CXF Fediz: can't drive wsClientWebapp via SoapUI

Mon, 29 Sep 2014 08:05:26 -0700 

Hello All!

  I would like to drive the "wsClientWebapp" demo in CXF Fediz via SoapUI.
I've set up the demo successfully (with Colm's help, thanks Colm!). It's working: I can go to https://localhost:8443/fedizhelloworld/secure/fedservlet , sign in there then go to https://localhost:8443/fedizhelloworld/secure/service.jsp and use the GreeterService service with the signed in user. 

  After this, I tried to use the GreeterService via SoapUI.
A. First I requested a Security Token at the IDP/STS (9443) via SoapUI. That worked, I got back a Security Token with a <saml2:Assertion> inside which was valid for 20 minutes. See attached files for the message exchange.
B. Next I tried to request the GreeterService (10443) via SoapUI with the <saml2:Assertion> I got the previous step. But the result was a "The message has expired" response. Note that I created the request like this: 1. copied the request from the GreeterService's log after it had driven via the eaxmple's "Relying Party" web app, 
2. replaced the <saml2:Assertion> part with the assertion from A.
  See attached files for the message exchange.

  I was in the 20 minutes time window, I guess that couldn't be the problem.

  I don't know what's the problem.
Is my aproach with this experiment valid at all (getting the token, then use it for requesting the service)? 

  Also attached the GReetingService's relevant log excerpt.

  Any help is really appreciated!

  Thank you, best regards, Peter

---

Peter Risko

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";>
	<wsse:Security
		xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
		soap:mustUnderstand="1">
		<wsse:UsernameToken wsu:Id="UsernameToken-BE87C69F2461B72C1714119892000293">
			<wsse:Username>ted</wsse:Username>
			<wsse:Password
				Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>det</wsse:Password>
		</wsse:UsernameToken>
	</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy";>
	<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";>
		<wsa:Address>urn:fediz:idp</wsa:Address>
	</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType><wst:Renewing/>
</wst:RequestSecurityToken>
</soap:Body>
</soap:Envelope>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
   <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"/>
   <soap:Body>
      <RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:ns4="http://www.w3.org/2005/08/addressing"; xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802";>
         <RequestSecurityTokenResponse>
            <TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType>
            <RequestedSecurityToken>
               <saml2:Assertion ID="_8CBBD88328F8EB44F81412001827930196" IssueInstant="2014-09-29T14:43:47.930Z" Version="2.0" xsi:type="saml2:AssertionType" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
                  <saml2:Issuer>STS Realm A</saml2:Issuer>
                  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
                     <ds:SignedInfo>
                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                        <ds:Reference URI="#_8CBBD88328F8EB44F81412001827930196">
                           <ds:Transforms>
                              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                           </ds:Transforms>
                           <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                           <ds:DigestValue>ftZpP6Lyec+Jj2Nfe3iXEwfksk4=</ds:DigestValue>
                        </ds:Reference>
                     </ds:SignedInfo>
                     <ds:SignatureValue>AjtIQCy0Cvmu0sGaXuAPsVM6B+9EKl1Cb7vIYCihCqczPzIZxx4dpv71SVskDj7dS/2UEkSB8G8Lj139nYAnrPtc7LS6o0M2g0wlFH5plv5VDw64QlJPSKEk2dttmh7PujWmCZPFZfP+XzFMH2MkvCAE6d3XAyhME0FXbaSvypn26HZL55xsD0xm/+q1z1OED68GdK9xDue7haVqMc3QuAYXHKtuLN/hZL2aYImEjY5aInqXAtJB026RB5qHAbBLTVEagTTyCY2XtmMGVfQ3g8jOZrqC61ZOuxEM5l8vBcVy236truxBFBQZl3Yqm+HOFNTzM8qzzvYXGqf7dB49Kw==</ds:SignatureValue>
                     <ds:KeyInfo>
                        <ds:X509Data>
                           <ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX
rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p
ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4
N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr
x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj
ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN
aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh
8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R
2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9
6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj
ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate>
                        </ds:X509Data>
                     </ds:KeyInfo>
                  </ds:Signature>
                  <saml2:Subject>
                     <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts";>ted</saml2:NameID>
                     <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
                  </saml2:Subject>
                  <saml2:Conditions NotBefore="2014-09-29T14:43:47.930Z" NotOnOrAfter="2014-09-29T15:03:47.930Z">
                     <saml2:AudienceRestriction>
                        <saml2:Audience>urn:fediz:idp</saml2:Audience>
                     </saml2:AudienceRestriction>
                  </saml2:Conditions>
               </saml2:Assertion>
            </RequestedSecurityToken>
            <RequestedAttachedReference>
               <ns3:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";>
                  <ns3:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_8CBBD88328F8EB44F81412001827930196</ns3:KeyIdentifier>
               </ns3:SecurityTokenReference>
            </RequestedAttachedReference>
            <RequestedUnattachedReference>
               <ns3:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";>
                  <ns3:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_8CBBD88328F8EB44F81412001827930196</ns3:KeyIdentifier>
               </ns3:SecurityTokenReference>
            </RequestedUnattachedReference>
            <wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
               <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";>
                  <wsa:Address>urn:fediz:idp</wsa:Address>
               </wsa:EndpointReference>
            </wsp:AppliesTo>
            <Lifetime>
               <ns2:Created>2014-09-29T14:43:47.930Z</ns2:Created>
               <ns2:Expires>2014-09-29T15:03:47.930Z</ns2:Expires>
            </Lifetime>
         </RequestSecurityTokenResponse>
      </RequestSecurityTokenResponseCollection>
   </soap:Body>
</soap:Envelope>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-7A9C21F9738EBC0F55141200184238011"><wsu:Created>2014-09-29T14:44:02.380Z</wsu:Created><wsu:Expires>2014-09-29T14:49:02.380Z</wsu:Expires></wsu:Timestamp><saml2:Assertion ID="_8CBBD88328F8EB44F81412001827930196" IssueInstant="2014-09-29T14:43:47.930Z" Version="2.0" xsi:type="saml2:AssertionType" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><saml2:Issuer>STS Realm A</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_8CBBD88328F8EB44F81412001827930196"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>ftZpP6Lyec+Jj2Nfe3iXEwfksk4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>AjtIQCy0Cvmu0sGaXuAPsVM6B+9EKl1Cb7vIYCihCqczPzIZxx4dpv71SVskDj7dS/2UEkSB8G8Lj139nYAnrPtc7LS6o0M2g0wlFH5plv5VDw64QlJPSKEk2dttmh7PujWmCZPFZfP+XzFMH2MkvCAE6d3XAyhME0FXbaSvypn26HZL55xsD0xm/+q1z1OED68GdK9xDue7haVqMc3QuAYXHKtuLN/hZL2aYImEjY5aInqXAtJB026RB5qHAbBLTVEagTTyCY2XtmMGVfQ3g8jOZrqC61ZOuxEM5l8vBcVy236truxBFBQZl3Yqm+HOFNTzM8qzzvYXGqf7dB49Kw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX
rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p
ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4
N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr
x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj
ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN
aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh
8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R
2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9
6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj
ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts";>ted</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions NotBefore="2014-09-29T14:43:47.930Z" NotOnOrAfter="2014-09-29T15:03:47.930Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></wsse:Security></SOAP-ENV:Header><soap:Body><greetMe xmlns="http://apache.org/hello_world_soap_http/types"/></soap:Body></soap:Envelope>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
   <soap:Body>
      <soap:Fault>
         <faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>ns1:MessageExpired</faultcode>
         <faultstring>The message has expired</faultstring>
      </soap:Fault>
   </soap:Body>
</soap:Envelope>
Sep 29, 2014 4:51:22 PM 
org.apache.cxf.services.GreeterService.GreeterSoapPort.Greeter
INFO: Inbound Message
----------------------------
ID: 124
Address: https://localhost:10443/fedizservice/GreeterService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], 
Content-Length=[3536], content-type=[text/xml;charset=UTF-8], 
host=[localhost:10443], SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 
(java 1.5)]}
Payload: <soap:Envelope 
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header 
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 soap:mustUnderstand="1"><wsu:Timestamp 
wsu:Id="TS-7A9C21F9738EBC0F55141200184238011"><wsu:Created>2014-09-29T14:44:02.380Z</wsu:Created><wsu:Expires>2014-09-29T14:49:02.380Z</wsu:Expires></wsu:Timestamp><saml2:Assertion
 ID="_8CBBD88328F8EB44F81412001827930196" 
IssueInstant="2014-09-29T14:43:47.930Z" Version="2.0" 
xsi:type="saml2:AssertionType" 
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><saml2:Issuer>STS Realm 
A</saml2:Issuer><ds:Signature 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod
 Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference 
URI="#_8CBBD88328F8EB44F81412001827930196"><ds:Transforms><ds:Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>ftZpP6Lyec+Jj2Nfe3iXEwfksk4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>AjtIQCy0Cvmu0sGaXuAPsVM6B+9EKl1Cb7vIYCihCqczPzIZxx4dpv71SVskDj7dS/2UEkSB8G8Lj139nYAnrPtc7LS6o0M2g0wlFH5plv5VDw64QlJPSKEk2dttmh7PujWmCZPFZfP+XzFMH2MkvCAE6d3XAyhME0FXbaSvypn26HZL55xsD0xm/+q1z1OED68GdK9xDue7haVqMc3QuAYXHKtuLN/hZL2aYImEjY5aInqXAtJB026RB5qHAbBLTVEagTTyCY2XtmMGVfQ3g8jOZrqC61ZOuxEM5l8vBcVy236truxBFBQZl3Yqm+HOFNTzM8qzzvYXGqf7dB49Kw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX
rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p
ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4
N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr
x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj
ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN
aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh
8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R
2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9
6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj
ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID
 Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" 
NameQualifier="http://cxf.apache.org/sts";>ted</saml2:NameID><saml2:SubjectConfirmation
 
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions
 NotBefore="2014-09-29T14:43:47.930Z" 
NotOnOrAfter="2014-09-29T15:03:47.930Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></wsse:Security></SOAP-ENV:Header><soap:Body><greetMe
 
xmlns="http://apache.org/hello_world_soap_http/types"/></soap:Body></soap:Envelope>

--------------------------------------
Sep 29, 2014 4:51:22 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor 
handleMessage
WARNING: 
org.apache.ws.security.WSSecurityException: The message has expired 
(WSSecurityEngine: Invalid timestamp The security semantics of the message have 
expired)
        at 
org.apache.ws.security.validate.TimestampValidator.validate(TimestampValidator.java:62)
        at 
org.apache.ws.security.processor.TimestampProcessor.handleToken(TimestampProcessor.java:62)
        at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
        at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
        at 
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:121)
        at 
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:106)
        at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
        at 
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at 
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
        at 
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
        at 
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
        at 
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
        at 
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
        at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
        at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
        at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at 
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
        at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
        at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at 
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:744)

Sep 29, 2014 4:51:22 PM org.apache.cxf.phase.PhaseInterceptorChain 
doDefaultLogging
WARNING: Interceptor for 
{http://apache.org/hello_world_soap_http}GreeterService has thrown exception, 
unwinding now
org.apache.cxf.binding.soap.SoapFault: The message has expired
        at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:850)
        at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327)
        at 
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:121)
        at 
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:106)
        at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
        at 
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at 
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
        at 
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
        at 
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
        at 
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
        at 
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
        at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
        at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
        at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at 
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
        at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
        at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at 
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.ws.security.WSSecurityException: The message has expired 
(WSSecurityEngine: Invalid timestamp The security semantics of the message have 
expired)
        at 
org.apache.ws.security.validate.TimestampValidator.validate(TimestampValidator.java:62)
        at 
org.apache.ws.security.processor.TimestampProcessor.handleToken(TimestampProcessor.java:62)
        at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
        at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
        ... 33 more

Sep 29, 2014 4:51:22 PM 
org.apache.cxf.services.GreeterService.GreeterSoapPort.Greeter
INFO: Outbound Message
---------------------------
ID: 124
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope 
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcode
 
xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>ns1:MessageExpired</faultcode><faultstring>The
 message has expired</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------

Reply via email to