Hallo. I am trying to setup a claims-bases authentication to our SharePoint 2010 applications using the Apache CXF Fediz IDP (version 1.1.0). I have configured the SharePoint inside RealmA as a trusted SP and configured claims authentication in SharePoint as described in https://wikis.forgerock.org/confluence/display/openam/Using+OpenAM+as+SharePoint+2010+Trusted+Identity+Token+Issuer.
When I try to access SharePoint application, I am redirected to Fediz STS, authenticate there and SAML assertion 2.0 token is issued by the Fediz STS. However I am not redirected back to SharePoint and instead following error page is displayed by Fediz IDP: > > Sorry, CXF Fediz IDP cannot satisfy your request. > Reason : [Transition@21de17 on = requestParameters.wa != 'wsignin1.0' and > requestParameters.wa != 'wsignout1.0' and requestParameters.wa != > 'wsignoutcleanup1.0', to = viewBadRequest] > I have compared communication between browser and Fediz with a similar communication during authentication to Fediz Sample SP application and found out following: - SharePoint does not sent the "wreply" request attribute in a redirection to Fediz IDP. - SharePoint sends the "wctx" request attribute instead. Please find the complete communication attached (sharepoint-fediz-http-trace.txt created by Firefox Live HTTP Headers plugin). The SharePoint host is "sharepoint.company.domain", the Fediz host is "my-server.my-company.example:9443". In the description from OpenAM (https://wikis.forgerock.org/confluence/display/openam/Using+OpenAM+as+SharePoint+2010+Trusted+Identity+Token+Issuer) I can see that the TokenIssuerEndpoint and SingleSignOutNotificationEndpoint addresses attributes must be set in the SP metadata. Is there please a way how to set this metadata in Fediz IDP, I have not found any...? =============================== My next idea was to mimic the initial request to Fediz IDP with added the "wreply" parameter. I thus created a local HTML with following form and submitted it. <form method="GET" action="https://my-server.my-company.example:9443/fediz-idp/federation";> <input type="text" name="wa" value="wsignin1.0"> <input type="text" name="wtrealm" value="https://sharepoint.company.domain:443/";> <input type="text" name="wctx" value="http://sharepoint.company.domain/sites/dirxaccess/_layouts/Authenticate.aspx?Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome%2Easpx";> <input type="text" name="wreply" value="http://sharepoint.company.domain:80/_trust/";> <input type="submit" value="Submit"> </form> Now the communication goes all the way to SharePoint and this returns HTTP 500 error (Runtime Error). I the SharePoint logs I can see following application error, but I don't know if it is blocking or not... 02/06/2014 11:18:00.40 w3wp.exe (0x1268) 0x0BD4 SharePoint Foundation General 8nca Verbose Application error when access /_trust/, Error=ID3007: The element 'AppliesTo' with namespace 'http://www.w3.org/ns/ws-policy' is unrecognized. at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.ReadRSTRXml(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.CreateResponse(XmlReader reader, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.ReadXml(XmlReader reader, WSTrustSerializationContext context) at Microsoft.IdentityModel.Protocols.WSFederation.WSFederationSer... 94b07bcc-8709-4449-8c8f-c4e175e2949b Does anybody please has any hint how make the claims authentication for SharePoint via Apache CXF Fediz running? Kind regards, Stepan.
http://sharepoint.company.domain/sites/dirxaccess/SitePages/Home.aspx GET /sites/dirxaccess/SitePages/Home.aspx HTTP/1.1 Host: sharepoint.company.domain User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Cookie: style_cookie=printonly; iamphpbb_u=11; iamphpbb_k=; iamphpbb_sid=3d69b4775402f8d101d2a10c01455c12; DXASID=82a-wfx6bdy-jbuoauvxwrb5ubmcarxh7nnexudexhrkpyiyol3adjvhsjenqh6q; Ribbon.WebApp=1344738|-1|586|-769353694; Microsoft.SharePoint.Administration.SPWebApplication=CurrentId=a294ccf0b89346a4ae1d467318cb1f42; ASP.NET_SessionId=yybt3445h222rr55u1lzw4qw; SPSessionGuid=97e59ca6-90c5-481f-9bb2-90dae93d03a9 Connection: keep-alive HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Location: http://sharepoint.company.domain/sites/dirxaccess/_layouts/Authenticate.aspx?Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome%2Easpx Server: Microsoft-IIS/7.5 SPRequestGuid: a17fba80-d4ed-497c-a36e-4c605730f351 Set-Cookie: SPSessionGuid=a17fba80-d4ed-497c-a36e-4c605730f351; path=/ Set-Cookie: SPSessionGuid=a17fba80-d4ed-497c-a36e-4c605730f351; path=/ X-SharePointHealthScore: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 14.0.0.7015 X-MS-InvokeApp: 1; RequireReadOnly Date: Thu, 06 Feb 2014 10:33:25 GMT Content-Length: 253 ---------------------------------------------------------- http://sharepoint.company.domain/sites/dirxaccess/_layouts/Authenticate.aspx?Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome%2Easpx GET /sites/dirxaccess/_layouts/Authenticate.aspx?Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome%2Easpx HTTP/1.1 Host: sharepoint.company.domain User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Cookie: style_cookie=printonly; iamphpbb_u=11; iamphpbb_k=; iamphpbb_sid=3d69b4775402f8d101d2a10c01455c12; DXASID=82a-wfx6bdy-jbuoauvxwrb5ubmcarxh7nnexudexhrkpyiyol3adjvhsjenqh6q; Ribbon.WebApp=1344738|-1|586|-769353694; Microsoft.SharePoint.Administration.SPWebApplication=CurrentId=a294ccf0b89346a4ae1d467318cb1f42; ASP.NET_SessionId=yybt3445h222rr55u1lzw4qw; SPSessionGuid=a17fba80-d4ed-497c-a36e-4c605730f351 Connection: keep-alive HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: /_login/default.aspx?ReturnUrl=%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx&Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome%2Easpx Server: Microsoft-IIS/7.5 SPRequestGuid: bd9754d2-309b-40ae-a1f5-45aa06b266aa Set-Cookie: SPSessionGuid=bd9754d2-309b-40ae-a1f5-45aa06b266aa; path=/ Set-Cookie: SPSessionGuid=bd9754d2-309b-40ae-a1f5-45aa06b266aa; path=/ X-SharePointHealthScore: 0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 14.0.0.7015 X-MS-InvokeApp: 1; RequireReadOnly Date: Thu, 06 Feb 2014 10:33:25 GMT Content-Length: 368 ---------------------------------------------------------- http://sharepoint.company.domain/_login/default.aspx?ReturnUrl=%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx&Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome%2Easpx GET /_login/default.aspx?ReturnUrl=%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx&Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome%2Easpx HTTP/1.1 Host: sharepoint.company.domain User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Cookie: style_cookie=printonly; iamphpbb_u=11; iamphpbb_k=; iamphpbb_sid=3d69b4775402f8d101d2a10c01455c12; DXASID=82a-wfx6bdy-jbuoauvxwrb5ubmcarxh7nnexudexhrkpyiyol3adjvhsjenqh6q; Ribbon.WebApp=1344738|-1|586|-769353694; Microsoft.SharePoint.Administration.SPWebApplication=CurrentId=a294ccf0b89346a4ae1d467318cb1f42; ASP.NET_SessionId=yybt3445h222rr55u1lzw4qw; SPSessionGuid=bd9754d2-309b-40ae-a1f5-45aa06b266aa Connection: keep-alive HTTP/1.1 302 Found Cache-Control: private, no-store Content-Type: text/html; charset=utf-8 Location: /_trust/default.aspx?trust=My%2DCompany%20%28RealmA%29%20Federation&ReturnUrl=%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx&Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome.aspx Server: Microsoft-IIS/7.5 SPRequestGuid: 215f1a20-c7b2-42b6-bb6c-456b4bf6227b Set-Cookie: SPSessionGuid=215f1a20-c7b2-42b6-bb6c-456b4bf6227b; path=/ Set-Cookie: SPSessionGuid=215f1a20-c7b2-42b6-bb6c-456b4bf6227b; path=/ X-SharePointHealthScore: 0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 14.0.0.7015 X-MS-InvokeApp: 1; RequireReadOnly Date: Thu, 06 Feb 2014 10:33:25 GMT Content-Length: 425 ---------------------------------------------------------- http://sharepoint.company.domain/_trust/default.aspx?trust=My%2DCompany%20%28RealmA%29%20Federation&ReturnUrl=%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx&Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome.aspx GET /_trust/default.aspx?trust=My%2DCompany%20%28RealmA%29%20Federation&ReturnUrl=%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx&Source=%2Fsites%2Fdirxaccess%2FSitePages%2FHome.aspx HTTP/1.1 Host: sharepoint.company.domain User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Cookie: style_cookie=printonly; iamphpbb_u=11; iamphpbb_k=; iamphpbb_sid=3d69b4775402f8d101d2a10c01455c12; DXASID=82a-wfx6bdy-jbuoauvxwrb5ubmcarxh7nnexudexhrkpyiyol3adjvhsjenqh6q; Ribbon.WebApp=1344738|-1|586|-769353694; Microsoft.SharePoint.Administration.SPWebApplication=CurrentId=a294ccf0b89346a4ae1d467318cb1f42; ASP.NET_SessionId=yybt3445h222rr55u1lzw4qw; SPSessionGuid=215f1a20-c7b2-42b6-bb6c-456b4bf6227b Connection: keep-alive HTTP/1.1 302 Found Cache-Control: private, no-store Content-Type: text/html; charset=utf-8 Location: https://my-server.my-company.example:9443/fediz-idp/federation?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx Server: Microsoft-IIS/7.5 SPRequestGuid: 964f47f6-2b32-4cc2-83c3-6aaeff7c3198 Set-Cookie: SPSessionGuid=964f47f6-2b32-4cc2-83c3-6aaeff7c3198; path=/ Set-Cookie: SPSessionGuid=964f47f6-2b32-4cc2-83c3-6aaeff7c3198; path=/ X-SharePointHealthScore: 0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 14.0.0.7015 X-MS-InvokeApp: 1; RequireReadOnly Date: Thu, 06 Feb 2014 10:33:26 GMT Content-Length: 433 ---------------------------------------------------------- https://my-server.my-company.example:9443/fediz-idp/federation?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx GET /fediz-idp/federation?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx HTTP/1.1 Host: my-server.my-company.example:9443 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Set-Cookie: JSESSIONID=01542DE86F7C18BBEB2B094D1593B161; Path=/fediz-idp/; Secure; HttpOnly Content-Type: text/html;charset=ISO-8859-1 Content-Length: 1245 Date: Thu, 06 Feb 2014 10:33:25 GMT ---------------------------------------------------------- https://my-server.my-company.example:9443/fediz-idp/federation;jsessionid=01542DE86F7C18BBEB2B094D1593B161?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx POST /fediz-idp/federation;jsessionid=01542DE86F7C18BBEB2B094D1593B161?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx HTTP/1.1 Host: my-server.my-company.example:9443 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Referer: https://my-server.my-company.example:9443/fediz-idp/federation?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx Cookie: JSESSIONID=01542DE86F7C18BBEB2B094D1593B161 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 101 whr=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Aidp%3Arealm-A&execution=e1s1&_eventId_submit=Select+Home+Realm HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Set-Cookie: FEDIZ_HOME_REALM="urn:org:apache:cxf:fediz:idp:realm-A"; Version=1; Secure Location: https://my-server.my-company.example:9443/fediz-idp/spring_security_login Content-Length: 0 Date: Thu, 06 Feb 2014 10:33:27 GMT ---------------------------------------------------------- https://my-server.my-company.example:9443/fediz-idp/spring_security_login GET /fediz-idp/spring_security_login HTTP/1.1 Host: my-server.my-company.example:9443 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Referer: https://my-server.my-company.example:9443/fediz-idp/federation?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx Cookie: JSESSIONID=01542DE86F7C18BBEB2B094D1593B161; FEDIZ_HOME_REALM="urn:org:apache:cxf:fediz:idp:realm-A" Connection: keep-alive HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Content-Length: 498 Date: Thu, 06 Feb 2014 10:33:27 GMT ---------------------------------------------------------- https://my-server.my-company.example:9443/fediz-idp/j_spring_security_check POST /fediz-idp/j_spring_security_check HTTP/1.1 Host: my-server.my-company.example:9443 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Referer: https://my-server.my-company.example:9443/fediz-idp/spring_security_login Cookie: JSESSIONID=01542DE86F7C18BBEB2B094D1593B161; FEDIZ_HOME_REALM="urn:org:apache:cxf:fediz:idp:realm-A" Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 58 j_username=Stepan+Hrbacek&j_password=***&submit=Login HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=4619C78DCFB63488FA930034EF465130; Path=/fediz-idp/; Secure; HttpOnly Location: https://my-server.my-company.example:9443/fediz-idp/federation;jsessionid=01542DE86F7C18BBEB2B094D1593B161?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx Content-Length: 0 Date: Thu, 06 Feb 2014 10:33:28 GMT ---------------------------------------------------------- https://my-server.my-company.example:9443/fediz-idp/federation;jsessionid=01542DE86F7C18BBEB2B094D1593B161?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx GET /fediz-idp/federation;jsessionid=01542DE86F7C18BBEB2B094D1593B161?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx HTTP/1.1 Host: my-server.my-company.example:9443 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Referer: https://my-server.my-company.example:9443/fediz-idp/spring_security_login Cookie: JSESSIONID=4619C78DCFB63488FA930034EF465130; FEDIZ_HOME_REALM="urn:org:apache:cxf:fediz:idp:realm-A" Connection: keep-alive HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Set-Cookie: FEDIZ_HOME_REALM="urn:org:apache:cxf:fediz:idp:realm-A"; Version=1; Secure Content-Type: text/html;charset=ISO-8859-1 Content-Length: 7420 Date: Thu, 06 Feb 2014 10:33:28 GMT ---------------------------------------------------------- https://my-server.my-company.example:9443/fediz-idp/federation?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx POST /fediz-idp/federation?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx HTTP/1.1 Host: my-server.my-company.example:9443 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,de-de;q=0.3 Accept-Encoding: gzip, deflate Referer: https://my-server.my-company.example:9443/fediz-idp/federation;jsessionid=01542DE86F7C18BBEB2B094D1593B161?wa=wsignin1.0&wtrealm=https%3a%2f%2fsharepoint.company.domain%3a443%2f&wctx=http%3a%2f%2fsharepoint.company.domain%2fsites%2fdirxaccess%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx Cookie: JSESSIONID=4619C78DCFB63488FA930034EF465130; FEDIZ_HOME_REALM="urn:org:apache:cxf:fediz:idp:realm-A" Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 6907 wa=wsignin1.0&wresult=%3CRequestSecurityTokenResponseCollection+xmlns%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fws-sx%2Fws-trust%2F200512%22+xmlns%3Ans2%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-utility-1.0.xsd%22+xmlns%3Ans3%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-secext-1.0.xsd%22+xmlns%3Ans4%3D%22http%3A%2F%2Fwww.w3.org%2F2005%2F08%2Faddressing%22+xmlns%3Ans5%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fws-sx%2Fws-trust%2F200802%22%3E%3CRequestSecurityTokenResponse%3E%3CTokenType%3Ehttp%3A%2F%2Fdocs.oasis-open.org%2Fwss%2Foasis-wss-saml-token-profile-1.1%23SAMLV2.0%3C%2FTokenType%3E%3CRequestedSecurityToken%3E%3Csaml2%3AAssertion+xmlns%3Asaml2%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22+xmlns%3Axs%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%22+xmlns%3Axsi%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance%22+ID%3D%22_87B3C5383759EB1EA1139168280900033%22+IssueInstant%3D%222014-02-06T10%3A33%3A29.000Z%22+Version%3D%222.0%22+xsi%3Atype%3D%22saml2%3AAssertionType%22%3E%3Csaml2%3AIssuer%3ESTS+Realm+A%3C%2Fsaml2%3AIssuer%3E%3Cds%3ASignature+xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3Cds%3ASignedInfo%3E%3Cds%3ACanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%3Cds%3ASignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%3Cds%3AReference+URI%3D%22%23_87B3C5383759EB1EA1139168280900033%22%3E%3Cds%3ATransforms%3E%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3Cec%3AInclusiveNamespaces+xmlns%3Aec%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22+PrefixList%3D%22xs%22%2F%3E%3C%2Fds%3ATransform%3E%3C%2Fds%3ATransforms%3E%3Cds%3ADigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%3Cds%3ADigestValue%3ERetYqOGz4ehxZwoeBWqSSvwhVqw%3D%3C%2Fds%3ADigestValue%3E%3C%2Fds%3AReference%3E%3C%2Fds%3ASignedInfo%3E%3Cds%3ASignatureValue%3EX%2BklKkYrNNkpeViXF6GY1Hwu%2BMMyeT4hOIqBim7icM153Aaz67DU1IkqKXjEc69bIODjMETCQIYN1Q0Ib5hA40%2BHmGMcRmfkNqHUFHe4uxzFFgdDwwG0mkTg2IfjfH9Srq7b72LoMK%2Bcnl9BmxvwuEo0aTv3x2%2FG%2FZmaZL7JpuFwb985N449ZDHTlHfLwCX%2Fl26vU7GFYRkccCHSWDmzeP5PdXJnKxpae0o0hXvhSgPK%2Fs2kD1OBpvYkHaFcvEKk3siUog6dbOV2a1PVrgW47youUq3WzAIFjxz4kzx6OgYXSneLl832%2F%2B%2BH92ILy97bcfQ4oBN0sTVMqUf9vSupTg%3D%3D%3C%2Fds%3ASignatureValue%3E%3Cds%3AKeyInfo%3E%3Cds%3AX509Data%3E%3Cds%3AX509Certificate%3EMIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN%0D%0AMTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG%0D%0ASIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG%2FrMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX%0D%0ArYT6zwd%2Bmno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p%0D%0AztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4%0D%0AN6yF8yoxKcVBIBb62q4xS1qU10Oa%2BiYig3%2Bb%2BvNwSzcN5RE9Etw%2BnQ8q8soiwfGcVLmWjv1oDuLr%0D%0Ax1BOqL2zXxmISlJgv2%2FcC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js%2BccXtkoBcQtRxAgMBAAGj%0D%0AITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN%0D%0AaVR3lXJWh4nOvNvzXz6vBSMbm%2FK4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh%0D%0A8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R%0D%0A2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE%2FNIMHHeURlxmbwwMbnJoA8%2FwVOZnGOCkmnKs9%0D%0A6DXHD%2BMBCboD%2B2UMl76GONiksAsD%2BLjiqZwZeWsZCP%2BNDPEjXOv%2F7MzpiCSMLLk%2BAWzQAZDqpDwj%0D%0Ays1YXREbVVFVlS%2B3Sob0hd0SJr%2FhsHl9Hw%3D%3D%3C%2Fds%3AX509Certificate%3E%3C%2Fds%3AX509Data%3E%3C%2Fds%3AKeyInfo%3E%3C%2Fds%3ASignature%3E%3Csaml2%3ASubject%3E%3Csaml2%3ANameID+Format%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.1%3Anameid-format%3Aunspecified%22+NameQualifier%3D%22http%3A%2F%2Fcxf.apache.org%2Fsts%22%3EStepan+Hrbacek%3C%2Fsaml2%3ANameID%3E%3Csaml2%3ASubjectConfirmation+Method%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Acm%3Abearer%22%2F%3E%3C%2Fsaml2%3ASubject%3E%3Csaml2%3AConditions+NotBefore%3D%222014-02-06T10%3A33%3A28.907Z%22+NotOnOrAfter%3D%222014-02-06T11%3A33%3A28.907Z%22%3E%3Csaml2%3AAudienceRestriction%3E%3Csaml2%3AAudience%3Ehttps%3A%2F%2Fsharepoint.company.domain%3A443%2F%3C%2Fsaml2%3AAudience%3E%3C%2Fsaml2%3AAudienceRestriction%3E%3C%2Fsaml2%3AConditions%3E%3Csaml2%3AAttributeStatement%3E%3Csaml2%3AAttribute+Name%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Femailaddress%22+NameFormat%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aattrname-format%3Aunspecified%22%3E%3Csaml2%3AAttributeValue+xsi%3Atype%3D%22xs%3Astring%22%3Estepan.hrbacek%40atos.net%3C%2Fsaml2%3AAttributeValue%3E%3C%2Fsaml2%3AAttribute%3E%3C%2Fsaml2%3AAttributeStatement%3E%3C%2Fsaml2%3AAssertion%3E%3C%2FRequestedSecurityToken%3E%3CRequestedAttachedReference%3E%3Cns3%3ASecurityTokenReference+xmlns%3Awsse11%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2Foasis-wss-wssecurity-secext-1.1.xsd%22+wsse11%3ATokenType%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2Foasis-wss-saml-token-profile-1.1%23SAMLV2.0%22%3E%3Cns3%3AKeyIdentifier+ValueType%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2Foasis-wss-saml-token-profile-1.1%23SAMLID%22%3E_87B3C5383759EB1EA1139168280900033%3C%2Fns3%3AKeyIdentifier%3E%3C%2Fns3%3ASecurityTokenReference%3E%3C%2FRequestedAttachedReference%3E%3CRequestedUnattachedReference%3E%3Cns3%3ASecurityTokenReference+xmlns%3Awsse11%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2Foasis-wss-wssecurity-secext-1.1.xsd%22+wsse11%3ATokenType%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2Foasis-wss-saml-token-profile-1.1%23SAMLV2.0%22%3E%3Cns3%3AKeyIdentifier+ValueType%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2Foasis-wss-saml-token-profile-1.1%23SAMLID%22%3E_87B3C5383759EB1EA1139168280900033%3C%2Fns3%3AKeyIdentifier%3E%3C%2Fns3%3ASecurityTokenReference%3E%3C%2FRequestedUnattachedReference%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fwww.w3.org%2Fns%2Fws-policy%22+xmlns%3Awst%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fws-sx%2Fws-trust%2F200512%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fwww.w3.org%2F2005%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Ehttps%3A%2F%2Fsharepoint.company.domain%3A443%2F%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3CLifetime%3E%3Cns2%3ACreated%3E2014-02-06T10%3A33%3A28.907Z%3C%2Fns2%3ACreated%3E%3Cns2%3AExpires%3E2014-02-06T11%3A33%3A28.907Z%3C%2Fns2%3AExpires%3E%3C%2FLifetime%3E%3C%2FRequestSecurityTokenResponse%3E%3C%2FRequestSecurityTokenResponseCollection%3E&wctx=http%3A%2F%2Fsharepoint.company.domain%2Fsites%2Fdirxaccess%2F_layouts%2FAuthenticate.aspx%3FSource%3D%252Fsites%252Fdirxaccess%252FSitePages%252FHome%252Easpx&wtrealm=https%3A%2F%2Fsharepoint.company.domain%3A443%2F HTTP/1.1 400 Bad Request Server: Apache-Coyote/1.1 Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Content-Type: text/html;charset=ISO-8859-1 Content-Length: 509 Date: Thu, 06 Feb 2014 10:33:28 GMT Connection: close
