Hi Aki I use CXF 2.5.2. Thanks Oli ------ Oliver Wulff
http://owulff.blogspot.com Solution Architect Talend Application Integration Division http://www.talend.com ________________________________________ Von: Aki Yoshida [[email protected]] Gesendet: Donnerstag, 1. März 2012 09:59 Bis: [email protected] Cc: Oliver Wulff Betreff: Re: TransformOutInterceptor removes WS-Addressing prefix Hi Olliver, i'll try it out and get back to you shortly. regards, aki 2012/3/1 Oliver Wulff <[email protected]>: > Hi there > > > > I've configured the TransformOutInterceptor in the STS to support the old > WS-Trust standard: > > > > <bean id="transformerOut" > > class="org.apache.cxf.interceptor.transform.TransformOutInterceptor"> > <property name="outTransformElements"> > <map> > <entry > key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*"; > value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*"; /> > </map> > </property> > </bean> > > For some reason, the transform interceptor removed the wsa ns prefix in the > AppliesTo and thus becomes invalid xml. > > > > I've tested this with soapUI. Here is the incoming request and the returned > response. Any ideas? > > > > request: > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Header> > <wsse:Security soap:mustUnderstand="1" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > <wsse:UsernameToken wsu:Id="UsernameToken-1"> > <wsse:Username>alice</wsse:Username> > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > </soap:Header> > <soap:Body> > <wst:RequestSecurityToken > xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > > <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType> > > <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType> > > <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> > <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing";> > <wsa:EndpointReference> > > <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address> > </wsa:EndpointReference> > </wsp:AppliesTo> > <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"; > xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";> > <ic:ClaimType Optional="false" > Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/> > <ic:ClaimType Optional="false" > Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/> > <ic:ClaimType Optional="false" > Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/> > </wst:Claims> > </wst:RequestSecurityToken> > </soap:Body> > </soap:Envelope> > > > > > > response: > > <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header/><soap:Body><ns2:RequestSecurityTokenResponseCollection > xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200802"; > xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; > xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > xmlns:ns5="http://schemas.xmlsoap.org/ws/2004/08/addressing";><ns2:RequestSecurityTokenResponse><ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns2:TokenType><ns2:RequestedSecurityToken><saml1:Assertion > xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" > xmlns:xs="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > AssertionID="_B89DBAA8B9BDD6399413305878132971" > IssueInstant="2012-03-01T07:43:33.229Z" Issuer="STS SOA LAB" MajorVersion="1" > MinorVersion="1" xsi:type="saml1:AssertionType"><saml1:Conditions > NotBefore="2012-03-01T07:43:33.308Z" > NotOnOrAfter="2012-03-01T07:48:33.308Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" > NameQualifier="http://cxf.apache.org/sts";>alice</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute > AttributeName="givenname" > AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml1:AttributeValue > > xsi:type="xs:string">Oliver</saml1:AttributeValue></saml1:Attribute><saml1:Attribute > AttributeName="surname" > AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml1:AttributeValue > > xsi:type="xs:string">Wulff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute > AttributeName="emailaddress" > AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml1:AttributeValue > > xsi:type="xs:string">[email protected]</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><ds:Signature > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference > URI="#_B89DBAA8B9BDD6399413305878132971"><ds:Transforms><ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8dPFtAoJ5fLMAfm4YN4Ifh3fhmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nCTcCczlbcJgDU5MTicRQnVv1xHVW7X6pYepQE54MNRFSBzF1aSvHp9+1IfJbBaQnOT1yn1WtQ4eJdyld8PXSF6PDjSVsftx5/ADBPYyndRx4JX64z5bu5ih9jiURLCDLoEn9G3gJJgN7DH56XzFxb9FHAXo3mDqSAOKuxM5/zc=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHHDCCBQSgAwIBAgIKbaKC4wABAADlMjANBgkqhkiG9w0BAQUFADBlMRQwEgYKCZImiZPyLGQB > GRYEY29ycDEWMBQGCgmSJomT8ixkARkWBnp1cmljaDEUMBIGCgmSJomT8ixkARkWBGVtZWExHzAd > BgNVBAMTFlp1cmljaCBJc3N1aW5nIENBIE5vIDEwHhcNMTEwOTEzMTQxNTIyWhcNMTMwOTAyMTQx > NTIyWjB5MQswCQYDVQQGEwJDSDEiMCAGA1UEChMZWnVyaWNoIEZpbmFuY2lhbCBTZXJ2aWNlczEM > MAoGA1UECxMDTEFCMRAwDgYDVQQDEwdTVFMgR0FEMSYwJAYJKoZIhvcNAQkBFhdtYXJnby5jcm9u > aW5AenVyaWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFKcP+zd9SG/xsrhV8F4 > WzE+DC3VXB8c2litGplYg67WzHbGvleJltii1Vm6NHKfQG5Aet+UvePe4P+YsmvsnzpoJ/grsst+ > +b4qkzMaxPFwhDG2kg+XY9j3UGF2J99gi8lIx6r2q7muUcimNy8TOLMjwUI7nrvclQrpqSKpEa0C > AwEAAaOCAzwwggM4MAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUmNwtKqKWcJ/Rk3H+xkubksvejAcw > HwYDVR0jBBgwFoAUYsbQkZrdQYEgA79rNBwTKCp12FowggEiBgNVHR8EggEZMIIBFTCCARGgggEN > oIIBCYaBx2xkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIwTm8lMjAxLENOPWNlcGtp > MDAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u > ZmlndXJhdGlvbixEQz16dXJpY2gsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh > c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGPWh0dHA6Ly9wa2kuenVyaWNoLmNv > bS9aSUNBL1p1cmljaCUyMElzc3VpbmclMjBDQSUyME5vJTIwMS5jcmwwggE7BggrBgEFBQcBAQSC > AS0wggEpMIG9BggrBgEFBQcwAoaBsGxkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIw > Tm8lMjAxLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D > b25maWd1cmF0aW9uLERDPXp1cmljaCxEQz1jb3JwP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RD > bGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGcGCCsGAQUFBzAChltodHRwOi8vcGtpLnp1cmlj > aC5jb20vWklDQS9jZXBraTAwMDEuZW1lYS56dXJpY2guY29ycF9adXJpY2glMjBJc3N1aW5nJTIw > Q0ElMjBObyUyMDEoMSkuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIaqzXqHyZwAgf2J > LYH05mWH9M5IYoTSkQDyr2gCAWQCAQ8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcG > CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggIB > AIKfuo0p023qrM6n4+fNihfJ1xnZO1zes4uomPkj4OK97JQc3RDP/oymC4bPwN+20dmF+N7ng+Er > 3yZQ6Wwgr9UvGJuEBU8GtU3QU57X/TAsmVK9fvw0pkcrbqJo8/UVRfMB/Q16+xTdRB65ROmbCqhE > fZgv7xLjJjcjBwUMP7ZvxNr3cibvDrNDHu/r5sUwlUZZemmg0e/Z8ytBDS1cMiE8z7aVzFMTzzHC > vNS+czY11yMXsh0TqZEzIfESCGx71xnMgTekvo+0vx5z7BFAfD8J5svVdcEAuD/h5pjyQJWssrvm > mdudn6VDl00mP24DvU5H2g2P5LoMSLp2JpgXUNd155nd3c+RwaKCYpUtIabkth0/bpueIg8P8bG/ > A1rTp/KQ0QwKe6ZUK44aWBeNcxoXsvedyxUqSInO2uwKHbN/K8qXwMCRDnvPCuCkP0TyOzn4xhmC > amnBdGPKbX61B3wmJWehxrhLPmvg00LvY+LHHJ7WxQ4G5cQv+11flYrqpF21aC9gNqNTqd/Lf9Z0 > dZ3Jj6G7IkBmT/dIXBofi+XKq6xn4CiK/OUsR89T62tHdUu113+wCQKdd58AxKHYm48L58+LWnmQ > SWDspTToK2g0B8/EPDfMhiuRfchgViWpp4zvAvZPUzPJSzxkvkTD3zBeaBZFYDq6cgIbGe5g3H5j</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml1:Assertion></ns2:RequestedSecurityToken><ns2:RequestedAttachedReference><ns4:SecurityTokenReference > > xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > > wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";><ns4:KeyIdentifier > > ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>#_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedAttachedReference><ns2:RequestedUnattachedReference><ns4:SecurityTokenReference > > xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > > wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";><ns4:KeyIdentifier > > ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedUnattachedReference><wsp:AppliesTo > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReference><wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address> > </wsa:EndpointReference> > > </wsp:AppliesTo><ns2:Lifetime><ns3:Created>2012-03-01T07:43:33.435Z</ns3:Created><ns3:Expires>2012-03-01T07:48:33.435Z</ns3:Expires></ns2:Lifetime></ns2:RequestSecurityTokenResponse></ns2:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope> > > > > > > ------ > > Oliver Wulff > > http://owulff.blogspot.com<http://owulff.blogspot.com/> > Solution Architect > Talend Application Integration Division http://www.talend.com
