Hi Oli, Sergey, there seems to be indeed some bug that causes the transformer to choke on the addressing namespace. A very weird one because it only chokes on the 2005/08 namespace and not the old 2004/08 namespace :-). I could verify this strange behavior.
@Sergey, the message marked as the response in Oli's original mail can be used as the input to the transformer. I can look into it sometime today (unless you have already an idea or want to look into it later. let me know). regards, aki 2012/3/1 Sergey Beryozkin <[email protected]>: > Hi Oli, > > > On 01/03/12 08:15, Oliver Wulff wrote: >> >> Hi there >> >> >> >> I've configured the TransformOutInterceptor in the STS to support the old >> WS-Trust standard: >> >> >> >> <bean id="transformerOut" >> >> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor"> >> <property name="outTransformElements"> >> <map> >> <entry >> key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*"; >> value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*"; /> >> </map> >> </property> >> </bean> >> >> For some reason, the transform interceptor removed the wsa ns prefix in >> the AppliesTo and thus becomes invalid xml. >> >> >> >> I've tested this with soapUI. Here is the incoming request and the >> returned response. Any ideas? >> >> >> >> request: >> >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> >> <soap:Header> >> <wsse:Security soap:mustUnderstand="1" >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> >> <wsse:UsernameToken wsu:Id="UsernameToken-1"> >> <wsse:Username>alice</wsse:Username> >> <wsse:Password >> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password> >> </wsse:UsernameToken> >> </wsse:Security> >> </soap:Header> >> <soap:Body> >> <wst:RequestSecurityToken >> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> >> >> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType> >> >> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType> >> >> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> >> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing";> >> <wsa:EndpointReference> >> >> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address> >> </wsa:EndpointReference> >> </wsp:AppliesTo> >> <wst:Claims >> Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"; >> xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";> >> <ic:ClaimType Optional="false" >> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/> >> <ic:ClaimType Optional="false" >> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/> >> <ic:ClaimType Optional="false" >> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/> >> </wst:Claims> >> </wst:RequestSecurityToken> >> </soap:Body> >> </soap:Envelope> >> >> > > is the above the way it should like ? How do the original and the broken > payloads look like, which is what I believe Aki is asking too ? > Please provide at least the original payload... > > Cheers, Sergey
