Hi Dan I'll update the wsdl accordingly and give it a try. You agree that this is more a workaround because the drawback is that the soap action changes depending on the used ws-trust binding (issue, validate, ...) even the same wsdl operation is used. I think this should be managed by the STSClient. What do you think? Thanks Oliver
________________________________ Von: Daniel Kulp [mailto:[email protected]] Gesendet: Mo 19.10.2009 18:49 An: [email protected] Cc: Oliver Wulff Betreff: Re: AW: STS Client, Bearer KeyType results in empty soap message Oliver, The wsdl you have for the trust server is slightly problematic. The soap:operation soapAction needs to be set properly. Instead of: <soap:operation soapAction="" style="document"/> if you set it to: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue I think it will work. That said, we definitely should handle this better and I'm updating the STSClient findOperation method to handle this. Dan On Mon October 19 2009 9:51:27 am Oliver Wulff wrote: > I've attached the testcase. > > 1) update the location address of the wsdl port SignedSAMLSenderVouches in > wsdl/ws-trust-1.3-soap.wsdl to a valid endpoint address. No valid WS-Trust > endpoint is required. All you want to see is that the > LoggingOutInterceptor in the client logs an empty soap message which is > sent. > > 2) run > mvn -Psecure.client > > You should now see that the outgoing message is an empty soap message: > 19.10.2009 14:46:37 > org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCall back onClose > INFO: Outbound Message > --------------------------- > ID: 1 > Address: > https://b0d0hr02.ch.zurich.com:57076/services/security/SecurityTokenSer > <https://b0d0hr02.ch.zurich.com:57076/services/security/SecurityTokenSer> > viceSOAPService/SignedSAMLSenderVouches > Encoding: UTF-8 > Content-Type: text/xml > Headers: {SOAPAction=[""], Accept=[*/*]} > Payload: <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ > <http://schemas.xmlsoap.org/soap/envelope/> ">< soap:Body > /></soap:Envelope> > > Thanks > Oliver > > ________________________________ > > Von: Oliver Wulff [mailto:[email protected]] > Gesendet: Mo 19.10.2009 07:45 > An: [email protected] > Betreff: STS Client, Bearer KeyType results in empty soap message > > > > Hi there > > My web service has defined an IssuedToken policy where KeyType is Bearer: > > <sp:IssuedToken > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy > <https://webmail.progress.com/exchweb/bin/redir.asp?URL=http://schemas.xml > soap.org/ws/2005/07/securitypolicy> "> <sp:RequestSecurityTokenTemplate> > <trust:TokenType > xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://docs > <https://webmail.progress.com/f5-w-687474703a2f2f646f6373$$> > .oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</trust:TokenT > ype > <https://webmail.progress.com/exchweb/bin/redir.asp?URL=http://docs.oasis- > open.org/ws-sx/ws-trust/200512%22%3Ehttp://docs.oasis-open.org/wss/oasis-ws > s-saml-token-profile-1.1%23SAMLV1.1%3C/trust:TokenType> > <trust:KeyType > xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://docs > <https://webmail.progress.com/f5-w-687474703a2f2f646f6373$$> > .oasis-open.org/ws-sx/wstrust/200512/Bearer</trust:KeyType > <https://webmail.progress.com/exchweb/bin/redir.asp?URL=http://docs.oasis- > open.org/ws-sx/ws-trust/200512%22%3Ehttp://docs.oasis-open.org/ws-sx/wstrus > t/200512/Bearer%3C/trust:KeyType> > </sp:RequestSecurityTokenTemplate> > </sp:IssuedToken> > > > Unfortunately, the sent request to the STS is an empty soap message: > > INFO: Outbound Message > --------------------------- > ID: 1 > Address: > https://b0d0hr02:57076/services/security/SecurityTokenServiceSOAPService/S > ignedSAMLSenderVouches > <https://b0d0hr02:57076/services/security/SecurityTokenServiceSOAPService/ > SignedSAMLSenderVouches> Encoding: UTF-8 > Content-Type: text/xml > Headers: {SOAPAction=[""], Accept=[*/*]} > Payload: <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body > <https://webmail.progress.com/exchweb/bin/redir.asp?URL=http://schemas.xml > soap.org/soap/envelope/%22%3E%3Csoap:Body> /></soap:Envelope> > > > I have debugged the STSClient and the writeStartElement and writeEndElement > seem to be correct. But for some reason, the translation into DOMSource > seems not to work: Object obj[] = client.invoke(boi, new > DOMSource(writer.getDocument().getDocumentElement())); > > Do you have any ideas? > > Thanks > Oliver > -- Daniel Kulp [email protected] http://www.dankulp.com/blog
