That was the original solution I tried, but it didn't work, hence I shifted to absolute path. I am using wss4j-1.6.9 . For the time being I have added the logic to load Crypto file to my SAMLValidator itself and it seems to work fine till now. However, it would be great if I could find a way to load it via a CXF property.
Thanks, Sumit From: coheigea [via CXF] [mailto:[email protected]] Sent: Thursday, April 04, 2013 2:26 PM To: Chauhan, Sumit K Subject: Re: SAMLToken (Signed) request failing because of WS Policy Try with just a relative path, e.g.: <entry key="ws-security.signature.properties" value="keystore_dev.properties"/> Colm. On Wed, Apr 3, 2013 at 5:05 PM, sumit_chauhan <[hidden email]</user/SendEmail.jtp?type=node&node=5725801&i=0>> wrote: > I have shifted to CXF-2.7.3. Good news is that UsernameToken is still > working without any changes. However, now CXF is unable to find the Crypto > properties file. It is throwing below error: > > General security error (WSSecurityEngine: No crypto property file supplied > to verify signature) > > > > I have added crypto property file using below CXF properties as mentioned > here http://cxf.apache.org/docs/ws-securitypolicy.html: > <jaxws:properties> > <entry key="ws-security.saml2.validator"> > <bean > class="com.optum.direct.secureoptumdirect.authentication.MPICustomSAMLTokenValidator" > /> > </entry> > <entry key="ws-security.signature.properties" > value="C:/Workfolder/DirectProject/2_1/apache-tomcat-6.0.32/webapps/config-service/WEB-INF/classes/keystore_dev.properties"/> > <entry key="ws-security.encryption.properties" > value="C:/Workfolder/DirectProject/2_1/apache-tomcat-6.0.32/webapps/config-service/WEB-INF/classes/keystore_dev.properties"/> > <entry key="ws-security.signature.username" > value="mydomain"/> > <entry key="ws-security.callback-handler" > value="com.optum.direct.secureoptumdirect.authentication.CustomUserTokenCallBackHandler"/> > </jaxws:properties> > > > > > > Thanks > > From: coheigea [via CXF] [mailto:[hidden > email]</user/SendEmail.jtp?type=node&node=5725801&i=1>] > Sent: Wednesday, April 03, 2013 6:40 PM > To: Chauhan, Sumit K > Subject: Re: SAMLToken (Signed) request failing because of WS Policy > > We fixed some bugs around policy alternatives in more recent CXF versions. > You'll likely have to upgrade to one of the latest CXF 2.5.x, 2.6.x or > 2.7.x releases. > > Colm. > > > On Wed, Apr 3, 2013 at 2:04 PM, sumit_chauhan <[hidden > email]</user/SendEmail.jtp?type=node&node=5725751&i=0>> wrote: > > > CXF-2.4.6 > > > > Thanks, > > Sumit > > > > From: coheigea [via CXF] [mailto:[hidden > email]</user/SendEmail.jtp?type=node&node=5725751&i=1>] > > Sent: Wednesday, April 03, 2013 5:41 PM > > To: Chauhan, Sumit K > > Subject: Re: SAMLToken (Signed) request failing because of WS Policy > > > > What version of CXF are you using? > > > > Colm. > > > > > > On Wed, Apr 3, 2013 at 11:23 AM, sumit_chauhan <[hidden > > email]</user/SendEmail.jtp?type=node&node=5725743&i=0>>wrote: > > > > > I am implementing alternate authentication using UsernameToken or > > SAMLToken > > > (Signed). I have configured below policy in my wsdl: > > > > > > <wsp:Policy wsu:Id="DoubleItPlaintextPolicy"> > > > <wsp:ExactlyOne> > > > <wsp:All> > > > <sp:SupportingTokens > > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > > <wsp:Policy> > > > <sp:SamlToken > > > sp:IncludeToken=" > > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > > "> > > > <wsp:Policy> > > > > > > <sp:WssSamlV20Token11/> > > > </wsp:Policy> > > > </sp:SamlToken> > > > </wsp:Policy> > > > </sp:SupportingTokens> > > > </wsp:All> > > > <wsp:All> > > > <sp:SupportingTokens> > > > <wsp:Policy> > > > <sp:UsernameToken> > > > <wsp:Policy> > > > > > > <sp:HashPassword/> > > > </wsp:Policy> > > > </sp:UsernameToken> > > > </wsp:Policy> > > > </sp:SupportingTokens> > > > </wsp:All> > > > </wsp:ExactlyOne> > > > </wsp:Policy> > > > > > > Also, I have configured the backend validators in spring beans file. I > am > > > able to receive requests with UsernameToken. However, SAMLToken > requests > > > are > > > failing with below error: > > > > > > <faultstring>These policy alternatives can not be satisfied: > > > { > > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken > > > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken > > > </faultstring> > > > > > > I am attaching a sample SAML request which I am trying to handle. > > > getTrustedDomainsByUserAddress_SAML_request.xml > > > < > > > > > > http://cxf.547215.n5.nabble.com/file/n5725739/getTrustedDomainsByUserAddress_SAML_request.xml > > > > > > > Can someone please let me know the correct policy for handling this > kind > > of > > > request. > > > > > > > > > > > > -- > > > View this message in context: > > > > > > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739.html > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > ________________________________ > > If you reply to this email, your message will be added to the discussion > > below: > > > > > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725743.html > > To unsubscribe from SAMLToken (Signed) request failing because of WS > > Policy, click here< > > >. > > NAML< > > > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > This e-mail, including attachments, may include confidential and/or > > proprietary information, and may be used only by the person or entity > > to which it is addressed. If the reader of this e-mail is not the > intended > > recipient or his or her authorized agent, the reader is hereby notified > > that any dissemination, distribution or copying of this e-mail is > > prohibited. If you have received this e-mail in error, please notify the > > sender by replying to this message and delete this e-mail immediately. > > > > > > > > > > -- > > View this message in context: > > > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725750.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > ________________________________ > If you reply to this email, your message will be added to the discussion > below: > > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725751.html > To unsubscribe from SAMLToken (Signed) request failing because of WS > Policy, click here< > >. > NAML< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > This e-mail, including attachments, may include confidential and/or > proprietary information, and may be used only by the person or entity > to which it is addressed. If the reader of this e-mail is not the intended > recipient or his or her authorized agent, the reader is hereby notified > that any dissemination, distribution or copying of this e-mail is > prohibited. If you have received this e-mail in error, please notify the > sender by replying to this message and delete this e-mail immediately. > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725764.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com ________________________________ If you reply to this email, your message will be added to the discussion below: http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725801.html To unsubscribe from SAMLToken (Signed) request failing because of WS Policy, click here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5725739&code=c3VtaXRfY2hhdWhhbkB1aGMuY29tfDU3MjU3Mzl8MTgyNDk4Nzc1MA==>. NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. -- View this message in context: http://cxf.547215.n5.nabble.com/SAMLToken-Signed-request-failing-because-of-WS-Policy-tp5725739p5725809.html Sent from the cxf-user mailing list archive at Nabble.com.
