On Thursday, August 18, 2011 1:43:09 PM Colm O hEigeartaigh wrote: > Could you try it with CXF 2.4.1? I may have fixed a bug related to this. >
Actually, try 2.4.2 if you can. If you are going to attempt an upgrade, jump to the latest. :-) Dan > Colm. > > On Thu, Aug 18, 2011 at 1:31 PM, Penmatsa, Vinay <[email protected]> wrote: > > CXF 2.4.0 > > > > > > -Vinay > > > > > > -----Original Message----- > > From: Colm O hEigeartaigh [mailto:[email protected]] > > Sent: Thursday, August 18, 2011 8:29 AM > > To: [email protected] > > Subject: Re: InitiatorSignatureToken > > > > What version of CXF are you using? > > > > Colm. > > > > On Thu, Aug 18, 2011 at 12:53 PM, Penmatsa, Vinay > > > > <[email protected]> wrote: > >> Hi Colm, > >> Below is my cxf config client & policy def in the wsdl. The result is > >> that STS token is included in the message is not signed by the > >> client. Am I missing some policy assertion? I'm getting the error: " > >> Caused by: org.apache.cxf.binding.soap.SoapFault: An error was > >> discovered processing the <wsse:Security> header" But when I look at > >> the message sent, there's no signature that the service expects. When > >> I do all this programmatically with action SAML_TOKEN_SIGNED, it > >> works fine with the message signed. > >> > >> ----------- > >> Client config: > >> > >> <jaxws:client > >> xmlns:ns1="http://webservice.sap.com"; > >> id="samlTokenClient" > >> > >> serviceClass="com.sap.webservice.QueryServiceInterfaceConfigGenPortT > >> ype" serviceName="ns1:QueryServiceInterfaceConfigGen" > >> endpointName="ns1:QueryServiceInterfaceConfigGenPortSoap11" > >> address="http://localhost:9101/sourcing/services/QueryServiceService. > >> Soap11Endpoint" wsdlLocation="C:/temp/QueryServiceService-policy.xml"> > >> > >> <jaxws:properties> > >> <entry key="ws-security.signature.properties" > >> value="wss40_client.properties" /> <entry > >> key="ws-security.callback-handler" > >> value="com.sap.cxftest.client.ClientPasswordCallback"/> > >> > >> <entry key="ws-security.sts.client"> > >> <bean > >> class="org.apache.cxf.ws.security.trust.STSClient"> <constructor-arg > >> ref="cxf" /> <property name="requiresEntropy" value="false" /> > >> <property name="wsdlLocation" value="<STS Endpoint>" /> <property > >> name="serviceName" > >> value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}STS"; /> > >> <property name="endpointName" > >> value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}UT"; /> > >> <property name="tokenType" > >> value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1. > >> 1#SAMLV2.0"/> <property name="keyType" > >> value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey"/> > >> <property name="properties"> <map> > >> <entry > >> key="ws-security.username" value="buyer44" /> <entry > >> key="ws-security.password" value="password1" /> <!-- <entry > >> key="ws-security.username" value="wsclient"/ --> > >> > >> <entry > >> key="ws-security.signature.properties" > >> value="wss40_client.properties" /> <entry > >> key="ws-security.encryption.properties" value="wss40_sts.properties" > >> /> <entry key="ws-security.encryption.username" value="sts" /> <entry > >> key="ws-security.sts.token.properties" value="wss40_sts.properties" > >> /> <entry key="ws-security.sts.token.username" value="sts" /> </map> > >> </property> > >> </bean> > >> </entry> > >> </jaxws:properties> > >> > >> </jaxws:client> > >> > >> ----------- > >> Policy in WSDL: > >> > >> <wsp:Policy wsu:Id="SAML2Token" > >> > >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w > >> ssecurity-utility-1.0.xsd" > >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > >> <wsp:ExactlyOne> > >> <wsp:All> > >> <!--wsam:Addressing > >> wsp:Optional="false"> <wsp:Policy/> </wsam:Addressing --> > >> <sp:AsymmetricBinding> > >> <wsp:Policy> > >> <sp:InitiatorToken> > >> <wsp:Policy> > >> <sp:IssuedToken > >> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/2 > >> 00702/IncludeToken/AlwaysToRecipient"> > >> <sp:RequestSecurityTokenTemplate> > >> <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-prof > >> ile-1.1#SAMLV2.0</t:TokenType> > >> <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey > >> </t:KeyType> <!--t:KeySize>256</t:KeySize--> > >> </sp:RequestSecurityTokenTemplate> <wsp:Policy> > >> <sp:RequireInternalReference /> </wsp:Policy> </sp:IssuedToken> > >> </wsp:Policy> > >> </sp:InitiatorToken> > >> <sp:RecipientToken> > >> <wsp:Policy> > >> <sp:X509Token > >> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/2 > >> 00702/IncludeToken/Never"> <wsp:Policy> > >> > >> <sp:WssX509V3Token10/> > >> </wsp:Policy> > >> </sp:X509Token> > >> </wsp:Policy> > >> </sp:RecipientToken> > >> <sp:Layout> > >> <wsp:Policy> > >> <sp:Lax > >> /> </wsp:Policy> </sp:Layout> > >> <sp:SignedParts > >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > >> </sp:SignedParts> <sp:OnlySignEntireHeadersAndBody /> > >> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256 /> <!-- To use the > >> export grade encryption that comes bundled in the JDK, comment out > >> the above Basic256 algorithm and uncomment the below Basic128. --> > >> <!-- <sp:Basic128 /> --> </wsp:Policy> </sp:AlgorithmSuite> > >> </wsp:Policy> > >> </sp:AsymmetricBinding> > >> </wsp:All> > >> </wsp:ExactlyOne> > >> </wsp:Policy> > >> <wsdl:types> > >> ----------- > >> > >> > >> -Vinay > >> > >> > >> -----Original Message----- > >> From: Colm O hEigeartaigh [mailto:[email protected]] > >> Sent: Thursday, August 18, 2011 7:17 AM > >> To: [email protected] > >> Subject: Re: InitiatorSignatureToken > >> > >> What does the full policy look like? That fragment looks ok to me. > >> What error are you getting? Also, what version of CXF are you using? > >> > >> Colm. > >> > >> On Wed, Aug 17, 2011 at 10:36 PM, Penmatsa, Vinay > >> > >> <[email protected]> wrote: > >>> Hi, > >>> I'm unable to define the correct policy for SAML_TOKEN_SIGNED. The > >>> following gets the STS token and includes it in the request, but > >>> now I need sign the message. > >>> > >>> <sp:InitiatorToken> > >>> <wsp:Policy> > >>> <sp:IssuedToken > >>> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy > >>> /200702/IncludeToken/AlwaysToRecipient"> > >>> <sp:RequestSecurityTokenTemplate> > >>> > >>> <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-p > >>> rofile-1.1#SAMLV2.0</t:TokenType> > >>> <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicK > >>> ey</t:KeyType> </sp:RequestSecurityTokenTemplate> > >>> <wsp:Policy> > >>> <sp:RequireInternalReference /> > >>> <wsp:Policy> > >>> </sp:IssuedToken> > >>> </wsp:Policy> > >>> </sp:InitiatorToken> > >>> > >>> I think I've to use InitiatorSignatureToken, but not sure how. > >>> > >>> > >>> Thanks, > >>> Vinay > >> > >> -- > >> Colm O hEigeartaigh > >> > >> http://coheigea.blogspot.com/ > >> Talend - http://www.talend.com > > > > -- > > Colm O hEigeartaigh > > > > http://coheigea.blogspot.com/ > > Talend - http://www.talend.com -- Daniel Kulp [email protected] http://dankulp.com/blog Talend - http://www.talend.com
