I have shifted to CXF-2.7.3. Good news is that UsernameToken is still working without any changes. However, now CXF is unable to find the Crypto properties file. It is throwing below error:
General security error (WSSecurityEngine: No crypto property file supplied to verify signature) I have added crypto property file using below CXF properties as mentioned here http://cxf.apache.org/docs/ws-securitypolicy.html: <jaxws:properties> <entry key="ws-security.saml2.validator"> <bean class="com.optum.direct.secureoptumdirect.authentication.MPICustomSAMLTokenValidator" /> </entry> <entry key="ws-security.signature.properties" value="C:/Workfolder/DirectProject/2_1/apache-tomcat-6.0.32/webapps/config-service/WEB-INF/classes/keystore_dev.properties"/> <entry key="ws-security.encryption.properties" value="C:/Workfolder/DirectProject/2_1/apache-tomcat-6.0.32/webapps/config-service/WEB-INF/classes/keystore_dev.properties"/> <entry key="ws-security.signature.username" value="mydomain"/> <entry key="ws-security.callback-handler" value="com.optum.direct.secureoptumdirect.authentication.CustomUserTokenCallBackHandler"/> </jaxws:properties> Thanks From: coheigea [via CXF] [mailto:[email protected]] Sent: Wednesday, April 03, 2013 6:40 PM To: Chauhan, Sumit K Subject: Re: SAMLToken (Signed) request failing because of WS Policy We fixed some bugs around policy alternatives in more recent CXF versions. You'll likely have to upgrade to one of the latest CXF 2.5.x, 2.6.x or 2.7.x releases. Colm. On Wed, Apr 3, 2013 at 2:04 PM, sumit_chauhan <[hidden email]</user/SendEmail.jtp?type=node&node=5725751&i=0>> wrote: > CXF-2.4.6 > > Thanks, > Sumit > > From: coheigea [via CXF] [mailto:[hidden > email]</user/SendEmail.jtp?type=node&node=5725751&i=1>] > Sent: Wednesday, April 03, 2013 5:41 PM > To: Chauhan, Sumit K > Subject: Re: SAMLToken (Signed) request failing because of WS Policy > > What version of CXF are you using? > > Colm. > > > On Wed, Apr 3, 2013 at 11:23 AM, sumit_chauhan <[hidden > email]</user/SendEmail.jtp?type=node&node=5725743&i=0>>wrote: > > > I am implementing alternate authentication using UsernameToken or > SAMLToken > > (Signed). I have configured below policy in my wsdl: > > > > <wsp:Policy wsu:Id="DoubleItPlaintextPolicy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SupportingTokens > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <wsp:Policy> > > <sp:SamlToken > > sp:IncludeToken=" > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > "> > > <wsp:Policy> > > > > <sp:WssSamlV20Token11/> > > </wsp:Policy> > > </sp:SamlToken> > > </wsp:Policy> > > </sp:SupportingTokens> > > </wsp:All> > > <wsp:All> > > <sp:SupportingTokens> > > <wsp:Policy> > > <sp:UsernameToken> > > <wsp:Policy> > > > > <sp:HashPassword/> > > </wsp:Policy> > > </sp:UsernameToken> > > </wsp:Policy> > > </sp:SupportingTokens> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > Also, I have configured the backend validators in spring beans file. I am > > able to receive requests with UsernameToken. However, SAMLToken requests > > are > > failing with below error: > > > > <faultstring>These policy alternatives can not be satisfied: > > { > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken > > </faultstring> > > > > I am attaching a sample SAML request which I am trying to handle. > > getTrustedDomainsByUserAddress_SAML_request.xml > > < > > > http://cxf.547215.n5.nabble.com/file/n5725739/getTrustedDomainsByUserAddress_SAML_request.xml > > > > > Can someone please let me know the correct policy for handling this kind > of > > request. > > > > > > > > -- > > View this message in context: > > > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > ________________________________ > If you reply to this email, your message will be added to the discussion > below: > > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725743.html > To unsubscribe from SAMLToken (Signed) request failing because of WS > Policy, click here< > >. > NAML< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > This e-mail, including attachments, may include confidential and/or > proprietary information, and may be used only by the person or entity > to which it is addressed. If the reader of this e-mail is not the intended > recipient or his or her authorized agent, the reader is hereby notified > that any dissemination, distribution or copying of this e-mail is > prohibited. If you have received this e-mail in error, please notify the > sender by replying to this message and delete this e-mail immediately. > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725750.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com ________________________________ If you reply to this email, your message will be added to the discussion below: http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725751.html To unsubscribe from SAMLToken (Signed) request failing because of WS Policy, click here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5725739&code=c3VtaXRfY2hhdWhhbkB1aGMuY29tfDU3MjU3Mzl8MTgyNDk4Nzc1MA==>. NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. -- View this message in context: http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725764.html Sent from the cxf-user mailing list archive at Nabble.com.
