Hi,
I'm trying to call a WCF service using WS-SecureConversation. The initial
conversation with the STS fails while calling
TransportFinder.findTransportForURI(...) due to the fact that the URI is
null. It seems like the client fails to find the correct location of the STS
from the WSDL.
Prior to the error I get the following, possibly unrelated, warning in the
log:
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl - No assertion builder
for type
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference
registered.
The client is generated from WSDL published by a WCF
WS2007FederationHttpBinding and I get this error in both CXF 2.2.9 and
2.3.0.
I suspect that the WSDL contains some unsupported security feature but have
not been able to pinpoint it.
Anyone have a clue for this?
The security related part of the WSDL looks like this (a bit edited):
...
<sp:SymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:IssuedToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<Issuer
xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<Address
xmlns="http://www.w3.org/2005/08/addressing";>...</Address>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<trust:KeyType
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
<trust:KeySize
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>256</trust:KeySize>
<trust:Claims
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";
Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";>
...
</trust:Claims>
<trust:KeyWrapAlgorithm
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust13>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
</wsp:Policy>
</sp:BootstrapPolicy>
<sp:MustNotSendAmend/>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
...
Regards,
Tobias Westerblom, Cubeia Ltd
--
View this message in context:
http://cxf.547215.n5.nabble.com/NullPointerException-in-TransportFinder-for-STSClient-tp3279776p3279776.html
Sent from the cxf-user mailing list archive at Nabble.com.
