Hi - I am trying to get Fediz to work with my hello world Java Web App, using StarterSTS as my STS/IP (just for dev / learning purposes).
I'm getting an error stating - Federation processing failed - Security token has no signature Could someone point me in the general direction of what I should be doing differently (be gentle - this whole area of ws-trust / federation is rather confusing - I'm trying to find my way through it). Thanks Jonny The response from the STS is (fediz config below the response) <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> <trust:RequestSecurityTokenResponse Context="rm=0&amp;id=passive&amp;ru=%2fClaimsAwareTest%2f"> <trust:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2012-09-18T15:25:17.517Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2012-09-18T16:25:17.517Z</wsu:Expires> </trust:Lifetime> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing";> <Address>https://dev-ws1-1.dev.local:8482/ClaimsAwareTest/</Address> </EndpointReference> </wsp:AppliesTo> <trust:RequestedSecurityToken> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"; /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#";> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> </e:EncryptionMethod> <KeyInfo> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <X509Data> <X509IssuerSerial> <X509IssuerName>CN=dev-ws1-1.dev.local</X509IssuerName> <X509SerialNumber>139718072306124655679049092796879292434</X509SerialNumber> </X509IssuerSerial> </X509Data> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>Some stuff - i've stripped this out to make the post a bit shorter</e:CipherValue> </e:CipherData> </e:EncryptedKey> </KeyInfo> <xenc:CipherData> <xenc:CipherValue>more stuff</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </trust:RequestedSecurityToken> <trust:RequestedAttachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_bb4531da-6bc5-45ed-81b0-1837436c9546</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedAttachedReference> <trust:RequestedUnattachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_bb4531da-6bc5-45ed-81b0-1837436c9546</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedUnattachedReference> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> </trust:RequestSecurityTokenResponse> </trust:RequestSecurityTokenResponseCollection> My fediz_config looks like this: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <FedizConfig> <contextConfig name="/fedizhelloworld"> <audienceUris> <audienceItem>https:///dev-ws1-1.dev.local:8481/fedizhelloworld/</audienceItem> </audienceUris> <certificateStores> <trustManager> <keyStore file="tomcat-rp.jks" password="tompass" type="JKS" /> </trustManager> </certificateStores> <trustedIssuers> <issuer subject=".*CN=dev-ws1-1.dev.local.*" certificateValidation="ChainTrust" name="StarterSTSIssuer" /> </trustedIssuers> <maximumClockSkew>1000</maximumClockSkew> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="federationProtocolType" version="1.0.0"> <realm>https://dev-ws1-1.dev.local:8481/fedizhelloworld/</realm> <issuer>https://dev-ws1-1.dev.local:8482/StarterSTS/users/issue.aspx</issuer> <roleDelimiter>,</roleDelimiter> <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> <freshness>10000</freshness> <claimTypesRequested> <claimType type="a particular claim type" optional="true" /> </claimTypesRequested> </protocol> </contextConfig> </FedizConfig> -- View this message in context: http://cxf.547215.n5.nabble.com/Fediz-and-signatures-tp5714092.html Sent from the cxf-user mailing list archive at Nabble.com.
