Re: Soap address for Apache CXF-Fediz STS active end points

Mon, 09 Jul 2012 11:00:54 -0700

Yes, the http://localhost:8080/jaxws-sts/sts addresses are dummy addresses, you'll see the actual ones once you deploy the STS. Only a SOAP client relies on the soap:address location fields (and for those it must be accurate), for web service endpoints they use an algorithm as described in Note #2 here: http://www.jroller.com/gmazza/entry/web_service_tutorial#notes. 

My browser returned similar (but not identical) results:

<wsdl:service  name="SecurityTokenService">
    <wsdl:port  binding="wstrust:X509_Binding"name="X509_Port">
      <soap:address  location="http://localhost:8080/jaxws-sts/sts"/>
    </wsdl:port>
    <wsdl:port  binding="wstrust:TransportUT_Binding"name="TransportUT_Port">
      <soap:address  location="https://localhost:9443/fedizidpsts/STSService"/>
    </wsdl:port>
    <wsdl:port  
binding="wstrust:TransportKerberos_Binding"name="TransportKerberos_Port">
      <soap:address  location="http://localhost:8080/jaxws-sts/sts"/>
    </wsdl:port>
    <wsdl:port  binding="wstrust:UTEncrypted_Binding"name="UTEncrypted_Port">
      <soap:address  location="http://localhost:8080/jaxws-sts/sts"/>
    </wsdl:port>
    <wsdl:port  binding="wstrust:Transport_Binding"name="Transport_Port">
      <soap:address  
location="https://localhost:9443/fedizidpsts/STSServiceTransport"/>
    </wsdl:port>
    <wsdl:port  binding="wstrust:UT_Binding"name="UT_Port">
      <soap:address  location="http://localhost:8080/jaxws-sts/sts"/>
    </wsdl:port>
  </wsdl:service>
Offhand, I would say the problem is in the Fediz STS configuration, it shouldn't need to have six ports open (one should be sufficient). How do you want to authenticate against the IDP STS? That will determine which port needs configuration and which ports should be deleted from your WSDL. 

Regards,
Glen

On 07/09/2012 01:16 PM, Gina Choi wrote:

I just browsed my CXF-Fediz wsdl file, I am seeing following.   Both
TransportUT_Port and Transport_Port soap address look valid. I need to have
valid soap address for UTEncrypted_Port and UT_Por. I must missing some
additional configuration.

<wsdl:service name="SecurityTokenService">
     <wsdl:port binding="wstrust:X509_Binding" name="X509_Port">
       <soap:address location="
http://wkqasv0805.global.sdl.corp:8080/jaxws-sts/sts"/>
     </wsdl:port>
     <wsdl:port binding="wstrust:TransportUT_Binding"
name="TransportUT_Port">
       <soap:address location="
http://wkqasv0805.global.sdl.corp:9080/fedizidpsts/STSService"/>
     </wsdl:port>
     <wsdl:port binding="wstrust:TransportKerberos_Binding"
name="TransportKerberos_Port">
       <soap:address location="
http://wkqasv0805.global.sdl.corp:8080/jaxws-sts/sts"/>
     </wsdl:port>
     <wsdl:port binding="wstrust:UTEncrypted_Binding"
name="UTEncrypted_Port">
       <soap:address location="
http://wkqasv0805.global.sdl.corp:8080/jaxws-sts/sts"/>
     </wsdl:port>
     <wsdl:port binding="wstrust:Transport_Binding" name="Transport_Port">
       <soap:address location="/STSServiceTransport"/>
     </wsdl:port>
     <wsdl:port binding="wstrust:UT_Binding" name="UT_Port">
       <soap:address location="
http://wkqasv0805.global.sdl.corp:8080/jaxws-sts/sts"/>
     </wsdl:port>
   </wsdl:service>

On Mon, Jul 9, 2012 at 12:58 PM, Gina Choi <[email protected]> wrote:


Hi all,


We try to integrate .NET application for SSO+Web security using CXF-Fediz
STS. Passive profile worked well without any problem. Now we try to call
cxf-encrypted-ut.xml endpoint using actas and we need a soap address for
this endpoint. If we look at ADFS2.0 wsdl file, I have following part.

   <wsdl:service name="SecurityTokenService">
     <wsdl:port name="UserNameWSTrustBinding_IWSTrust13Async2"
     binding="tns:UserNameWSTrustBinding_IWSTrust13Async2">
       <soap12:address location="
https://strts01.ams.dev/adfs/services/trust/13/usernamemixed"; />
       <wsa10:EndpointReference>
         <wsa10:Address>
         https://strts01.ams.dev/adfs/services/trust/13/usernamemixed
</wsa10:Address>
       </wsa10:EndpointReference>
     </wsdl:port>
   </wsdl:service>

I am looking for corresponding end point soap address(
https://strts01.ams.dev/adfs/services/trust/13/usernamemixed) from
CXF-Fediz STS. If I look at ws-trust-1.4-service.wsdl file, we have
following. Soap address for each ports are the same. How do we identify
soap addresses? Do we need additional configuration? By the way, I
currently I have CXF-Fediz STS + OpenLDAP environment.

   <wsdl:service name="SecurityTokenService">
       <wsdl:port name="UT_Port" binding="tns:UT_Binding">
          <soap:address location="http://localhost:8080/jaxws-sts/sts"; />
       </wsdl:port>
       <wsdl:port name="X509_Port" binding="tns:X509_Binding">
          <soap:address location="http://localhost:8080/jaxws-sts/sts"; />
       </wsdl:port>
       <wsdl:port name="Transport_Port" binding="tns:Transport_Binding">
          <soap:address location="http://localhost:8080/jaxws-sts/sts"; />
       </wsdl:port>
        <wsdl:port name="UTEncrypted_Port"
binding="tns:UTEncrypted_Binding">
          <soap:address location="http://localhost:8080/jaxws-sts/sts"; />
       </wsdl:port>
        <wsdl:port name="TransportUT_Port"
binding="tns:TransportUT_Binding">
          <soap:address location="http://localhost:8080/jaxws-sts/sts"; />
       </wsdl:port>
       <wsdl:port name="TransportKerberos_Port"
binding="tns:TransportKerberos_Binding">
          <soap:address location="
http://wkengchoi.global.sdl.corp:8080/jaxws-sts/sts"; />
       </wsdl:port>
   </wsdl:service>

Thanks.

Gina




--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza

Reply via email to