Hi Aki Everything works fine with the inbound transformation as CXF STS is able to generate a response.
For inbound, I map everything from http://schemas.xmlsoap.org/ws/2005/02/trust to http://docs.oasis-open.org/ws-sx/ws-trust/200512. For outbound, I map everything from http://docs.oasis-open.org/ws-sx/ws-trust/200512 to http://schemas.xmlsoap.org/ws/2005/02/trust For completeness, here is the TransformInInterceptor configuration (there is no issue with inbound, only outbound): <bean id="transformerIn" class="org.apache.cxf.interceptor.transform.TransformInInterceptor"> <property name="inTransformElements"> <map> <entry key="{http://schemas.xmlsoap.org/ws/2005/02/trust}*"; value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*"; /> </map> </property> </bean> Thanks Oli ------ Oliver Wulff http://owulff.blogspot.com Solution Architect Talend Application Integration Division http://www.talend.com ________________________________________ Von: Aki Yoshida [[email protected]] Gesendet: Donnerstag, 1. März 2012 10:26 Bis: Oliver Wulff Cc: [email protected] Betreff: Re: TransformOutInterceptor removes WS-Addressing prefix Hi Oliver, which namespaces do you want to replace? Your configuration is trying to replace namespace http://docs.oasis-open.org/ws-sx/ws-trust/200512 with namespace http://schemas.xmlsoap.org/ws/2005/02/trust for all elements. But the request message has no elements from this source namespace but only those from the target namespace. So, I suppose you have pasted the desired output data and not the input data? If that was the case, could you provide the input data? I need to have the input and output data so that I can compare the result. thanks. regards, aki 2012/3/1 Aki Yoshida <[email protected]>: > Hi Olliver, > i'll try it out and get back to you shortly. > regards, aki > > 2012/3/1 Oliver Wulff <[email protected]>: >> Hi there >> >> >> >> I've configured the TransformOutInterceptor in the STS to support the old >> WS-Trust standard: >> >> >> >> <bean id="transformerOut" >> >> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor"> >> <property name="outTransformElements"> >> <map> >> <entry >> key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*"; >> value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*"; /> >> </map> >> </property> >> </bean> >> >> For some reason, the transform interceptor removed the wsa ns prefix in the >> AppliesTo and thus becomes invalid xml. >> >> >> >> I've tested this with soapUI. Here is the incoming request and the returned >> response. Any ideas? >> >> >> >> request: >> >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> >> <soap:Header> >> <wsse:Security soap:mustUnderstand="1" >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> >> <wsse:UsernameToken wsu:Id="UsernameToken-1"> >> <wsse:Username>alice</wsse:Username> >> <wsse:Password >> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password> >> </wsse:UsernameToken> >> </wsse:Security> >> </soap:Header> >> <soap:Body> >> <wst:RequestSecurityToken >> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> >> >> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType> >> >> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType> >> >> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> >> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing";> >> <wsa:EndpointReference> >> >> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address> >> </wsa:EndpointReference> >> </wsp:AppliesTo> >> <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"; >> xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";> >> <ic:ClaimType Optional="false" >> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/> >> <ic:ClaimType Optional="false" >> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/> >> <ic:ClaimType Optional="false" >> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/> >> </wst:Claims> >> </wst:RequestSecurityToken> >> </soap:Body> >> </soap:Envelope> >> >> >> >> >> >> response: >> >> <soap:Envelope >> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header/><soap:Body><ns2:RequestSecurityTokenResponseCollection >> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200802"; >> xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; >> xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> >> xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:ns5="http://schemas.xmlsoap.org/ws/2004/08/addressing";><ns2:RequestSecurityTokenResponse><ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns2:TokenType><ns2:RequestedSecurityToken><saml1:Assertion >> xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" >> xmlns:xs="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> AssertionID="_B89DBAA8B9BDD6399413305878132971" >> IssueInstant="2012-03-01T07:43:33.229Z" Issuer="STS SOA LAB" >> MajorVersion="1" MinorVersion="1" >> xsi:type="saml1:AssertionType"><saml1:Conditions >> NotBefore="2012-03-01T07:43:33.308Z" >> NotOnOrAfter="2012-03-01T07:48:33.308Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier >> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" >> NameQualifier="http://cxf.apache.org/sts";>alice</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute >> AttributeName="givenname" >> AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml1:AttributeValue >> >> xsi:type="xs:string">Oliver</saml1:AttributeValue></saml1:Attribute><saml1:Attribute >> AttributeName="surname" >> AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml1:AttributeValue >> >> xsi:type="xs:string">Wulff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute >> AttributeName="emailaddress" >> AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml1:AttributeValue >> >> xsi:type="xs:string">[email protected]</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><ds:Signature >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference >> URI="#_B89DBAA8B9BDD6399413305878132971"><ds:Transforms><ds:Transform >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces >> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; >> PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8dPFtAoJ5fLMAfm4YN4Ifh3fhmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nCTcCczlbcJgDU5MTicRQnVv1xHVW7X6pYepQE54MNRFSBzF1aSvHp9+1IfJbBaQnOT1yn1WtQ4eJdyld8PXSF6PDjSVsftx5/ADBPYyndRx4JX64z5bu5ih9jiURLCDLoEn9G3gJJgN7DH56XzFxb9FHAXo3mDqSAOKuxM5/zc=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHHDCCBQSgAwIBAgIKbaKC4wABAADlMjANBgkqhkiG9w0BAQUFADBlMRQwEgYKCZImiZPyLGQB >> GRYEY29ycDEWMBQGCgmSJomT8ixkARkWBnp1cmljaDEUMBIGCgmSJomT8ixkARkWBGVtZWExHzAd >> BgNVBAMTFlp1cmljaCBJc3N1aW5nIENBIE5vIDEwHhcNMTEwOTEzMTQxNTIyWhcNMTMwOTAyMTQx >> NTIyWjB5MQswCQYDVQQGEwJDSDEiMCAGA1UEChMZWnVyaWNoIEZpbmFuY2lhbCBTZXJ2aWNlczEM >> MAoGA1UECxMDTEFCMRAwDgYDVQQDEwdTVFMgR0FEMSYwJAYJKoZIhvcNAQkBFhdtYXJnby5jcm9u >> aW5AenVyaWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFKcP+zd9SG/xsrhV8F4 >> WzE+DC3VXB8c2litGplYg67WzHbGvleJltii1Vm6NHKfQG5Aet+UvePe4P+YsmvsnzpoJ/grsst+ >> +b4qkzMaxPFwhDG2kg+XY9j3UGF2J99gi8lIx6r2q7muUcimNy8TOLMjwUI7nrvclQrpqSKpEa0C >> AwEAAaOCAzwwggM4MAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUmNwtKqKWcJ/Rk3H+xkubksvejAcw >> HwYDVR0jBBgwFoAUYsbQkZrdQYEgA79rNBwTKCp12FowggEiBgNVHR8EggEZMIIBFTCCARGgggEN >> oIIBCYaBx2xkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIwTm8lMjAxLENOPWNlcGtp >> MDAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u >> ZmlndXJhdGlvbixEQz16dXJpY2gsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh >> c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGPWh0dHA6Ly9wa2kuenVyaWNoLmNv >> bS9aSUNBL1p1cmljaCUyMElzc3VpbmclMjBDQSUyME5vJTIwMS5jcmwwggE7BggrBgEFBQcBAQSC >> AS0wggEpMIG9BggrBgEFBQcwAoaBsGxkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIw >> Tm8lMjAxLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D >> b25maWd1cmF0aW9uLERDPXp1cmljaCxEQz1jb3JwP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RD >> bGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGcGCCsGAQUFBzAChltodHRwOi8vcGtpLnp1cmlj >> aC5jb20vWklDQS9jZXBraTAwMDEuZW1lYS56dXJpY2guY29ycF9adXJpY2glMjBJc3N1aW5nJTIw >> Q0ElMjBObyUyMDEoMSkuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIaqzXqHyZwAgf2J >> LYH05mWH9M5IYoTSkQDyr2gCAWQCAQ8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcG >> CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggIB >> AIKfuo0p023qrM6n4+fNihfJ1xnZO1zes4uomPkj4OK97JQc3RDP/oymC4bPwN+20dmF+N7ng+Er >> 3yZQ6Wwgr9UvGJuEBU8GtU3QU57X/TAsmVK9fvw0pkcrbqJo8/UVRfMB/Q16+xTdRB65ROmbCqhE >> fZgv7xLjJjcjBwUMP7ZvxNr3cibvDrNDHu/r5sUwlUZZemmg0e/Z8ytBDS1cMiE8z7aVzFMTzzHC >> vNS+czY11yMXsh0TqZEzIfESCGx71xnMgTekvo+0vx5z7BFAfD8J5svVdcEAuD/h5pjyQJWssrvm >> mdudn6VDl00mP24DvU5H2g2P5LoMSLp2JpgXUNd155nd3c+RwaKCYpUtIabkth0/bpueIg8P8bG/ >> A1rTp/KQ0QwKe6ZUK44aWBeNcxoXsvedyxUqSInO2uwKHbN/K8qXwMCRDnvPCuCkP0TyOzn4xhmC >> amnBdGPKbX61B3wmJWehxrhLPmvg00LvY+LHHJ7WxQ4G5cQv+11flYrqpF21aC9gNqNTqd/Lf9Z0 >> dZ3Jj6G7IkBmT/dIXBofi+XKq6xn4CiK/OUsR89T62tHdUu113+wCQKdd58AxKHYm48L58+LWnmQ >> SWDspTToK2g0B8/EPDfMhiuRfchgViWpp4zvAvZPUzPJSzxkvkTD3zBeaBZFYDq6cgIbGe5g3H5j</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml1:Assertion></ns2:RequestedSecurityToken><ns2:RequestedAttachedReference><ns4:SecurityTokenReference >> >> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; >> >> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";><ns4:KeyIdentifier >> >> ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>#_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedAttachedReference><ns2:RequestedUnattachedReference><ns4:SecurityTokenReference >> >> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; >> >> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";><ns4:KeyIdentifier >> >> ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedUnattachedReference><wsp:AppliesTo >> >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReference><wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address> >> </wsa:EndpointReference> >> >> </wsp:AppliesTo><ns2:Lifetime><ns3:Created>2012-03-01T07:43:33.435Z</ns3:Created><ns3:Expires>2012-03-01T07:48:33.435Z</ns3:Expires></ns2:Lifetime></ns2:RequestSecurityTokenResponse></ns2:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope> >> >> >> >> >> >> ------ >> >> Oliver Wulff >> >> http://owulff.blogspot.com<http://owulff.blogspot.com/> >> Solution Architect >> Talend Application Integration Division http://www.talend.com
