Hi Colm, I created another version of "TransportUT_policy" in which "UsingAddressing" is enabled. We use this version for Active profile and use existing version for passive profile(SSO). Now, we can move forward.
Thanks. Gina On Wed, Jul 25, 2012 at 3:15 PM, Gina Choi <[email protected]> wrote: > Hi Colm, > > I didn't have chance to get error message this morning. As I mentioned > previously if I enable "UsingAddressing" policy for "TransportUT_policy" > and run WS-Federation SSO(Fediz example code: > https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/secure/fedservlet) > and it fails and throws following errors on STS. To make .NET client RST > work, we had to enable "UsingAddressing" policy. > > > Jul 25, 2012 3:07:24 PM *org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl > handleNoRegisteredBuilder > WARNING:** No assertion builder for type { > http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing registered. > org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives > can be satisfied.* > at > org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:165) > at > org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:145) > at > org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:141) > at > org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549) > at > org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295) > at > org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278) > at > org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61) > at > org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:320) > at > org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:305) > at > org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250) > at > org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228) > at > org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235) > at > org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103) > at > org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77) > at > org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:844) > at > org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:586) > at > org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:70) > at > org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:64) > at > org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpServlet.java:259) > at > org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:160) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Jul 25, 2012 3:07:24 PM org.apache.cxf.fediz.service.idp.IdpServlet doGet > INFO: Requesting security token failed > > Thanks. > > Gina > > On Wed, Jul 25, 2012 at 11:50 AM, Gina Choi <[email protected]> wrote: > >> Hi Colm, >> >> We uncommented <IncludeTimestamp> policy and it cleared error message. >> >> The problem currently we have is, if we uncomment "UsingAddressing", >> WS-federation passive profile(SSO) is failing. So, we can't make both work >> same time. I think that you can reproduce SSO failing case by uncommenting >> "UsingAddressing" for "TransportUT_policy". >> >> Thanks. >> >> Gina >> >> >> On Wed, Jul 25, 2012 at 10:21 AM, Colm O hEigeartaigh < >> [email protected]> wrote: >> >>> There's a Timestamp in the message and so you must either get the client >>> to >>> not send a Timestamp or else add the sp:IncludeTimestamp policy back in >>> to >>> the STS policy. >>> >>> Colm. >>> >> >> >
