The problem still exists.
*Here is the bean configuration: I did not have the properties mapping
earlier, added it on your suggestion
*
<bean id="stsClientFederation"
class="org.apache.cxf.ws.security.trust.STSClient" scope="prototype">
<constructor-arg ref="cxf" />
<property name="wsdlLocation" value="adfs.wsdl" />
<property name="sendRenewing" value="false" />
<property name="serviceName"
value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService"/>
<property name="endpointName"
value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}IssuedTokenWSTrustBinding_IWSTrust13Async1"/>
<property name="addressingNamespace"
value="http://www.w3.org/2005/08/addressing"; />
<property name="enableAppliesTo" value="true" />
<property name="properties">
<map>
<entry key="ws-security.username" value="username"/>
<entry key="ws-security.callback-handler"
value="clientKeystore.PasswordCallbackHandler"/>
<entry key="ws-security.sts.token.username"
value="clientstskey"/>
<entry key="ws-security.sts.token.properties"
value="clientKeystore.properties"/>
<entry key="ws-security.sts.token.usecert" value="true"/>
</map>
</property>
</bean>
Question:
what should be the expected value of 'ws-security.username' &
'ws-security.sts.token.username'?
------------------------------------------------------------------------------------------------------------------
*Security policy, binding.. from the wsdl*
<wsp:Policy wsu:Id="IssuedTokenWSTrustBinding_IWSTrust13Async1_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:IssuedToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<sp:RequestSecurityTokenTemplate>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
</trust:KeyType>
<trust:KeySize>256</trust:KeySize>
<trust:KeyWrapAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
</trust:KeyWrapAlgorithm>
<trust:EncryptWith>http://www.w3.org/2001/04/xmlenc#aes256-cbc
</trust:EncryptWith>
<trust:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#hmac-sha1
</trust:SignatureAlgorithm>
<trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#
</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc
</trust:EncryptionAlgorithm>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference />
</wsp:Policy>
</sp:IssuedToken>
<sp:SignedParts>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing";
/>
</sp:SignedParts>
<KeyValueToken IncludeToken=""
Optional="">
<Policy />
</KeyValueToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier
/>
<sp:MustSupportRefIssuerSerial
/>
<sp:MustSupportRefThumbprint />
<sp:MustSupportRefEncryptedKey
/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust13
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
----------------------------------------------------------------------------------------------
<wsdl:binding name="IssuedTokenWSTrustBinding_IWSTrust13Async1"
type="tns:IWSTrust13Async">
<wsp:PolicyReference
URI="#IssuedTokenWSTrustBinding_IWSTrust13Async1_policy" />
<soap12:binding
transport="http://schemas.xmlsoap.org/soap/http"; />
<wsdl:operation name="Trust13IssueAsync">
<soap12:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";
style="document" />
<wsdl:input>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
--------------------------------------------------------------------------------------------------------------
Here is my code snippet to get the token
public SecurityToken getFederatedToken(TokenInputs tokenInputVo,
SecurityToken issuedToken) {
SecurityToken securityToken = null;
try {
stsClient = (STSClient)
ctx.getBean("stsClientFederation");
stsClient.setEnableAppliesTo(true);
stsClient.setTokenType(SAML2_TOKEN_TYPE);
//Next two lines are necessary as ADFS will throw unrecognized Policy
otherwise
stsClient.setAddressingNamespace("http://schemas.xmlsoap.org/ws/2004/08/addressing";);
stsClient.setWspNamespace("http://schemas.xmlsoap.org/ws/2004/09/policy";);
stsClient.getProperties().put("ws-security.token",
issuedToken);
securityToken =
stsClient.requestSecurityToken(tokenInputVo.getAdfsRelyingParty());
} catch (Exception exp) { throw new
RuntimeException("Error occured while
requesting a federation security token from ADFS", exp);
}
return securityToken;
}
What do you suggest. Is it the right way to get an issuedToken?
--
View this message in context:
http://cxf.547215.n5.nabble.com/IssuedToken-nullpointer-exception-tp5749119p5749157.html
Sent from the cxf-user mailing list archive at Nabble.com.
