Could you try it with CXF 2.4.1? I may have fixed a bug related to this. Colm.
On Thu, Aug 18, 2011 at 1:31 PM, Penmatsa, Vinay <[email protected]> wrote: > CXF 2.4.0 > > > -Vinay > > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Thursday, August 18, 2011 8:29 AM > To: [email protected] > Subject: Re: InitiatorSignatureToken > > What version of CXF are you using? > > Colm. > > On Thu, Aug 18, 2011 at 12:53 PM, Penmatsa, Vinay > <[email protected]> wrote: >> Hi Colm, >> Below is my cxf config client & policy def in the wsdl. The result is that >> STS token is included in the message is not signed by the client. Am I >> missing some policy assertion? >> I'm getting the error: " Caused by: org.apache.cxf.binding.soap.SoapFault: >> An error was discovered processing the <wsse:Security> header" >> But when I look at the message sent, there's no signature that the service >> expects. When I do all this programmatically with action SAML_TOKEN_SIGNED, >> it works fine with the message signed. >> >> ----------- >> Client config: >> >> <jaxws:client >> xmlns:ns1="http://webservice.sap.com"; >> id="samlTokenClient" >> >> serviceClass="com.sap.webservice.QueryServiceInterfaceConfigGenPortType" >> serviceName="ns1:QueryServiceInterfaceConfigGen" >> endpointName="ns1:QueryServiceInterfaceConfigGenPortSoap11" >> >> address="http://localhost:9101/sourcing/services/QueryServiceService.Soap11Endpoint"; >> wsdlLocation="C:/temp/QueryServiceService-policy.xml"> >> >> <jaxws:properties> >> <entry key="ws-security.signature.properties" >> value="wss40_client.properties" /> >> <entry key="ws-security.callback-handler" >> value="com.sap.cxftest.client.ClientPasswordCallback"/> >> >> <entry key="ws-security.sts.client"> >> <bean >> class="org.apache.cxf.ws.security.trust.STSClient"> >> <constructor-arg ref="cxf" /> >> <property name="requiresEntropy" >> value="false" /> >> <property name="wsdlLocation" >> value="<STS Endpoint>" /> >> <property name="serviceName" >> >> value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}STS"; /> >> <property name="endpointName" >> >> value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}UT"; /> >> <property name="tokenType" >> value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/> >> <property name="keyType" >> value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey"/> >> <property name="properties"> >> <map> >> <entry >> key="ws-security.username" value="buyer44" /> >> <entry >> key="ws-security.password" value="password1" /> >> <!-- <entry >> key="ws-security.username" value="wsclient"/ --> >> >> <entry >> key="ws-security.signature.properties" value="wss40_client.properties" /> >> <entry >> key="ws-security.encryption.properties" value="wss40_sts.properties" /> >> <entry >> key="ws-security.encryption.username" value="sts" /> >> <entry >> key="ws-security.sts.token.properties" value="wss40_sts.properties" /> >> <entry >> key="ws-security.sts.token.username" value="sts" /> >> </map> >> </property> >> </bean> >> </entry> >> </jaxws:properties> >> >> </jaxws:client> >> >> ----------- >> Policy in WSDL: >> >> <wsp:Policy wsu:Id="SAML2Token" >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> >> <wsp:ExactlyOne> >> <wsp:All> >> <!--wsam:Addressing wsp:Optional="false"> >> <wsp:Policy/> </wsam:Addressing --> >> <sp:AsymmetricBinding> >> <wsp:Policy> >> <sp:InitiatorToken> >> <wsp:Policy> >> <sp:IssuedToken >> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> >> >> <sp:RequestSecurityTokenTemplate> >> >> <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> >> >> <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> >> >> <!--t:KeySize>256</t:KeySize--> >> >> </sp:RequestSecurityTokenTemplate> >> <wsp:Policy> >> >> <sp:RequireInternalReference /> >> </wsp:Policy> >> </sp:IssuedToken> >> </wsp:Policy> >> </sp:InitiatorToken> >> <sp:RecipientToken> >> <wsp:Policy> >> <sp:X509Token >> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> >> <wsp:Policy> >> <sp:WssX509V3Token10/> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:RecipientToken> >> <sp:Layout> >> <wsp:Policy> >> <sp:Lax /> >> </wsp:Policy> >> </sp:Layout> >> <sp:SignedParts >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> >> </sp:SignedParts> >> >> <sp:OnlySignEntireHeadersAndBody /> >> <sp:AlgorithmSuite> >> <wsp:Policy> >> <sp:Basic256 >> /> >> <!-- To use >> the export grade encryption that comes bundled in the >> JDK, >> comment out the above Basic256 algorithm and uncomment the below Basic128. >> --> >> <!-- >> <sp:Basic128 /> --> >> </wsp:Policy> >> </sp:AlgorithmSuite> >> </wsp:Policy> >> </sp:AsymmetricBinding> >> </wsp:All> >> </wsp:ExactlyOne> >> </wsp:Policy> >> <wsdl:types> >> ----------- >> >> >> -Vinay >> >> >> -----Original Message----- >> From: Colm O hEigeartaigh [mailto:[email protected]] >> Sent: Thursday, August 18, 2011 7:17 AM >> To: [email protected] >> Subject: Re: InitiatorSignatureToken >> >> What does the full policy look like? That fragment looks ok to me. >> What error are you getting? Also, what version of CXF are you using? >> >> Colm. >> >> On Wed, Aug 17, 2011 at 10:36 PM, Penmatsa, Vinay >> <[email protected]> wrote: >>> Hi, >>> I'm unable to define the correct policy for SAML_TOKEN_SIGNED. The >>> following gets the STS token and includes it in the request, but now I need >>> sign the message. >>> >>> <sp:InitiatorToken> >>> <wsp:Policy> >>> <sp:IssuedToken >>> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> >>> <sp:RequestSecurityTokenTemplate> >>> >>> <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> >>> >>> <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> >>> </sp:RequestSecurityTokenTemplate> >>> <wsp:Policy> >>> <sp:RequireInternalReference /> >>> <wsp:Policy> >>> </sp:IssuedToken> >>> </wsp:Policy> >>> </sp:InitiatorToken> >>> >>> I think I've to use InitiatorSignatureToken, but not sure how. >>> >>> >>> Thanks, >>> Vinay >>> >>> >> >> >> >> -- >> Colm O hEigeartaigh >> >> http://coheigea.blogspot.com/ >> Talend - http://www.talend.com >> > > > > -- > Colm O hEigeartaigh > > http://coheigea.blogspot.com/ > Talend - http://www.talend.com > -- Colm O hEigeartaigh http://coheigea.blogspot.com/ Talend - http://www.talend.com
