Hi Colm, <<< The client needs to configure the HTTP conduit with the keystore that contains the certificate of the STS, e.g.: >>> Forgot to ask you. ADFS exposes three different certificates - Service communications, Token-decrypting and Token-singing, but most of the time I had to deal with decrypting and signing cert. Which of the STS certificate do I need to have in client keystore?
On Fri, Jun 1, 2012 at 12:52 PM, Gina Choi <[email protected]> wrote: > <<< > The following policy (KeyValueToken) is not supported, but you could > remove it as it is optional and see if that works: > >>> > Per Oliver advise, after I added an empty <wsp:Policy />element as a child > of <sp:KeyValueToken>, I don't receive anymore compaining. > > <<< > The client needs to configure the HTTP conduit with the keystore that > contains the certificate of the STS, e.g.: > <http:conduit name="https://localhost:.*";> > <http:tlsClientParameters disableCNCheck="true"> > <sec:trustManagers> > <sec:keyStore type="jks" password="cspass" > resource="clientstore.jks"/> > </sec:trustManagers> > </http:tlsClientParameters> > </http:conduit> > >>> > Afer added following to my client configuration, now I am getting new > exception. By the way, with ADFS, I have to use https. > > <http:conduit name="https://strts01.ams.dev.*";> > > <http:tlsClientParameters disableCNCheck="true"> > <sec:trustManagers> > <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/> > </sec:trustManagers> > </http:tlsClientParameters> > </http:conduit> > > > Jun 1, 2012 12:47:33 PM org.apache.cxf.bus.spring.SpringBusFactory > createApplicationContext > WARNING: Initial attempt to create application context was unsuccessful. > org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: > Line 57 in XML document from class path resource [cxf.xml] is invalid; > nested exception is org.xml.sax.SAXParseException: The prefix "http" for > element "http:conduit" is not bo > . > at > org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396) > at > org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.doLoadBeanDefinitions(ControlledValidationXmlBeanDefinitionReader.java:115) > at > org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334) > at > org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.internalLoadBeanDefinitions(ControlledValidationXmlBeanDefinitionReader.java:154) > at > org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.access$000(ControlledValidationXmlBeanDefinitionReader.java:66) > at > org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader$1.run(ControlledValidationXmlBeanDefinitionReader.java:141) > at > org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader$1.run(ControlledValidationXmlBeanDefinitionReader.java:140) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.loadBeanDefinitions(ControlledValidationXmlBeanDefinitionReader.java:139) > at > org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302) > at > org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143) > at > org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:122) > at > org.apache.cxf.bus.spring.BusApplicationContext.loadBeanDefinitions(BusApplicationContext.java:309) > at > org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130) > at > org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:467) > at > org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:397) > at > org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:101) > at > org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:100) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:99) > at > org.apache.cxf.bus.spring.SpringBusFactory.createApplicationContext(SpringBusFactory.java:130) > at > org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:121) > at > org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:95) > at > org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:69) > at > org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:58) > at org.apache.cxf.BusFactory.getDefaultBus(BusFactory.java:99) > at org.apache.cxf.BusFactory.createThreadBus(BusFactory.java:165) > at > org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:155) > at > org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:140) > at > org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:96) > at javax.xml.ws.Service.<init>(Service.java:92) > at > org.example.contract.doubleit.DoubleItService.<init>(DoubleItService.java:47) > at client.WSClient.main(WSClient.java:8) > > > On Fri, Jun 1, 2012 at 12:13 PM, Colm O hEigeartaigh > <[email protected]>wrote: > >> >> The client needs to configure the HTTP conduit with the keystore that >> contains the certificate of the STS, e.g.: >> >> <http:conduit name="https://localhost:.*";> >> <http:tlsClientParameters disableCNCheck="true"> >> <sec:trustManagers> >> <sec:keyStore type="jks" password="cspass" >> resource="clientstore.jks"/> >> </sec:trustManagers> >> </http:tlsClientParameters> >> </http:conduit> >> >> What NPE are you getting? The following policy (KeyValueToken) is not >> supported, but you could remove it as it is optional and see if that works: >> >> >> <sp:EndorsingSupportingTokens xmlns:sp=" >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> >> <wsp:Policy> >> <sp:KeyValueToken sp:IncludeToken=" >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >> " >> wsp:Optional="true"> >> <wsp:Policy /> >> </sp:KeyValueToken> >> <sp:SignedParts> >> <sp:Header Name="To" >> Namespace="http://www.w3.org/2005/08/addressing"; /> >> </sp:SignedParts> >> </wsp:Policy> >> </sp: >> EndorsingSupportingTokens> >> >> Colm. >> >
