Hi Colm,
I didn't have chance to get error message this morning. As I mentioned
previously if I enable "UsingAddressing" policy for "TransportUT_policy"
and run WS-Federation SSO(Fediz example code:
https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/secure/fedservlet)
and it fails and throws following errors on STS. To make .NET client RST
work, we had to enable "UsingAddressing" policy.
Jul 25, 2012 3:07:24 PM *org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING:** No assertion builder for type {
http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing registered.
org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives
can be satisfied.*
at
org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:165)
at
org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:145)
at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:141)
at
org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)
at
org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)
at
org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)
at
org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)
at
org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:320)
at
org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:305)
at
org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)
at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)
at
org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)
at
org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77)
at
org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:844)
at
org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:586)
at
org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:70)
at
org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:64)
at
org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpServlet.java:259)
at
org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:160)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Jul 25, 2012 3:07:24 PM org.apache.cxf.fediz.service.idp.IdpServlet doGet
INFO: Requesting security token failed
Thanks.
Gina
On Wed, Jul 25, 2012 at 11:50 AM, Gina Choi <[email protected]> wrote:
> Hi Colm,
>
> We uncommented <IncludeTimestamp> policy and it cleared error message.
>
> The problem currently we have is, if we uncomment "UsingAddressing",
> WS-federation passive profile(SSO) is failing. So, we can't make both work
> same time. I think that you can reproduce SSO failing case by uncommenting
> "UsingAddressing" for "TransportUT_policy".
>
> Thanks.
>
> Gina
>
>
> On Wed, Jul 25, 2012 at 10:21 AM, Colm O hEigeartaigh <[email protected]
> > wrote:
>
>> There's a Timestamp in the message and so you must either get the client
>> to
>> not send a Timestamp or else add the sp:IncludeTimestamp policy back in to
>> the STS policy.
>>
>> Colm.
>>
>
>
