Hi All
I get the following error when trying to connect to web service with
ADFS using CXF 2.5.0:
2011-12-14 12:03:09 WARN [AssertionBuilderRegistryImpl:109] | No
assertion builder for type
{http://schemas.microsoft.com/xrm/2011/Contracts/Services}AuthenticationPolicy
registered.
2011-12-14 12:03:09 DEBUG [PolicyEngineImpl:591] | Alternative
{http://schemas.microsoft.com/xrm/2011/Contracts/Services}AuthenticationPolicy
is not supported
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None
of the policy alternatives can be satisfied.
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
at $Proxy44.retrieveMultiple(Unknown Source)
at test.mscrm2011._MSCRM2011Test.main(_MSCRM2011Test.java:78)
Caused by: org.apache.cxf.ws.policy.PolicyException: None of the
policy alternatives can be satisfied.
at
org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:165)
at
org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:145)
at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:141)
at
org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:565)
at
org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:311)
at
org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:293)
Here is my client XML configuration:
-------------------------------------
<cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
</cxf:bus>
<jaxws:client
name="{http://schemas.microsoft.com/xrm/2011/Contracts}CustomBinding_IOrganizationService";
createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.callback-handler"
value="test.mscrm2011.ClientCallbackHandler"/>
<entry key="ws-security.sts.client">
<bean class="org.apache.cxf.ws.security.trust.STSClient">
<constructor-arg ref="cxf"/>
<property name="wsdlLocation"
value="https://sts1.pcubed.com/adfs/services/trust/mex"/>
<property name="serviceName"
value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
<property name="endpointName"
value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}CustomBinding_IWSTrustFeb2005Async"/>
<property name="properties">
<map>
<entry key="ws-security.callback-handler"
value="test.mscrm2011.ClientCallbackHandler"/>
</map>
</property>
</bean>
</entry>
</jaxws:properties>
</jaxws:client>
This is the policy part of service WSDL:
-------------------------------------
<wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy">
<wsp:ExactlyOne>
<wsp:All>
<ms-xrm:AuthenticationPolicy
xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services";>
<ms-xrm:Authentication>Federation</ms-xrm:Authentication>
<ms-xrm:SecureTokenService>
<ms-xrm:Identifier>http://sts1.pcubed.com/adfs/services/trust</ms-xrm:Identifier>
</ms-xrm:SecureTokenService>
</ms-xrm:AuthenticationPolicy>
<sp:TransportBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken />
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:IssuedToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<Issuer
xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<Address
xmlns="http://www.w3.org/2005/08/addressing";>http://www.w3.org/2005/08/addressing/anonymous
</Address>
<Metadata
xmlns="http://www.w3.org/2005/08/addressing";>
<Metadata
xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<wsx:MetadataSection xmlns="">
<wsx:MetadataReference>
<Address
xmlns="http://www.w3.org/2005/08/addressing";>https://sts1.pcubed.com/adfs/services/trust/mex
</Address>
</wsx:MetadataReference>
</wsx:MetadataSection>
</Metadata>
</Metadata>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<trust:KeyType
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
</trust:KeyType>
<trust:KeySize
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>256</trust:KeySize>
<trust:Claims
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";
Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";>
<wsid:ClaimType
xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity";
Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"; />
</trust:Claims>
<trust:KeyWrapAlgorithm
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference />
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy />
</sp:Wss11>
<sp:Trust13
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
>From the log it doesn't seems to call STS web service at all.
Any idea to solve this problem?
Thank you.
Regards,
Nugroho
