What does the RSTR look like? Colm.
On Thu, Feb 13, 2014 at 11:52 AM, Hrbacek, Stepan <[email protected]>wrote: > Hi Colm. > The exception in Fediz IdP log (see attached) is: > ---------------------------- > 2014-02-13 12:47:34,302 > [org.apache.cxf.phase.PhaseInterceptorChain@http-nio-9443-exec-6] WARN > org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for { > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Federation#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issuehas > thrown exception, unwinding now > org.apache.cxf.binding.soap.SoapFault: An invalid security token was > provided (Bad TokenType "") > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:790) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:336) > at > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) > ------------------------------ > Kind regards, > Stepan. > > > -----Original Message----- > > From: Colm O hEigeartaigh [mailto:[email protected]] > > Sent: Thursday, February 13, 2014 10:50 AM > > To: [email protected] > > Subject: Re: Error "A encryption username needs to be declared" when > using > > Fediz IdP with external WS-Trust STS > > > > I think it makes sense to allow the user to pass through some Properties > to the > > STSAuthenticationProvider, I will merge a fix for this. What is the > error on > > processing the RSTR? > > > > Colm. > > > > > > On Thu, Feb 13, 2014 at 9:46 AM, Hrbacek, Stepan > > <[email protected]>wrote: > > > > > Hi. > > > I needed to change the > > > org.apache.cxf.fediz.service.idp.STSAuthenticationProvider class and > > > hardcode the crypto properties and encryption username (certificate > > > alias) there. No other configuration option seems possible with the > > > current Fediz code. > > > ------------- > > > org.apache.cxf.fediz.service.idp.STSAuthenticationProvider > > > -------------------- > > > @Override > > > public Authentication authenticate(Authentication authentication) > > > throws AuthenticationException { > > > ... > > > > > > sts.getProperties().put(SecurityConstants.USERNAME, > > > authentication.getName()); > > > sts.getProperties().put(SecurityConstants.PASSWORD, > > > (String)authentication.getCredentials()); > > > > > > // STS certificate needed for symmetric binding > > > sts.getProperties().put(SecurityConstants.ENCRYPT_USERNAME, > > > "ws-sec-comm.dirxaccess"); // 1 > > > sts.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES, > > > "stsKeystoreA.properties"); // 2 > > > > > > ... > > > } > > > --------------------------------- > > > > > > But then I have found that RSTR response cannot be processed in Fediz > > > IDP (and subsequently in WS-Federation passive profile SP) :-( I have > > > thus removed the symmetric binding from the WS-Policy used by STS and > > > then all the walkthrough run well - my issue is solved. > > > I don't know if it makes sense to make Fediz configurable in this > > > area, I don't know WS-Federation use cases that well... > > > > > > Regards, > > > Stepan. > > > > > > > > > > -----Original Message----- > > > > From: Colm O hEigeartaigh [mailto:[email protected]] > > > > Sent: Tuesday, February 11, 2014 4:48 PM > > > > To: [email protected] > > > > Subject: Re: Error "A encryption username needs to be declared" when > > > using > > > > Fediz IdP with external WS-Trust STS > > > > > > > > Could you create a JIRA + I will look into it? You also need to > > > > specify > > > a Crypto > > > > properties file as well as a username. > > > > > > > > Colm. > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
