Hi Pablo,
See inline ...
Pablo Cibraro wrote:
Hi Jiandong,
I removed almost all the elements in the RSTR message to have something close
to what OpenSSO generates. This is final message that our implementation is
generating,
This message does not work either, and I am still getting the same error in OpenSSO.
When you talked about the same error, was it the same NPE:
java.lang.NullPointerException
at
com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse.<init>(RequestSecurityTokenResponse.java:126)
at
com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse.parseXML(RequestSecurityTokenResponse.java:159)
you received as in the previous case. With the latest OpenSSO, the NPE should
be fixed for AppliesTo.
Can you try the with the message in your previous email (with AppliesTo in the
RSTR) with the latest OpenSSO?
If not working, send me the exact exception thrown?
Thanks!
Jiandong
Could it be an issue with the SAML token itself ?. I haven't found detailed
information in the OpenSSO log about what could be wrong, so at this point I am
pretty lost. At first glance, do you see something wrong in the message above ?
(Note, I also tried removing the Lifetime element, but that gave the same
results).
Could the confirmation method be the issue?, OpenSSO is not including any
confirmation method in the SAML token.
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
Thanks
Pablo.
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Wednesday, November 11, 2009 8:13 PM
To: [email protected]
Subject: Re: Fifth interop test between Metro and .NET
Ok. Looks like a mistake in OpenSSO. It uses ws-addressing namespace for
AppliesTo.
I will check with them to see if we can have a patch. In the mean time,
you may get this
particular test going by removing the AppliesTo in RSPR. According to
the spec, if the scope of the the issued token
is the same as the one specified in the AppliesTo in the RST, then you
don't need to put AppliesTo in the RSTR.
Thanks!
Jiandong
Pablo Cibraro wrote:
You always know the answer :). Ok, I've changed the WS-TRUST version that
Geneva was using in the Passive STS, so it is now generating this message.
<t:RequestSecurityTokenResponse Context="s2cd9f16167cabfa87c3aaa22457820ed00240cfd4"
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
<t:Lifetime>
<wsu:Created
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2009-11-11T18:01:43.192Z</wsu:Created>
<wsu:Expires
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2009-11-12T04:01:43.192Z</wsu:Expires>
</t:Lifetime>
<z:ReplyTo
xmlns:z="http://schemas.microsoft.com/ws/2008/06/identity";>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</z:ReplyTo>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing";>
<Address>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</Address>
</EndpointReference>
</wsp:AppliesTo>
<t:RequestedSecurityToken>
<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_488ad180-6478-416e-8a61-c879f8a75a4d"
Issuer="PassiveSTS" IssueInstant="2009-11-11T18:01:43.195Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-11-11T18:01:43.192Z"
NotOnOrAfter="2009-11-12T04:01:43.192Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN";>uid:[email protected]</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="role"
AttributeNamespace="http://microsoft";>
<saml:AttributeValue>staff</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthenticationStatement AuthenticationMethod="http://microsoft/geneva";
AuthenticationInstant="2009-11-11T18:01:43.195Z">
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN";>uid:[email protected]</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#_488ad180-6478-416e-8a61-c879f8a75a4d">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<ds:DigestValue>u2bSngQA1SOIyYglfZs8bXMZ19c=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>JT55FJhCtjnisHzF75UY6JwA01Y7lkZM5qxFJGLZi7s7/B7PBKGyjleF7sa3M5RkhNODjbg4PfjWMVZEG5xITciFk95P86BS8CqxJJCjOz4YkjqPTX6kRROe2RNgI6WaWnFDuCPuS+Wuc/mkWqtLrss0lXY311BfrI/saX7n7t4=</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<X509Data>
<X509Certificate>MIIB8DCCAVmgAwIBAgIQblTMtVPsaJNFRKtH3ePDszANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdCU0wuQ29tMB4XDTA4MDUyMTA0NDgxNVoXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQlNMLkNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArai/gNTS+dU4GvMSB5VfkFL1e5ielRhgtnWJ70Xpl51ABksTFkpRNcLDo56sdXtnk3sKEGWe2QeQ1uoBo0bN7aQTsHCNjuT5K/YD4/y2j+oeRESrz905mJ4owW08MnxkhUzpa6+iPGq0l3TdZaG0GHuuky6wEWe3Chc0hdwCdv0CAwEAAaNHMEUwQwYDVR0BBDwwOoAQcMZu+2G/jyh39/5QO/5nIKEUMBIxEDAOBgNVBAMTB0JTTC5Db22CEG5UzLVT7GiTRUSrR93jw7MwDQYJKoZIhvcNAQEEBQADgYEApc0gYQl50mS2RklQnoCpRX/wEfdwhNIQXcMj/6eqcf9Ul6623Ge2jDNMgQesLAK+rp+kKFqgL6F4odrqxY1u00QvUPQi9LLjWBUi1xAiNnd9lBwmD7z4ITsxhU40/ON+GVIHJ1CbeWvTwE5TaFyCP6uRSDX1Ojv+tovYt6X5Y4w=</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
</t:RequestedSecurityToken>
<t:RequestedAttachedReference>
<o:SecurityTokenReference
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_488ad180-6478-416e-8a61-c879f8a75a4d</o:KeyIdentifier>
</o:SecurityTokenReference>
</t:RequestedAttachedReference>
<t:RequestedUnattachedReference>
<o:SecurityTokenReference
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_488ad180-6478-416e-8a61-c879f8a75a4d</o:KeyIdentifier>
</o:SecurityTokenReference>
</t:RequestedUnattachedReference>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
</t:RequestSecurityTokenResponse>
I am now getting the following exception in OpenSSO,
#|2009-11-11T14:01:46.422-0400|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=16;_ThreadName=httpSSLWorkerThread-8180-0;_RequestID=8395b912-1787-4a81-8b2d-80ee5efa0a75;|
java.lang.NullPointerException
at
com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse.<init>(RequestSecurityTokenResponse.java:126)
at
com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse.parseXML(RequestSecurityTokenResponse.java:159)
at
com.sun.identity.wsfederation.servlet.RPSigninResponse.process(RPSigninResponse.java:101)
at
com.sun.identity.wsfederation.servlet.WSFederationServlet.doPost(WSFederationServlet.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:317)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:440)
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:228)
at
com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
|#]
It looks like Geneva is generating something that OpenSSO does not know how to
parse or something like that. I initially thought that the addressing version
in the AppliesTo element could be the issue as OpenSSO is using an older
versio, so I changed that, but it did not work.
Any clue about what could be wrong in the message ?
Thanks
Pablo.
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, November 10, 2009 8:52 PM
To: [email protected]
Subject: Re: Fifth interop test between Metro and .NET
The version of ws-federation passive profile supported in OpenSSO is
before 1.1. So no
RequestSecurityTokenResponseCollection with
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; ;-) .
Is it possible to configure .Net Passive STS to create
<wst:RequestSecurityTokenResponse
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";>
Thanks!
Jiandong
Pablo Cibraro wrote:
Pablo Cibraro wrote:
Mmm, no. The only info about errors I could find was in this folder
opensso\log\WSFederation.error. This file contains a single line with the
WS-Trust message that the .NET passive STS is generating,
These are the redirections I am getting,
1. Trader client makes an Http GET to
https://sp.stonehenge.com:8080/WSFederationServlet/metaAlias/Fedsp?goto=http://apps.stonehenge.com:1316/trader_client
2. OpenSSO makes an Http GET to http://localhost/trade_identity ? All the
WSTrust parameters (This is the .NET passive STS)
3. The .NET passive STS generates a form with action =
"https://sp.stonehenge.com:8080/WSFederationServlet/metaAlias/Fedsp";
This is the WS-TRUST message
<trust:RequestSecurityTokenResponseCollection
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
<trust:RequestSecurityTokenResponse
Context="s2ceec7ad41fed61267f0f72c9557b77046c98ef7c">
<trust:Lifetime>
<wsu:Created
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2009-11-10T22:59:28.543Z</wsu:Created>
<wsu:Expires
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2009-11-11T08:59:28.543Z</wsu:Expires>
</trust:Lifetime>
<z:ReplyTo
xmlns:z="http://schemas.microsoft.com/ws/2008/06/identity";>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</z:ReplyTo>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing";>
<Address>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</Address>
</EndpointReference>
</wsp:AppliesTo>
<trust:RequestedSecurityToken>
<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_560fe2f7-f0c9-418b-8e74-4145f5c37b7b"
Issuer="PassiveSTS" IssueInstant="2009-11-10T22:59:28.544Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-11-10T22:59:28.543Z"
NotOnOrAfter="2009-11-11T08:59:28.543Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN";>uid:[email protected]</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="role"
AttributeNamespace="http://microsoft";>
<saml:AttributeValue>staff</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthenticationStatement AuthenticationMethod="http://microsoft/geneva";
AuthenticationInstant="2009-11-10T22:59:28.543Z">
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN";>uid:[email protected]</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#_560fe2f7-f0c9-418b-8e74-4145f5c37b7b">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<ds:DigestValue>Bt97jrvwGHD7YYHGIrzseAERLz0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DUWVbsicStAEAAjKECn6txzxY3R/Xqac69haLQnhiE7nzvDD40rQ9yME25+8f4mbyOSlQqM6t8gI+CD6wOOUIZHuCOGZw7FA/KLbhIVFhJfPbzeGqEXcrcplhhbHCiUDC0V5Dt8tRFJZEOIrb3Ytha9j+yOwwB9UJdZl63E2lMA=</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<X509Data>
<X509Certificate>MIIB8DCCAVmgAwIBAgIQblTMtVPsaJNFRKtH3ePDszANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdCU0wuQ29tMB4XDTA4MDUyMTA0NDgxNVoXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQlNMLkNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArai/gNTS+dU4GvMSB5VfkFL1e5ielRhgtnWJ70Xpl51ABksTFkpRNcLDo56sdXtnk3sKEGWe2QeQ1uoBo0bN7aQTsHCNjuT5K/YD4/y2j+oeRESrz905mJ4owW08MnxkhUzpa6+iPGq0l3TdZaG0GHuuky6wEWe3Chc0hdwCdv0CAwEAAaNHMEUwQwYDVR0BBDwwOoAQcMZu+2G/jyh39/5QO/5nIKEUMBIxEDAOBgNVBAMTB0JTTC5Db22CEG5UzLVT7GiTRUSrR93jw7MwDQYJKoZIhvcNAQEEBQADgYEApc0gYQl50mS2RklQnoCpRX/wEfdwhNIQXcMj/6eqcf9Ul6623Ge2jDNMgQesLAK+rp+kKFqgL6F4odrqxY1u00QvUPQi9LLjWBUi1xAiNnd9lBwmD7z4ITsxhU40/ON+GVIHJ1CbeWvTwE5TaFyCP6uRSDX1Ojv+tovYt6X5Y4w=</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
</trust:RequestedSecurityToken>
<trust:RequestedAttachedReference>
<o:SecurityTokenReference
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_560fe2f7-f0c9-418b-8e74-4145f5c37b7b</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedAttachedReference>
<trust:RequestedUnattachedReference>
<o:SecurityTokenReference
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_560fe2f7-f0c9-418b-8e74-4145f5c37b7b</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedUnattachedReference>
<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
</trust:RequestSecurityTokenResponse>
</trust:RequestSecurityTokenResponseCollection>
The only error I am getting in OpenSSO is HTTP Status 403 (Access Denied to the
specified resource) after the form with the WS-TRUST message is posted.
Do you see something strange in the WS-TRUST message ?
Thanks
Pablo.
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, November 10, 2009 6:13 PM
To: [email protected]
Subject: Re: Fifth interop test between Metro and .NET
Pablo Cibraro wrote:
Thanks. The metro client is now calling the .NET passive STS, and this one is
returning a SAML token to the OpenSSO sp.
Great!
The OpenSSO sp is throwing an with the following details,
The following exceptions should not be relevant.
Do you see any other information in the server log for sp?
Or check the opensso debug files in the config directory, e.g.
C:\Documents and Settings\manveen\opensso\sp\opensso\debug.
Thanks!
Jiandong
[#|2009-11-10T14:00:44.647-0400|SEVERE|sun-appserver9.1|com.sun.xml.ws.wspolicy.PolicyWSDLParserExtension|_ThreadID=10;_ThreadName=main;_RequestID=570cda77-1918-4cbe-b3c6-13f1b82a2033;|WSP1007:
Policy exception occured when finishing WSDL parsing.
com.sun.xml.ws.policy.PolicyException: WSP0071: Multiple policy assertion
creators try to register for namespace
'http://schemas.xmlsoap.org/ws/2005/02/rm/policy'. Old creator`s class:
'com.sun.xml.ws.rx.policy.spi_impl.RxAssertionCreator', new creator`s class:
'com.sun.xml.ws.rm.policy.spi_impl.RmAssertionCreator'.
at
com.sun.xml.ws.policy.sourcemodel.PolicyModelTranslator.<init>(PolicyModelTranslator.java:184)
at
com.sun.xml.ws.api.policy.ModelTranslator.<init>(ModelTranslator.java:81)
at
com.sun.xml.ws.api.policy.ModelTranslator.<clinit>(ModelTranslator.java:70)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicies(BuilderHandler.java:97)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicySubjects(BuilderHandler.java:105)
at
com.sun.xml.ws.policy.BuilderHandlerEndpointScope.doPopulate(BuilderHandlerEndpointScope.java:67)
at com.sun.xml.ws.policy.BuilderHandler.populate(BuilderHandler.java:77)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getNewPolicyMap(PolicyMapBuilder.java:103)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getPolicyMap(PolicyMapBuilder.java:85)
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:955)
at
com.sun.xml.ws.wsdl.parser.DelegatingParserExtension.postFinished(DelegatingParserExtension.java:187)
at
com.sun.xml.ws.wsdl.parser.WSDLParserExtensionFacade.postFinished(WSDLParserExtensionFacade.java:334)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:262)
at
com.sun.xml.ws.server.EndpointFactory.getWSDLPort(EndpointFactory.java:531)
at
com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:174)
at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147)
at
com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
com.sun.identity.wss.sts.STSContextListener.contextInitialized(STSContextListener.java:107)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4523)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:5184)
at com.sun.enterprise.web.WebModule.start(WebModule.java:326)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.VirtualServer.startChildren(VirtualServer.java:1672)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:955)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.EmbeddedWebContainer$WebEngine.startChildren(EmbeddedWebContainer.java:453)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:533)
at org.apache.catalina.startup.Embedded.start(Embedded.java:936)
at com.sun.enterprise.web.WebContainer.start(WebContainer.java:873)
at
com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:790)
at
com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:84)
at
com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:442)
at
com.sun.enterprise.server.ondemand.OnDemandServer.onStartup(OnDemandServer.java:120)
at com.sun.enterprise.server.PEMain.run(PEMain.java:411)
at com.sun.enterprise.server.PEMain.main(PEMain.java:338)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412)
|#]
[#|2009-11-10T14:00:44.649-0400|SEVERE|sun-appserver9.1|com.sun.xml.ws.server.http|_ThreadID=10;_ThreadName=main;_RequestID=570cda77-1918-4cbe-b3c6-13f1b82a2033;|WSSERVLET11:
failed to parse runtime descriptor: javax.xml.ws.WebServiceException: WSP1007:
Policy exception occured when finishing WSDL parsing.
javax.xml.ws.WebServiceException: WSP1007: Policy exception occured when
finishing WSDL parsing.
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:959)
at
com.sun.xml.ws.wsdl.parser.DelegatingParserExtension.postFinished(DelegatingParserExtension.java:187)
at
com.sun.xml.ws.wsdl.parser.WSDLParserExtensionFacade.postFinished(WSDLParserExtensionFacade.java:334)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:262)
at
com.sun.xml.ws.server.EndpointFactory.getWSDLPort(EndpointFactory.java:531)
at
com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:174)
at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147)
at
com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
com.sun.identity.wss.sts.STSContextListener.contextInitialized(STSContextListener.java:107)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4523)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:5184)
at com.sun.enterprise.web.WebModule.start(WebModule.java:326)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.VirtualServer.startChildren(VirtualServer.java:1672)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:955)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.EmbeddedWebContainer$WebEngine.startChildren(EmbeddedWebContainer.java:453)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:533)
at org.apache.catalina.startup.Embedded.start(Embedded.java:936)
at com.sun.enterprise.web.WebContainer.start(WebContainer.java:873)
at
com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:790)
at
com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:84)
at
com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:442)
at
com.sun.enterprise.server.ondemand.OnDemandServer.onStartup(OnDemandServer.java:120)
at com.sun.enterprise.server.PEMain.run(PEMain.java:411)
at com.sun.enterprise.server.PEMain.main(PEMain.java:338)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412)
Caused by: com.sun.xml.ws.policy.PolicyException: WSP0071: Multiple policy
assertion creators try to register for namespace
'http://schemas.xmlsoap.org/ws/2005/02/rm/policy'. Old creator`s class:
'com.sun.xml.ws.rx.policy.spi_impl.RxAssertionCreator', new creator`s class:
'com.sun.xml.ws.rm.policy.spi_impl.RmAssertionCreator'.
at
com.sun.xml.ws.policy.sourcemodel.PolicyModelTranslator.<init>(PolicyModelTranslator.java:184)
at
com.sun.xml.ws.api.policy.ModelTranslator.<init>(ModelTranslator.java:81)
at
com.sun.xml.ws.api.policy.ModelTranslator.<clinit>(ModelTranslator.java:70)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicies(BuilderHandler.java:97)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicySubjects(BuilderHandler.java:105)
at
com.sun.xml.ws.policy.BuilderHandlerEndpointScope.doPopulate(BuilderHandlerEndpointScope.java:67)
at com.sun.xml.ws.policy.BuilderHandler.populate(BuilderHandler.java:77)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getNewPolicyMap(PolicyMapBuilder.java:103)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getPolicyMap(PolicyMapBuilder.java:85)
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:955)
... 44 more
|#]
[#|2009-11-10T14:00:44.655-0400|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=570cda77-1918-4cbe-b3c6-13f1b82a2033;|java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
com.sun.identity.wss.sts.STSContextListener.contextInitialized(STSContextListener.java:107)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4523)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:5184)
at com.sun.enterprise.web.WebModule.start(WebModule.java:326)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.VirtualServer.startChildren(VirtualServer.java:1672)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:955)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.EmbeddedWebContainer$WebEngine.startChildren(EmbeddedWebContainer.java:453)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:533)
at org.apache.catalina.startup.Embedded.start(Embedded.java:936)
at com.sun.enterprise.web.WebContainer.start(WebContainer.java:873)
at
com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:790)
at
com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:84)
at
com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:442)
at
com.sun.enterprise.server.ondemand.OnDemandServer.onStartup(OnDemandServer.java:120)
at com.sun.enterprise.server.PEMain.run(PEMain.java:411)
at com.sun.enterprise.server.PEMain.main(PEMain.java:338)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412)
Caused by: com.sun.xml.ws.transport.http.servlet.WSServletException:
WSSERVLET11: failed to parse runtime descriptor:
javax.xml.ws.WebServiceException: WSP1007: Policy exception occured when
finishing WSDL parsing.
at
com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:139)
... 35 more
Caused by: javax.xml.ws.WebServiceException: WSP1007: Policy exception occured
when finishing WSDL parsing.
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:959)
at
com.sun.xml.ws.wsdl.parser.DelegatingParserExtension.postFinished(DelegatingParserExtension.java:187)
at
com.sun.xml.ws.wsdl.parser.WSDLParserExtensionFacade.postFinished(WSDLParserExtensionFacade.java:334)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:262)
at
com.sun.xml.ws.server.EndpointFactory.getWSDLPort(EndpointFactory.java:531)
at
com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:174)
at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147)
at
com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:124)
... 35 more
Caused by: com.sun.xml.ws.policy.PolicyException: WSP0071: Multiple policy
assertion creators try to register for namespace
'http://schemas.xmlsoap.org/ws/2005/02/rm/policy'. Old creator`s class:
'com.sun.xml.ws.rx.policy.spi_impl.RxAssertionCreator', new creator`s class:
'com.sun.xml.ws.rm.policy.spi_impl.RmAssertionCreator'.
at
com.sun.xml.ws.policy.sourcemodel.PolicyModelTranslator.<init>(PolicyModelTranslator.java:184)
at
com.sun.xml.ws.api.policy.ModelTranslator.<init>(ModelTranslator.java:81)
at
com.sun.xml.ws.api.policy.ModelTranslator.<clinit>(ModelTranslator.java:70)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicies(BuilderHandler.java:97)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicySubjects(BuilderHandler.java:105)
at
com.sun.xml.ws.policy.BuilderHandlerEndpointScope.doPopulate(BuilderHandlerEndpointScope.java:67)
at com.sun.xml.ws.policy.BuilderHandler.populate(BuilderHandler.java:77)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getNewPolicyMap(PolicyMapBuilder.java:103)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getPolicyMap(PolicyMapBuilder.java:85)
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:955)
... 44 more
|#]
This is the SAML token the passive STS is generating,
<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_fa555580-fcac-4baa-9d10-e5b2dd64679c"
Issuer="PassiveSTS" IssueInstant="2009-11-10T17:24:58.844Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-11-10T17:24:58.342Z"
NotOnOrAfter="2009-11-11T03:24:58.342Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN";>uid:[email protected]</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="role" AttributeNamespace="http://microsoft";>
<saml:AttributeValue>staff</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthenticationStatement AuthenticationMethod="http://microsoft/geneva";
AuthenticationInstant="2009-11-10T17:24:58.844Z">
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN";>uid:[email protected]</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
/>
<ds:Reference URI="#_fa555580-fcac-4baa-9d10-e5b2dd64679c">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>cHUIIGuyRrYhtBJP3euTVomdwZc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>FevVLUpP6BHExpoxwbENlBCJZflNNY6Av6R2y2Lm9kD0MKJn+WXx82sZdWWg/7VihoKrZomU4q/S6MJWplP3yXB4CM++/vcJns/yvjQPJZdtzfFHanzgStCQr7+ULK3TZYqJhcAHL34bHBo/Xnza58Yb7lU/iAKr1Q6OcBcM4Gk=</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<X509Data>
<X509Certificate>MIIB8DCCAVmgAwIBAgIQblTMtVPsaJNFRKtH3ePDszANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdCU0wuQ29tMB4XDTA4MDUyMTA0NDgxNVoXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQlNMLkNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArai/gNTS+dU4GvMSB5VfkFL1e5ielRhgtnWJ70Xpl51ABksTFkpRNcLDo56sdXtnk3sKEGWe2QeQ1uoBo0bN7aQTsHCNjuT5K/YD4/y2j+oeRESrz905mJ4owW08MnxkhUzpa6+iPGq0l3TdZaG0GHuuky6wEWe3Chc0hdwCdv0CAwEAAaNHMEUwQwYDVR0BBDwwOoAQcMZu+2G/jyh39/5QO/5nIKEUMBIxEDAOBgNVBAMTB0JTTC5Db22CEG5UzLVT7GiTRUSrR93jw7MwDQYJKoZIhvcNAQEEBQADgYEApc0gYQl50mS2RklQnoCpRX/wEfdwhNIQXcMj/6eqcf9Ul6623Ge2jDNMgQesLAK+rp+kKFqgL6F4odrqxY1u00QvUPQi9LLjWBUi1xAiNnd9lBwmD7z4ITsxhU40/ON+GVIHJ1CbeWvTwE5TaFyCP6uRSDX1Ojv+tovYt6X5Y4w=</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
Do you know what could be the issue in opensso ?.
Thanks in advance
Pablo.
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, November 10, 2009 5:55 AM
To: [email protected]
Subject: Re: Fifth interop test between Metro and .NET
Hi Pablo,
See inline ...
Pablo Cibraro wrote:
Hi Jiandong,
I need some of your help if it is possible to configure this scenario,
Config Service -> Metro
Business Service - Metro
Passive STS -> .NET
Active STS -> Metro
Trader Client -> Metro
I have two questions for you,
1. Is this the correct procedure to configure an external idp in OpenSSO ?
Yes, the basic reference is
https://opensso.dev.java.net/public/use/docs/opensso/pdf/WSFedHowTo.pdf.
section 5 is about configure OpenSSO as SP with outside idp.
2. How can I change the realm parameter to be an absolute URL (I could
not find a way to change this in the .xml files)
The TokenIssuerName in fedsp.xml according to the document above.
Thanks!
Jiandong
Thanks
Pablo.
