Hi Aki
On 01/03/12 13:08, Aki Yoshida wrote:
Hi Oli, Sergey,
there seems to be indeed some bug that causes the transformer to choke
on the addressing namespace. A very weird one because it only chokes
on the 2005/08 namespace and not the old 2004/08 namespace :-).
I could verify this strange behavior.
real strange :-)
@Sergey,
the message marked as the response in Oli's original mail can be used
as the input to the transformer. I can look into it sometime today
(unless you have already an idea or want to look into it later. let me
know).
Please have a look as you've already spent some time on the issue - will
be happy to back up if you'll have to deal with something else of the
higher priority :-)
Thanks, Sergey
regards, aki
2012/3/1 Sergey Beryozkin<[email protected]>:
Hi Oli,
On 01/03/12 08:15, Oliver Wulff wrote:
Hi there
I've configured the TransformOutInterceptor in the STS to support the old
WS-Trust standard:
<bean id="transformerOut"
class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
<property name="outTransformElements">
<map>
<entry
key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*";
value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*"; />
</map>
</property>
</bean>
For some reason, the transform interceptor removed the wsa ns prefix in
the AppliesTo and thus becomes invalid xml.
I've tested this with soapUI. Here is the incoming request and the
returned response. Any ideas?
request:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>alice</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<wst:RequestSecurityToken
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<wsa:EndpointReference>
<wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims
Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";
xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";>
<ic:ClaimType Optional="false"
Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
<ic:ClaimType Optional="false"
Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
<ic:ClaimType Optional="false"
Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
</wst:Claims>
</wst:RequestSecurityToken>
</soap:Body>
</soap:Envelope>
is the above the way it should like ? How do the original and the broken
payloads look like, which is what I believe Aki is asking too ?
Please provide at least the original payload...
Cheers, Sergey
