trust/200802";>
<saml:Assertion MajorVersion="1" MinorVersion="1"
AssertionID="_bb3684bb-3c3e-47ef-8aac-aad57b9f8097" Issuer="PassiveSTS"
IssueInstant="2009-11-05T21:01:48.142Z"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-11-05T21:01:48.073Z"
NotOnOrAfter="2009-11-06T07:01:48.073Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>http://localhost/trade/</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="privatepersonalidentifier"
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
<saml:AttributeValue>uid:0</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference
URI="#_bb3684bb-3c3e-47ef-8aac-aad57b9f8097">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>hgbn0uuZPJcwqBpu3lGrPmJKHtg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>rSHPlFsllQ2XunkjLu2nzXTAj4LnrknKSFsJ4ukNiID9wXV7FodFpAd+WH+5TDtMtKKCJwmrKDEpD8nTbTSLdKHqAHCgayLwT5hYV6yfjKXw0Zz13WaawweEZl9YNNXklENIBo8dWmSotHHbdI3RrQykjh+HT010t9nFlIHkgEA=</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<X509Data>
<X509Certificate>MIIB8DCCAVmgAwIBAgIQblTMtVPsaJNFRKtH3ePDszANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdCU0wuQ29tMB4XDTA4MDUyMTA0NDgxNVoXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQlNMLkNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArai/gNTS+dU4GvMSB5VfkFL1e5ielRhgtnWJ70Xpl51ABksTFkpRNcLDo56sdXtnk3sKEGWe2QeQ1uoBo0bN7aQTsHCNjuT5K/YD4/y2j+oeRESrz905mJ4owW08MnxkhUzpa6+iPGq0l3TdZaG0GHuuky6wEWe3Chc0hdwCdv0CAwEAAaNHMEUwQwYDVR0BBDwwOoAQcMZu+2G/jyh39/5QO/5nIKEUMBIxEDAOBgNVBAMTB0JTTC5Db22CEG5UzLVT7GiTRUSrR93jw7MwDQYJKoZIhvcNAQEEBQADgYEApc0gYQl50mS2RklQnoCpRX/wEfdwhNIQXcMj/6eqcf9Ul6623Ge2jDNMgQesLAK+rp+kKFqgL6F4odrqxY1u00QvUPQi9LLjWBUi1xAiNnd9lBwmD7z4ITsxhU40/ON+GVIHJ1CbeWvTwE5TaFyCP6uRSDX1Ojv+tovYt6X5Y4w=</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
</tr:ActAs>
<trust:ComputedKeyAlgorithm>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</trust:ComputedKeyAlgorithm>
</trust:RequestSecurityToken>
</s:Body>
</s:Envelope>
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Thursday, November 05, 2009 5:57 PM
To: [email protected]
Subject: Re: Fourth interop test between .NET and Metro
Ok. That is the problem: <a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
You use the old version of WS-Trust 1.2
(http://schemas.xmlsoap.org/ws/2005/02).
We have set up Metro ActiveSTS to use WS-Trust1.3/WS-Trust 1.4 with
namespace http://docs.oasis-open.org/ws-sx/ws-trust/200512
(ActAs is only introduced in WS-Trust 1.4; looks like Geneva also back
supports it with the old version.).
This is also the reason for some of the issues you experienced with your
Third interop test between .NET and Metro.
Thanks!
Jiandong
Pablo Cibraro wrote:
> Yes, sure. This is the message.
>
> <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing";
> xmlns:s="http://www.w3.org/2003/05/soap-envelope";>
> <s:Header>
> <a:Action
> s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
>
> <a:MessageID>urn:uuid:5c95445c-8f57-49b7-9030-23af6d989f0a</a:MessageID>
> <ActivityId
> CorrelationId="a2f6cc3b-bf91-4f90-ad06-ef751ca1b269"
> xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics";>19c20fa7-c861-4128-8e8d-766b9926ff90</ActivityId>
> </s:Header>
> <s:Body>
> <t:RequestSecurityToken
> xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
>
> <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
> <wsp:AppliesTo
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <EndpointReference
> xmlns="http://www.w3.org/2005/08/addressing";>
>
> <Address>http://localhost:9000/tradebusinessserviceSTS</Address>
> <Identity
> xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";>
> <Dns>OPS.Com</Dns>
> </Identity>
> </EndpointReference>
> </wsp:AppliesTo>
> <t:Entropy>
> <!--Removed-->
> </t:Entropy>
> <t:KeySize>256</t:KeySize>
>
> <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
>
> <t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
> <tr:ActAs
> xmlns:tr="http://docs.oasis-open.org/ws-sx/ws-trust/200802";>
> <saml:Assertion MajorVersion="1" MinorVersion="1"
> AssertionID="_a762551d-f167-4bcd-bd82-18cb650d084c" Issuer="PassiveSTS"
> IssueInstant="2009-11-05T20:31:03.293Z"
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
> <saml:Conditions NotBefore="2009-11-05T20:31:03.181Z"
> NotOnOrAfter="2009-11-06T06:31:03.181Z">
> <saml:AudienceRestrictionCondition>
> <saml:Audience>http://localhost/trade/</saml:Audience>
> </saml:AudienceRestrictionCondition>
> </saml:Conditions>
> <saml:AttributeStatement>
> <saml:Subject>
> <saml:SubjectConfirmation>
>
> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
> </saml:SubjectConfirmation>
> </saml:Subject>
> <saml:Attribute
> AttributeName="privatepersonalidentifier"
> AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
> <saml:AttributeValue>
> <!--Removed-->
> </saml:AttributeValue>
> </saml:Attribute>
> </saml:AttributeStatement>
> <ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
> <ds:Reference
> URI="#_a762551d-f167-4bcd-bd82-18cb650d084c">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>nWnrqj91iQyZxA27R06YBcFNaEI=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
> <ds:SignatureValue>LP886alP3p3DpSrLmSHsgXer+cXVhUylHwTyG0F/iRF3KPJoBcO2/TGogGgxBmn1P9g67nQJGuAKil/et6B5Xq+EbLyssrQQgfS4SVb7lhXku1mn47dhozq7npKi9O4IgEp+Zi5Npp3D6MZyBV3EfVslie9VfUIquAZszHg+zqE=</ds:SignatureValue>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
> <X509Data>
>
> <X509Certificate>MIIBsTCCAV+gAwIBAgIQFa2WQ+HN8J1Oqb/k/DTGczAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA4MDMyNzA2MDg1NVoXDTM5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJVHJhZGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/eioYq7dcZ85yaKsjnzrajDrh+NPjmaBYxscAf0+vsN+dR7eKDKph4bMycnHGMzdZrE6KoQYZ8GFYuria7muLV3I3ESnbNZpeVFV35XeP5aMIYw1LkmLslqRvO7HnVrcotSmCUkjT64k0PVmtm2SCOOAxr2UH1BjbUKoJHwDxmwIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBACkuJgzyXvNAGjtJzrwteHxgo6ojzs4twc/XhLEG0NB4PKZOMiBJK75v0IATeUsf6Xxg0qG6QTmRuCPFdiXj1LM=</X509Certificate>
> </X509Data>
> </KeyInfo>
> </ds:Signature>
> </saml:Assertion>
> </tr:ActAs>
>
> <t:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</t:ComputedKeyAlgorithm>
> </t:RequestSecurityToken>
> </s:Body>
> </s:Envelope>
>
> Thanks
> Pablo.
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Thursday, November 05, 2009 4:56 PM
> To: [email protected]
> Subject: Re: Fourth interop test between .NET and Metro
>
> Pablo,
>
> That means there is no policy spotted in the sts wsdl for the request
> message.
> Can you send me the request meesage to STS?
>
> Thanks!
>
> Jiandong
>
> Pablo Cibraro wrote:
>
>> Jiandong,
>>
>> I am getting the following exception when the .NET trader client
>> implementation tries to negotiate a SAML token with the metro Active STS.
>>
>> [#|2009-11-05T15:21:58.904-0400|SEVERE|sun-appserver9.1|javax.enterprise.resource.xml.webservices.security|_ThreadID=13;_ThreadName=httpSSLWorkerThread-1316-1;_RequestID=78bbc6ca-ee7d-40ec-b727-f709265e7636;|Policy
>> is null|#]
>>
>> ERROR: Policy for the service could not be obtained
>>
>> I am using the following configuration,
>>
>> Configuration Service: .NET
>> Business Service: .NET
>> Passive STS: .NET
>> Active STS: Metro
>> Trader client: .NET
>>
>> Have you seen this error before ?. Do you know how to fix it ?.
>>
>> Thanks
>> Pablo.
>>
>>
>>
>
>
>
>
