Thanks for enlightening me on those properties. I have few more questions. What should be the configuration for a SYMMETRIC KEYTYPE? How do I pass the issued token which I have already? In totality, how do I go about if I were to access this endpoint?
On Wed, Sep 24, 2014 at 7:45 PM, coheigea [via CXF] < [email protected]> wrote: > > Question: what should be the expected value of 'ws-security.username' & > > 'ws-security.sts.token.username'? > > Assuming that the STS has a UsernameToken policy requirement, the > 'ws-security.username' is used to used as the "username". Alternatively, > it > is used as the keystore alias if this is required by the security policy. > 'ws-security.sts.token.username' is the keystore alias to use if you are > sending a certificate to the STS as part of "UseKey" (required if the > KeyType is PublicKey). As the security policy you are using is > "SymmetricKey" you don't need any of the "ws-security.sts.token.*" > properties. > > Colm. > > On Wed, Sep 24, 2014 at 10:54 AM, niranjana.murthy < > [hidden email] <http://user/SendEmail.jtp?type=node&node=5749172&i=0>> > wrote: > > > The problem still exists. > > > > *Here is the bean configuration: I did not have the properties mapping > > earlier, added it on your suggestion > > * > > <bean id="stsClientFederation" > > class="org.apache.cxf.ws.security.trust.STSClient" scope="prototype"> > > <constructor-arg ref="cxf" /> > > <property name="wsdlLocation" value="adfs.wsdl" /> > > <property name="sendRenewing" value="false" /> > > <property name="serviceName" > > value="{ > > http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService > > > "/> > > <property name="endpointName" > > value="{ > > http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}IssuedTokenWSTrustBinding_IWSTrust13Async1 > > > "/> > > <property name="addressingNamespace" > > value="http://www.w3.org/2005/08/addressing"; /> > > <property name="enableAppliesTo" value="true" /> > > <property name="properties"> > > <map> > > <entry key="ws-security.username" value="username"/> > > <entry key="ws-security.callback-handler" > > value="clientKeystore.PasswordCallbackHandler"/> > > <entry key="ws-security.sts.token.username" > > value="clientstskey"/> > > <entry key="ws-security.sts.token.properties" > > value="clientKeystore.properties"/> > > <entry key="ws-security.sts.token.usecert" > value="true"/> > > </map> > > </property> > > </bean> > > > > > > Question: > > what should be the expected value of 'ws-security.username' & > > 'ws-security.sts.token.username'? > > > > > > > ------------------------------------------------------------------------------------------------------------------ > > > *Security policy, binding.. from the wsdl* > > > > <wsp:Policy wsu:Id="IssuedTokenWSTrustBinding_IWSTrust13Async1_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:TransportBinding > > xmlns:sp=" > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <wsp:Policy> > > <sp:TransportToken> > > <wsp:Policy> > > > > <sp:HttpsToken /> > > </wsp:Policy> > > </sp:TransportToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > > > <sp:Basic256 /> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > > <sp:Strict > > /> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp /> > > </wsp:Policy> > > </sp:TransportBinding> > > <sp:EndorsingSupportingTokens > > xmlns:sp=" > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <wsp:Policy> > > <sp:IssuedToken > > > > sp:IncludeToken=" > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > "> > > > > <sp:RequestSecurityTokenTemplate> > > > > <trust:KeyType> > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey > > > > </trust:KeyType> > > > > <trust:KeySize>256</trust:KeySize> > > > > <trust:KeyWrapAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p > > > > </trust:KeyWrapAlgorithm> > > > > <trust:EncryptWith>http://www.w3.org/2001/04/xmlenc#aes256-cbc > > > > </trust:EncryptWith> > > > > <trust:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#hmac-sha1 > > > > </trust:SignatureAlgorithm> > > > > <trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n# > > > > </trust:CanonicalizationAlgorithm> > > > > <trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc > > > > </trust:EncryptionAlgorithm> > > > > </sp:RequestSecurityTokenTemplate> > > <wsp:Policy> > > > > <sp:RequireInternalReference /> > > </wsp:Policy> > > </sp:IssuedToken> > > <sp:SignedParts> > > <sp:Header > > Name="To" Namespace="http://www.w3.org/2005/08/addressing"; > > /> > > </sp:SignedParts> > > <KeyValueToken > > IncludeToken="" Optional=""> > > <Policy /> > > </KeyValueToken> > > </wsp:Policy> > > </sp:EndorsingSupportingTokens> > > <sp:Wss11 > > xmlns:sp=" > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <wsp:Policy> > > > > <sp:MustSupportRefKeyIdentifier /> > > > > <sp:MustSupportRefIssuerSerial /> > > > > <sp:MustSupportRefThumbprint /> > > > > <sp:MustSupportRefEncryptedKey /> > > </wsp:Policy> > > </sp:Wss11> > > <sp:Trust13 > > xmlns:sp=" > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <wsp:Policy> > > > > <sp:MustSupportIssuedTokens /> > > <sp:RequireClientEntropy > /> > > <sp:RequireServerEntropy > /> > > </wsp:Policy> > > </sp:Trust13> > > <wsaw:UsingAddressing /> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > > > > ---------------------------------------------------------------------------------------------- > > > > > <wsdl:binding name="IssuedTokenWSTrustBinding_IWSTrust13Async1" > > type="tns:IWSTrust13Async"> > > <wsp:PolicyReference > > > > URI="#IssuedTokenWSTrustBinding_IWSTrust13Async1_policy" /> > > <soap12:binding transport=" > > http://schemas.xmlsoap.org/soap/http"; /> > > <wsdl:operation name="Trust13IssueAsync"> > > <soap12:operation > > soapAction=" > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; > > style="document" /> > > <wsdl:input> > > <soap12:body use="literal" /> > > </wsdl:input> > > <wsdl:output> > > <soap12:body use="literal" /> > > </wsdl:output> > > </wsdl:operation> > > </wsdl:binding> > > > > > > > -------------------------------------------------------------------------------------------------------------- > > > Here is my code snippet to get the token > > > > public SecurityToken getFederatedToken(TokenInputs tokenInputVo, > > SecurityToken issuedToken) { > > SecurityToken securityToken = null; > > try { > > stsClient = (STSClient) > > ctx.getBean("stsClientFederation"); > > stsClient.setEnableAppliesTo(true); > > stsClient.setTokenType(SAML2_TOKEN_TYPE); > > > > //Next two lines are necessary as ADFS will throw unrecognized Policy > > otherwise > > stsClient.setAddressingNamespace(" > > http://schemas.xmlsoap.org/ws/2004/08/addressing";); > > > > stsClient.setWspNamespace("http://schemas.xmlsoap.org/ws/2004/09/policy";); > > > > > > stsClient.getProperties().put("ws-security.token", > > issuedToken); > > > > securityToken = > > stsClient.requestSecurityToken(tokenInputVo.getAdfsRelyingParty()); > > } catch (Exception exp) { throw new > > RuntimeException("Error occured while > > requesting a federation security token from ADFS", exp); > > } > > return securityToken; > > } > > > > What do you suggest. Is it the right way to get an issuedToken? > > > > > > > > -- > > View this message in context: > > > http://cxf.547215.n5.nabble.com/IssuedToken-nullpointer-exception-tp5749119p5749157.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://cxf.547215.n5.nabble.com/IssuedToken-nullpointer-exception-tp5749119p5749172.html > To unsubscribe from IssuedToken nullpointer exception, click here > <http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5749119&code=bmlyYW5qYW5hLmJpbGxhcHBhQGdtYWlsLmNvbXw1NzQ5MTE5fC0xNzgyMzM0NzQ4> > . > NAML > <http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- Niranjan -- View this message in context: http://cxf.547215.n5.nabble.com/IssuedToken-nullpointer-exception-tp5749119p5749197.html Sent from the cxf-user mailing list archive at Nabble.com.
