Hi there
I've configured the TransformOutInterceptor in the STS to support the old
WS-Trust standard:
<bean id="transformerOut"
class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
<property name="outTransformElements">
<map>
<entry
key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*";
value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*"; />
</map>
</property>
</bean>
For some reason, the transform interceptor removed the wsa ns prefix in the
AppliesTo and thus becomes invalid xml.
I've tested this with soapUI. Here is the incoming request and the returned
response. Any ideas?
request:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>alice</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<wst:RequestSecurityToken
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<wsa:EndpointReference>
<wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";
xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";>
<ic:ClaimType Optional="false"
Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
<ic:ClaimType Optional="false"
Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
<ic:ClaimType Optional="false"
Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
</wst:Claims>
</wst:RequestSecurityToken>
</soap:Body>
</soap:Envelope>
response:
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header/><soap:Body><ns2:RequestSecurityTokenResponseCollection
xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200802";
xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512";
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:ns5="http://schemas.xmlsoap.org/ws/2004/08/addressing";><ns2:RequestSecurityTokenResponse><ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns2:TokenType><ns2:RequestedSecurityToken><saml1:Assertion
xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
AssertionID="_B89DBAA8B9BDD6399413305878132971"
IssueInstant="2012-03-01T07:43:33.229Z" Issuer="STS SOA LAB" MajorVersion="1"
MinorVersion="1" xsi:type="saml1:AssertionType"><saml1:Conditions
NotBefore="2012-03-01T07:43:33.308Z"
NotOnOrAfter="2012-03-01T07:48:33.308Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="http://cxf.apache.org/sts";>alice</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute
AttributeName="givenname"
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml1:AttributeValue
xsi:type="xs:string">Oliver</saml1:AttributeValue></saml1:Attribute><saml1:Attribute
AttributeName="surname"
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml1:AttributeValue
xsi:type="xs:string">Wulff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute
AttributeName="emailaddress"
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml1:AttributeValue
xsi:type="xs:string">[email protected]</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#_B89DBAA8B9BDD6399413305878132971"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8dPFtAoJ5fLMAfm4YN4Ifh3fhmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nCTcCczlbcJgDU5MTicRQnVv1xHVW7X6pYepQE54MNRFSBzF1aSvHp9+1IfJbBaQnOT1yn1WtQ4eJdyld8PXSF6PDjSVsftx5/ADBPYyndRx4JX64z5bu5ih9jiURLCDLoEn9G3gJJgN7DH56XzFxb9FHAXo3mDqSAOKuxM5/zc=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHHDCCBQSgAwIBAgIKbaKC4wABAADlMjANBgkqhkiG9w0BAQUFADBlMRQwEgYKCZImiZPyLGQB
GRYEY29ycDEWMBQGCgmSJomT8ixkARkWBnp1cmljaDEUMBIGCgmSJomT8ixkARkWBGVtZWExHzAd
BgNVBAMTFlp1cmljaCBJc3N1aW5nIENBIE5vIDEwHhcNMTEwOTEzMTQxNTIyWhcNMTMwOTAyMTQx
NTIyWjB5MQswCQYDVQQGEwJDSDEiMCAGA1UEChMZWnVyaWNoIEZpbmFuY2lhbCBTZXJ2aWNlczEM
MAoGA1UECxMDTEFCMRAwDgYDVQQDEwdTVFMgR0FEMSYwJAYJKoZIhvcNAQkBFhdtYXJnby5jcm9u
aW5AenVyaWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFKcP+zd9SG/xsrhV8F4
WzE+DC3VXB8c2litGplYg67WzHbGvleJltii1Vm6NHKfQG5Aet+UvePe4P+YsmvsnzpoJ/grsst+
+b4qkzMaxPFwhDG2kg+XY9j3UGF2J99gi8lIx6r2q7muUcimNy8TOLMjwUI7nrvclQrpqSKpEa0C
AwEAAaOCAzwwggM4MAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUmNwtKqKWcJ/Rk3H+xkubksvejAcw
HwYDVR0jBBgwFoAUYsbQkZrdQYEgA79rNBwTKCp12FowggEiBgNVHR8EggEZMIIBFTCCARGgggEN
oIIBCYaBx2xkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIwTm8lMjAxLENOPWNlcGtp
MDAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u
ZmlndXJhdGlvbixEQz16dXJpY2gsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh
c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGPWh0dHA6Ly9wa2kuenVyaWNoLmNv
bS9aSUNBL1p1cmljaCUyMElzc3VpbmclMjBDQSUyME5vJTIwMS5jcmwwggE7BggrBgEFBQcBAQSC
AS0wggEpMIG9BggrBgEFBQcwAoaBsGxkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIw
Tm8lMjAxLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
b25maWd1cmF0aW9uLERDPXp1cmljaCxEQz1jb3JwP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RD
bGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGcGCCsGAQUFBzAChltodHRwOi8vcGtpLnp1cmlj
aC5jb20vWklDQS9jZXBraTAwMDEuZW1lYS56dXJpY2guY29ycF9adXJpY2glMjBJc3N1aW5nJTIw
Q0ElMjBObyUyMDEoMSkuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIaqzXqHyZwAgf2J
LYH05mWH9M5IYoTSkQDyr2gCAWQCAQ8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcG
CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggIB
AIKfuo0p023qrM6n4+fNihfJ1xnZO1zes4uomPkj4OK97JQc3RDP/oymC4bPwN+20dmF+N7ng+Er
3yZQ6Wwgr9UvGJuEBU8GtU3QU57X/TAsmVK9fvw0pkcrbqJo8/UVRfMB/Q16+xTdRB65ROmbCqhE
fZgv7xLjJjcjBwUMP7ZvxNr3cibvDrNDHu/r5sUwlUZZemmg0e/Z8ytBDS1cMiE8z7aVzFMTzzHC
vNS+czY11yMXsh0TqZEzIfESCGx71xnMgTekvo+0vx5z7BFAfD8J5svVdcEAuD/h5pjyQJWssrvm
mdudn6VDl00mP24DvU5H2g2P5LoMSLp2JpgXUNd155nd3c+RwaKCYpUtIabkth0/bpueIg8P8bG/
A1rTp/KQ0QwKe6ZUK44aWBeNcxoXsvedyxUqSInO2uwKHbN/K8qXwMCRDnvPCuCkP0TyOzn4xhmC
amnBdGPKbX61B3wmJWehxrhLPmvg00LvY+LHHJ7WxQ4G5cQv+11flYrqpF21aC9gNqNTqd/Lf9Z0
dZ3Jj6G7IkBmT/dIXBofi+XKq6xn4CiK/OUsR89T62tHdUu113+wCQKdd58AxKHYm48L58+LWnmQ
SWDspTToK2g0B8/EPDfMhiuRfchgViWpp4zvAvZPUzPJSzxkvkTD3zBeaBZFYDq6cgIbGe5g3H5j</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml1:Assertion></ns2:RequestedSecurityToken><ns2:RequestedAttachedReference><ns4:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";><ns4:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>#_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedAttachedReference><ns2:RequestedUnattachedReference><ns4:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";><ns4:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedUnattachedReference><wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReference><wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo><ns2:Lifetime><ns3:Created>2012-03-01T07:43:33.435Z</ns3:Created><ns3:Expires>2012-03-01T07:48:33.435Z</ns3:Expires></ns2:Lifetime></ns2:RequestSecurityTokenResponse></ns2:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
------
Oliver Wulff
http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
Talend Application Integration Division http://www.talend.com
