Hi Colm,
Thanks for confirmation. If I browse(
https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSService?wsdl) Fediz
STS wsdl file, I see following content. As you noticed that except
TransportUT_Port,
soap address for port UTEncrypted_Por, UT_Port and Transport_Port are
relative address(TransportKerberos_Port seems not ready. I might comment
this out).
<wsdl:service name="SecurityTokenService">
<wsdl:port binding="wstrust:X509_Binding" name="X509_Port">
<soap:address location="/X509"/>
</wsdl:port>
<wsdl:port binding="wstrust:TransportUT_Binding"
name="TransportUT_Port">
<soap:address location="
https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSService"/>
</wsdl:port>
<wsdl:port binding="wstrust:TransportKerberos_Binding"
name="TransportKerberos_Port">
<soap:address location="
http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"/>
</wsdl:port>
<wsdl:port binding="wstrust:UTEncrypted_Binding"
name="UTEncrypted_Port">
<soap:address location="/UTEncrypted"/>
</wsdl:port>
<wsdl:port binding="wstrust:Transport_Binding" name="Transport_Port">
<soap:address location="/STSServiceTransport"/>
</wsdl:port>
<wsdl:port binding="wstrust:UT_Binding" name="UT_Port">
<soap:address location="/UT"/>
</wsdl:port>
</wsdl:service>
Part of current configuration of my ws-trust-1.4-service.wsdl is as follow.
<wsdl:service name="SecurityTokenService">
<wsdl:port name="UT_Port" binding="tns:UT_Binding">
<soap:address location="
http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; />
</wsdl:port>
<wsdl:port name="X509_Port" binding="tns:X509_Binding">
<soap:address location="
http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; />
</wsdl:port>
<wsdl:port name="Transport_Port" binding="tns:Transport_Binding">
<soap:address location="
http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; />
</wsdl:port>
<wsdl:port name="UTEncrypted_Port" binding="tns:UTEncrypted_Binding">
<soap:address location="
http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; />
</wsdl:port>
<wsdl:port name="TransportUT_Port" binding="tns:TransportUT_Binding">
<soap:address location="
http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; />
</wsdl:port>
<wsdl:port name="TransportKerberos_Port"
binding="tns:TransportKerberos_Binding">
<soap:address location="
http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; />
</wsdl:port>
</wsdl:service>
When I run my client toward UTEncrypted_Port, I am getting following
exception. So, it doesn't like relative address.
Exception in thread "main" javax.xml.ws.WebServiceException: Could not send
Message.
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
at $Proxy25.doubleIt(Unknown Source)
at client.WSClient.doubleIt(WSClient.java:18)
at client.WSClient.main(WSClient.java:11)
*Caused by: java.net.MalformedURLException: no protocol: /UTEncrypted*
at java.net.URL.<init>(URL.java:567)
at java.net.URL.<init>(URL.java:464)
at java.net.URL.<init>(URL.java:413)
at
org.apache.cxf.transport.http.HTTPConduit.getURL(HTTPConduit.java:752)
at
org.apache.cxf.transport.http.HTTPConduit.getURL(HTTPConduit.java:741)
at
org.apache.cxf.transport.http.HTTPConduit.setupURL(HTTPConduit.java:685)
at
org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474)
at
org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:722)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
Thanks.
Gina
On Wed, Jul 11, 2012 at 5:30 AM, Colm O hEigeartaigh <[email protected]>wrote:
> Hi Gina,
>
> Yes your changes are correct - I have updated the STS config.
>
> Colm.
>
>
> On Tue, Jul 10, 2012 at 7:03 PM, Gina Choi <[email protected]> wrote:
>
>> Thanks for quick fix. Both cxf-ut.xml and cxf-x509.xml are complaining
>> about bean properties name when I enable them. So, I made following changes
>> in cxf-ut.xml.
>>
>> 1. Commented out "encryptionName".
>>
>> <bean id="utService"
>>
>> class="org.apache.cxf.sts.service.StaticService">
>>
>> <property name="endpoints" ref="utEndpoints"/>
>>
>> <!--property name="encryptionName" value="myservicekey"/-->
>>
>> </bean>
>>
>>
>> 2. Changed signatureProperties to signaturePropertiesFile. Changed
>> encryptionProperties to encryptionPropertiesFile like bellow.
>>
>> <bean id="utSTSProperties"
>>
>> class="org.apache.cxf.sts.StaticSTSProperties">
>>
>> <property name="signaturePropertiesFile"
>> value="stsKeystore.properties"/>
>>
>> <property name="signatureUsername"
>> value="mystskey"/>
>>
>> <property name="callbackHandlerClass"
>> value="org.apache.cxf.sts.war.PasswordCallbackHandler"/>
>>
>> <property
>> name="encryptionPropertiesFile" value="stsKeystore.properties"/>
>>
>> <property name="issuer"
>> value="DoubleItSTSIssuer"/>
>>
>> </bean>
>>
>>
>> I also made similar changed on cxf-x509.xml like bellow. I don't know if
>> this is right way to fix it, but at least it prevents exceptions.
>>
>> <bean id="x509Service"
>>
>> class="org.apache.cxf.sts.service.StaticService">
>>
>> <property name="endpoints" ref="x509Endpoints"/>
>>
>> <!--property name="encryptionName" value="myservicekey"/-->
>>
>> </bean>
>>
>>
>>
>> <bean id="x509STSProperties"
>>
>> class="org.apache.cxf.sts.StaticSTSProperties">
>>
>> <property name="signaturePropertiesFile"
>> value="stsKeystore.properties"/>
>>
>> <property name="signatureUsername"
>> value="mystskey"/>
>>
>> <property name="callbackHandlerClass"
>> value="org.apache.cxf.sts.war.PasswordCallbackHandler"/>
>>
>> <property
>> name="encryptionPropertiesFile" value="stsKeystore.properties"/>
>>
>> <property name="issuer"
>> value="DoubleItSTSIssuer"/>
>>
>> </bean>
>>
>> <bean id="utSTSProperties"
>>
>> class="org.apache.cxf.sts.StaticSTSProperties">
>>
>> <property name="signaturePropertiesFile"
>> value="stsKeystore.properties"/>
>>
>> <property name="signatureUsername"
>> value="mystskey"/>
>>
>> <property name="callbackHandlerClass"
>> value="org.apache.cxf.sts.war.PasswordCallbackHandler"/>
>>
>> <property
>> name="encryptionPropertiesFile" value="stsKeystore.properties"/>
>>
>> <property name="issuer"
>> value="DoubleItSTSIssuer"/>
>>
>> </bean>
>>
>>
>>
>> Thanks.
>>
>> Gina
>>
>>
>> On Tue, Jul 10, 2012 at 11:09 AM, Colm O hEigeartaigh <
>> [email protected]> wrote:
>>
>>> There's a bug in the cxf-encrypted-ut.xml shipped with Fediz. I've
>>> merged a
>>> fix here:
>>>
>>> http://svn.apache.org/viewvc?view=revision&revision=1359717
>>>
>>> Colm.
>>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
