We fixed some bugs around policy alternatives in more recent CXF versions. You'll likely have to upgrade to one of the latest CXF 2.5.x, 2.6.x or 2.7.x releases.
Colm. On Wed, Apr 3, 2013 at 2:04 PM, sumit_chauhan <[email protected]> wrote: > CXF-2.4.6 > > Thanks, > Sumit > > From: coheigea [via CXF] [mailto:[email protected]] > Sent: Wednesday, April 03, 2013 5:41 PM > To: Chauhan, Sumit K > Subject: Re: SAMLToken (Signed) request failing because of WS Policy > > What version of CXF are you using? > > Colm. > > > On Wed, Apr 3, 2013 at 11:23 AM, sumit_chauhan <[hidden > email]</user/SendEmail.jtp?type=node&node=5725743&i=0>>wrote: > > > I am implementing alternate authentication using UsernameToken or > SAMLToken > > (Signed). I have configured below policy in my wsdl: > > > > <wsp:Policy wsu:Id="DoubleItPlaintextPolicy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SupportingTokens > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <wsp:Policy> > > <sp:SamlToken > > sp:IncludeToken=" > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > "> > > <wsp:Policy> > > > > <sp:WssSamlV20Token11/> > > </wsp:Policy> > > </sp:SamlToken> > > </wsp:Policy> > > </sp:SupportingTokens> > > </wsp:All> > > <wsp:All> > > <sp:SupportingTokens> > > <wsp:Policy> > > <sp:UsernameToken> > > <wsp:Policy> > > > > <sp:HashPassword/> > > </wsp:Policy> > > </sp:UsernameToken> > > </wsp:Policy> > > </sp:SupportingTokens> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > Also, I have configured the backend validators in spring beans file. I am > > able to receive requests with UsernameToken. However, SAMLToken requests > > are > > failing with below error: > > > > <faultstring>These policy alternatives can not be satisfied: > > { > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken > > </faultstring> > > > > I am attaching a sample SAML request which I am trying to handle. > > getTrustedDomainsByUserAddress_SAML_request.xml > > < > > > http://cxf.547215.n5.nabble.com/file/n5725739/getTrustedDomainsByUserAddress_SAML_request.xml > > > > > Can someone please let me know the correct policy for handling this kind > of > > request. > > > > > > > > -- > > View this message in context: > > > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > ________________________________ > If you reply to this email, your message will be added to the discussion > below: > > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725743.html > To unsubscribe from SAMLToken (Signed) request failing because of WS > Policy, click here< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5725739&code=c3VtaXRfY2hhdWhhbkB1aGMuY29tfDU3MjU3Mzl8MTgyNDk4Nzc1MA== > >. > NAML< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > This e-mail, including attachments, may include confidential and/or > proprietary information, and may be used only by the person or entity > to which it is addressed. If the reader of this e-mail is not the intended > recipient or his or her authorized agent, the reader is hereby notified > that any dissemination, distribution or copying of this e-mail is > prohibited. If you have received this e-mail in error, please notify the > sender by replying to this message and delete this e-mail immediately. > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725750.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
