Hello. So I kind of solved my problem myself. After all using one realm (REALMA), 2 endpoints are needed: 1) address="/REALMA/STSServiceTransportUT" in ldap.xml and jaasUTValidator 2) address="/REALMA/STSServiceTransport" in cxf-transport
So now my LDAP users are getting authenticated along with their claims and with their "role" from LDAP groups. I see all that correctly in tomcat output, tokens getting created and everything but my RP application is giving me "HTTP Status 403 - Access to the requested resource has been denied".. That application is working with file based authentication and I cant understand why now it does not since authentication is successful and all claims are passed correctly. Any insight would be really great. Here is the IDP-tomcat output: INFO: Server startup in 21982 ms 2014-10-01 01:40:15,461 [http-bio-9443-exec-1] INFO org.apache.cxf.fediz.service.idp.STSPortFilter - STSAuthenticationProvider.wsdlLocation set to https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransportUT?wsdl 2014-10-01 01:40:15,789 [http-bio-9443-exec-1] INFO org.springframework.web.context.support.GenericWebApplicationContext - Refreshing Flow ApplicationContext [federation]: startup date [Wed Oct 01 01:40:15 EEST 2014]; parent: WebApplicationContext for namespace 'idp-servlet' 2014-10-01 01:40:15,792 [http-bio-9443-exec-1] INFO org.springframework.beans.factory.support.DefaultListableBeanFactory - Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@6834cd6a: defining beans [org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory@2a2e2155 2014-10-01 01:40:16,025 [http-bio-9443-exec-1] INFO org.springframework.web.context.support.GenericWebApplicationContext - Refreshing Flow ApplicationContext [signinRequest]: startup date [Wed Oct 01 01:40:16 EEST 2014]; parent: WebApplicationContext for namespace 'idp-servlet' 2014-10-01 01:40:16,031 [http-bio-9443-exec-1] INFO org.springframework.beans.factory.support.DefaultListableBeanFactory - Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@3d1d1a49: defining beans [org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory@2a2e2155 2014-10-01 01:40:16,101 [http-bio-9443-exec-1] INFO org.apache.cxf.fediz.service.idp.beans.ProcessHRDSExpressionAction - HRDS is null (Mock). 2014-10-01 01:40:24,896 [http-bio-9443-exec-3] INFO org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS - Inbound Message ---------------------------- ID: 1 Address: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransportUT?wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-agent=[Apache CXF 2.7.11]} -------------------------------------- 2014-10-01 01:40:25,371 [http-bio-9443-exec-5] INFO org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS - Inbound Message ---------------------------- ID: 2 Address: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransportUT?wsdl=ws-trust-1.4.wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-agent=[Apache CXF 2.7.11]} -------------------------------------- 2014-10-01 01:40:25,802 [http-bio-9443-exec-2] WARN org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl - No assertion builder for type {http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing registered. 2014-10-01 01:40:26,496 [http-bio-9443-exec-2] INFO org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS - Outbound Message --------------------------- ID: 1 Address: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransportUT Encoding: UTF-8 Http-Method: POST Content-Type: text/xml Headers: {Accept=[*/*], SOAPAction=["http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soap:mustUnderstand="1"><wsse:UsernameToken wsu:Id="UsernameToken-D4D2167BDFF08F2B2C14121168264901"><wsse:Username>alice</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>ecila</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><soap:Body><wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy";><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType><wst:Renewing/></wst:RequestSecurityToken></soap:Body></soap:Envelope> -------------------------------------- 2014-10-01 01:40:26,549 [http-bio-9443-exec-7] INFO org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS - Inbound Message ---------------------------- ID: 3 Address: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransportUT Encoding: UTF-8 Http-Method: POST Content-Type: text/xml; charset=UTF-8 Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], Content-Length=[1333], content-type=[text/xml; charset=UTF-8], host=[localhost:9443], pragma=[no-cache], SOAPAction=["http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";], user-agent=[Apache CXF 2.7.11]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soap:mustUnderstand="1"><wsse:UsernameToken wsu:Id="UsernameToken-D4D2167BDFF08F2B2C14121168264901"><wsse:Username>alice</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>ecila</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><soap:Body><wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy";><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType><wst:Renewing/></wst:RequestSecurityToken></soap:Body></soap:Envelope> -------------------------------------- [LdapLoginModule] authentication-only mode; SSL disabled [LdapLoginModule] user provider: ldap://localhost:389/ou=Users,dc=ldap,dc=fediz [LdapLoginModule] attempting to authenticate user: alice [LdapLoginModule] authentication succeeded [LdapLoginModule] added LdapPrincipal "cn=alice,ou=Users,dc=ldap,dc=fediz" to Subject [LdapLoginModule] added UserPrincipal "alice" to Subject 2014-10-01 01:40:28,705 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.request.RequestParser - Parsing RequestSecurityToken 2014-10-01 01:40:28,732 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.request.RequestParser - Found AppliesTo element 2014-10-01 01:40:28,732 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.request.RequestParser - Found TokenType: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 2014-10-01 01:40:28,732 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.request.RequestParser - Found KeyType: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer 2014-10-01 01:40:28,745 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.request.RequestParser - Found Renewing token 2014-10-01 01:40:28,745 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.request.RequestParser - Received Context attribute: null 2014-10-01 01:40:28,745 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Parsing AppliesTo element 2014-10-01 01:40:28,745 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Found EndpointReference element 2014-10-01 01:40:28,745 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Found address element 2014-10-01 01:40:28,746 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.operation.AbstractOperation - The AppliesTo address that has been received is: urn:fediz:idp 2014-10-01 01:40:28,761 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.service.StaticService - Address urn:fediz:idp matches with pattern .* 2014-10-01 01:40:28,763 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - Handling token of type: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 2014-10-01 01:40:28,774 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.token.provider.DefaultSubjectProvider - Creating new subject with principal name: alice 2014-10-01 01:40:31,690 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - SAMLRealm signature keystore used 2014-10-01 01:40:31,690 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - Signature alias is null so using default alias: realma 2014-10-01 01:40:31,691 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - Creating SAML Token 2014-10-01 01:40:31,691 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - Signing SAML Token 2014-10-01 01:40:31,910 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.operation.TokenIssueOperation - Encrypting Issued Token: false 2014-10-01 01:40:31,912 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Token lifetime creation: 2014-09-30T22:40:31.661Z 2014-10-01 01:40:31,912 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Token lifetime expiration: 2014-09-30T23:00:31.661Z 2014-10-01 01:40:31,913 [http-bio-9443-exec-7] DEBUG org.apache.cxf.sts.event.map.MapEventLogger - 10/1/14 1:40:31 AM;SUCCESS;3339ms;127.0.0.1;59826;Issue;https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransportUT;REALMA;alice;<null>;<null>;<null>;<null>;<null>;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0;urn:fediz:idp;<null>;<null>;<null>;<null>; 2014-10-01 01:40:32,171 [http-bio-9443-exec-7] INFO org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS - Outbound Message --------------------------- ID: 3 Response-Code: 200 Encoding: UTF-8 Content-Type: text/xml Headers: {} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"/><soap:Body><RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:ns2="http://www.w3.org/2005/08/addressing"; xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802";><RequestSecurityTokenResponse><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType><RequestedSecurityToken><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="_4C3D3D7257E6DF71B714121168315051" IssueInstant="2014-09-30T22:40:31.620Z" Version="2.0" xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm A</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_4C3D3D7257E6DF71B714121168315051"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>DhIjb9vI/mOQb+v8LV6johTHltk=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Az/yTFieY3qVzBSOt+tiSepaf2pOttbWqDRw1+lQNG2Bb5nOWIk1AwS1K9gZ0pKKawC/DYqXPTJ6gtt/7twkk7zwXAtET2a94WEN2XlahlP2v8Qij/N611kgTPNoSz57rEGcXj8hDfKeK1684fR7EB6bXEpw+mD9z7Ne49SxU13ke/LDLXL+izJR2MVcapBoHHVd7xlZjyu43ClWQ/auqRm48m5RTsqyRN/xPYhL/cfemETNhrwY7Gnr/btLqPxvO34CZ1/sJqX8MlyU5umZ8+7aCGcOZHM3javwDqBEvtiP4ETsbIK+pIABs2gNROLxAbqeYkyfbVuw5RsGI0FRsQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4 N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts";>alice</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions NotBefore="2014-09-30T22:40:31.661Z" NotOnOrAfter="2014-09-30T23:00:31.661Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_4C3D3D7257E6DF71B714121168315051</ns4:KeyIdentifier></ns4:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_4C3D3D7257E6DF71B714121168315051</ns4:KeyIdentifier></ns4:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns3:Created>2014-09-30T22:40:31.661Z</ns3:Created><ns3:Expires>2014-09-30T23:00:31.661Z</ns3:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope> -------------------------------------- 2014-10-01 01:40:32,181 [http-bio-9443-exec-2] INFO org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS - Inbound Message ---------------------------- ID: 1 Response-Code: 200 Encoding: UTF-8 Content-Type: text/xml;charset=UTF-8 Headers: {content-type=[text/xml;charset=UTF-8], Date=[Tue, 30 Sep 2014 22:40:32 GMT], Server=[Apache-Coyote/1.1], transfer-encoding=[chunked]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"/><soap:Body><RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:ns2="http://www.w3.org/2005/08/addressing"; xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802";><RequestSecurityTokenResponse><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType><RequestedSecurityToken><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="_4C3D3D7257E6DF71B714121168315051" IssueInstant="2014-09-30T22:40:31.620Z" Version="2.0" xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm A</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_4C3D3D7257E6DF71B714121168315051"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>DhIjb9vI/mOQb+v8LV6johTHltk=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Az/yTFieY3qVzBSOt+tiSepaf2pOttbWqDRw1+lQNG2Bb5nOWIk1AwS1K9gZ0pKKawC/DYqXPTJ6gtt/7twkk7zwXAtET2a94WEN2XlahlP2v8Qij/N611kgTPNoSz57rEGcXj8hDfKeK1684fR7EB6bXEpw+mD9z7Ne49SxU13ke/LDLXL+izJR2MVcapBoHHVd7xlZjyu43ClWQ/auqRm48m5RTsqyRN/xPYhL/cfemETNhrwY7Gnr/btLqPxvO34CZ1/sJqX8MlyU5umZ8+7aCGcOZHM3javwDqBEvtiP4ETsbIK+pIABs2gNROLxAbqeYkyfbVuw5RsGI0FRsQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4 N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts";>alice</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions NotBefore="2014-09-30T22:40:31.661Z" NotOnOrAfter="2014-09-30T23:00:31.661Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_4C3D3D7257E6DF71B714121168315051</ns4:KeyIdentifier></ns4:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_4C3D3D7257E6DF71B714121168315051</ns4:KeyIdentifier></ns4:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns3:Created>2014-09-30T22:40:31.661Z</ns3:Created><ns3:Expires>2014-09-30T23:00:31.661Z</ns3:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope> -------------------------------------- 2014-10-01 01:40:32,320 [http-bio-9443-exec-2] INFO org.apache.cxf.fediz.service.idp.beans.ProcessHRDSExpressionAction - HRDS is null (Mock). 2014-10-01 01:40:32,322 [http-bio-9443-exec-2] INFO org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction - Token [IDP_TOKEN=_4C3D3D7257E6DF71B714121168315051] for realm [urn:org:apache:cxf:fediz:idp:realm-A] successfully cached. 2014-10-01 01:40:32,330 [http-bio-9443-exec-2] INFO org.apache.cxf.fediz.service.idp.beans.STSClientAction - STS WSDL URL updated to https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport?wsdl 2014-10-01 01:40:32,410 [http-bio-9443-exec-9] INFO org.apache.cxf.services.SecurityTokenService.Transport_Port.STS - Inbound Message ---------------------------- ID: 4 Address: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport?wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-agent=[Apache CXF 2.7.11]} -------------------------------------- 2014-10-01 01:40:32,636 [http-bio-9443-exec-1] INFO org.apache.cxf.services.SecurityTokenService.Transport_Port.STS - Inbound Message ---------------------------- ID: 5 Address: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport?wsdl=ws-trust-1.4.wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-agent=[Apache CXF 2.7.11]} -------------------------------------- 2014-10-01 01:40:32,811 [http-bio-9443-exec-2] INFO org.apache.cxf.services.SecurityTokenService.Transport_Port.STS - Outbound Message --------------------------- ID: 2 Address: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport Encoding: UTF-8 Http-Method: POST Content-Type: text/xml Headers: {Accept=[*/*], SOAPAction=["http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"/><soap:Body><wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy";><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>urn:org:apache:cxf:fediz:storage</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:Claims xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";><ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/><ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/><ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/><ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/></wst:Claims><wst:OnBehalfOf><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="_4C3D3D7257E6DF71B714121168315051" IssueInstant="2014-09-30T22:40:31.620Z" Version="2.0" xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm A</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_4C3D3D7257E6DF71B714121168315051"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>DhIjb9vI/mOQb+v8LV6johTHltk=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Az/yTFieY3qVzBSOt+tiSepaf2pOttbWqDRw1+lQNG2Bb5nOWIk1AwS1K9gZ0pKKawC/DYqXPTJ6gtt/7twkk7zwXAtET2a94WEN2XlahlP2v8Qij/N611kgTPNoSz57rEGcXj8hDfKeK1684fR7EB6bXEpw+mD9z7Ne49SxU13ke/LDLXL+izJR2MVcapBoHHVd7xlZjyu43ClWQ/auqRm48m5RTsqyRN/xPYhL/cfemETNhrwY7Gnr/btLqPxvO34CZ1/sJqX8MlyU5umZ8+7aCGcOZHM3javwDqBEvtiP4ETsbIK+pIABs2gNROLxAbqeYkyfbVuw5RsGI0FRsQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4 N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts";>alice</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions NotBefore="2014-09-30T22:40:31.661Z" NotOnOrAfter="2014-09-30T23:00:31.661Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></wst:OnBehalfOf><wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType><wst:Lifetime xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsu:Created>2014-09-30T22:40:32.723Z</wsu:Created><wsu:Expires>2014-09-30T23:40:32.723Z</wsu:Expires></wst:Lifetime><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType><wst:Renewing/></wst:RequestSecurityToken></soap:Body></soap:Envelope> -------------------------------------- 2014-10-01 01:40:32,812 [http-bio-9443-exec-5] INFO org.apache.cxf.services.SecurityTokenService.Transport_Port.STS - Inbound Message ---------------------------- ID: 6 Address: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport Encoding: UTF-8 Http-Method: POST Content-Type: text/xml; charset=UTF-8 Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml; charset=UTF-8], host=[localhost:9443], pragma=[no-cache], SOAPAction=["http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";], transfer-encoding=[chunked], user-agent=[Apache CXF 2.7.11]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"/><soap:Body><wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy";><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>urn:org:apache:cxf:fediz:storage</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:Claims xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";><ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/><ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/><ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/><ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/></wst:Claims><wst:OnBehalfOf><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="_4C3D3D7257E6DF71B714121168315051" IssueInstant="2014-09-30T22:40:31.620Z" Version="2.0" xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm A</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_4C3D3D7257E6DF71B714121168315051"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>DhIjb9vI/mOQb+v8LV6johTHltk=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Az/yTFieY3qVzBSOt+tiSepaf2pOttbWqDRw1+lQNG2Bb5nOWIk1AwS1K9gZ0pKKawC/DYqXPTJ6gtt/7twkk7zwXAtET2a94WEN2XlahlP2v8Qij/N611kgTPNoSz57rEGcXj8hDfKeK1684fR7EB6bXEpw+mD9z7Ne49SxU13ke/LDLXL+izJR2MVcapBoHHVd7xlZjyu43ClWQ/auqRm48m5RTsqyRN/xPYhL/cfemETNhrwY7Gnr/btLqPxvO34CZ1/sJqX8MlyU5umZ8+7aCGcOZHM3javwDqBEvtiP4ETsbIK+pIABs2gNROLxAbqeYkyfbVuw5RsGI0FRsQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4 N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts";>alice</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions NotBefore="2014-09-30T22:40:31.661Z" NotOnOrAfter="2014-09-30T23:00:31.661Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></wst:OnBehalfOf><wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType><wst:Lifetime xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsu:Created>2014-09-30T22:40:32.723Z</wsu:Created><wsu:Expires>2014-09-30T23:40:32.723Z</wsu:Expires></wst:Lifetime><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType><wst:Renewing/></wst:RequestSecurityToken></soap:Body></soap:Envelope> -------------------------------------- 2014-10-01 01:40:32,834 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.RequestParser - Parsing RequestSecurityToken 2014-10-01 01:40:32,834 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.RequestParser - Found AppliesTo element 2014-10-01 01:40:32,873 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.RequestParser - Found Primary Claims token 2014-10-01 01:40:32,875 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.ReceivedToken - Found ValidateTarget element: Assertion 2014-10-01 01:40:32,875 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.RequestParser - Found OnBehalfOf token 2014-10-01 01:40:32,875 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.RequestParser - Found TokenType: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.Lifetime - Found created value: 2014-09-30T22:40:32.723Z 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.Lifetime - Found expires value: 2014-09-30T23:40:32.723Z 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.RequestParser - Found Lifetime element 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.RequestParser - Found KeyType: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.RequestParser - Found Renewing token 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.request.RequestParser - Received Context attribute: null 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Parsing AppliesTo element 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Found EndpointReference element 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Found address element 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.AbstractOperation - The AppliesTo address that has been received is: urn:org:apache:cxf:fediz:storage 2014-10-01 01:40:32,876 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.service.StaticService - Address urn:org:apache:cxf:fediz:storage matches with pattern .* 2014-10-01 01:40:32,877 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.token.validator.SAMLTokenValidator - Validating SAML Token 2014-10-01 01:40:32,982 [http-bio-9443-exec-5] WARN org.apache.ws.security.validate.SignatureTrustValidator - No Subject DN Certificate Constraints were defined. This could be a security issue 2014-10-01 01:40:32,994 [http-bio-9443-exec-5] INFO org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec - Realm parsed in certificate: REALMA 2014-10-01 01:40:33,047 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Parsing AppliesTo element 2014-10-01 01:40:33,047 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Found EndpointReference element 2014-10-01 01:40:33,047 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Found address element 2014-10-01 01:40:33,049 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - Handling token of type: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 2014-10-01 01:40:34,491 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.claims.LdapGroupClaimsHandler - DN for (cn=cn=alice,ou=Users,dc=ldap,dc=fediz) found: cn=alice,ou=Users,dc=ldap,dc=fediz 2014-10-01 01:40:34,496 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.claims.LdapGroupClaimsHandler - Groups for user 'alice': [user] 2014-10-01 01:40:34,496 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.claims.LdapGroupClaimsHandler - AppliesTo matchs with scope: Storage 2014-10-01 01:40:34,496 [http-bio-9443-exec-5] INFO org.apache.cxf.sts.claims.LdapGroupClaimsHandler - Filtered groups: [user] 2014-10-01 01:40:34,497 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - AttributeStatementsorg.apache.ws.security.saml.ext.bean.AttributeStatementBean@889ee2ereturned by AttributeStatementProvider org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider 2014-10-01 01:40:34,497 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.token.provider.DefaultSubjectProvider - Creating new subject with principal name: alice 2014-10-01 01:40:34,502 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - SAMLRealm signature keystore used 2014-10-01 01:40:34,502 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - Signature alias is null so using default alias: realma 2014-10-01 01:40:34,502 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - Creating SAML Token 2014-10-01 01:40:34,502 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.token.provider.SAMLTokenProvider - Signing SAML Token 2014-10-01 01:40:34,520 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.TokenIssueOperation - Encrypting Issued Token: false 2014-10-01 01:40:34,520 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Token lifetime creation: 2014-09-30T22:40:32.723Z 2014-10-01 01:40:34,520 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.operation.AbstractOperation - Token lifetime expiration: 2014-09-30T23:40:32.723Z 2014-10-01 01:40:34,521 [http-bio-9443-exec-5] DEBUG org.apache.cxf.sts.event.map.MapEventLogger - 10/1/14 1:40:34 AM;SUCCESS;1686ms;127.0.0.1;59831;Issue;https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport;REALMA;<null>;alice;<null>;<null>;<null>;<null>;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0;urn:org:apache:cxf:fediz:storage;[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role];<null>;<null>;<null>; 2014-10-01 01:40:34,531 [http-bio-9443-exec-5] INFO org.apache.cxf.services.SecurityTokenService.Transport_Port.STS - Outbound Message --------------------------- ID: 6 Response-Code: 200 Encoding: UTF-8 Content-Type: text/xml Headers: {} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"/><soap:Body><RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:ns2="http://www.w3.org/2005/08/addressing"; xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802";><RequestSecurityTokenResponse><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType><RequestedSecurityToken><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="_4C3D3D7257E6DF71B714121168344982" IssueInstant="2014-09-30T22:40:34.498Z" Version="2.0" xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm A</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_4C3D3D7257E6DF71B714121168344982"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>91uIcJic2hx5JQm3V+R3kGc5c2Y=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>YYrfZlfkwrDKS1nFBe8z8/ThCcCtefo+NRxNCJdYq0FpdFUoscZuLDtFQTr3q66TgN/Nj5FHF9pVvL54Azijv6Ontj1ucNcInk3XlUwJhk+StrgrlHLNYpknWUWotDIz6zAICupxLEu4xZcwFWj1fg1WDnrNDF14x85FERAuJyDWAycz+KoTfYbg8eGd3RkNvtQ74m5DQEXR7MJtu3+SPLC9m4lm0KAeBqRWGEjDbiw64CTOaIVjyB6rrSzNu5CZpYLb1vX1hnC2ADNzPyiPVE+bALgaJIN6WVRdpH5Fl6quVHzkGv/Gk5ZNuxGtzPnPN7UGsv6tuRe8grVkz8fkqA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4 N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts";>alice</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions NotBefore="2014-09-30T22:40:32.723Z" NotOnOrAfter="2014-09-30T23:40:32.723Z"><saml2:AudienceRestriction><saml2:Audience>urn:org:apache:cxf:fediz:storage</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AttributeStatement><saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xsi:type="xs:string">alice</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xsi:type="xs:string">alice</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xsi:type="xs:string">[email protected]</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xsi:type="xs:string">user</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_4C3D3D7257E6DF71B714121168344982</ns4:KeyIdentifier></ns4:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_4C3D3D7257E6DF71B714121168344982</ns4:KeyIdentifier></ns4:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>urn:org:apache:cxf:fediz:storage</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns3:Created>2014-09-30T22:40:32.723Z</ns3:Created><ns3:Expires>2014-09-30T23:40:32.723Z</ns3:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope> -------------------------------------- 2014-10-01 01:40:34,534 [http-bio-9443-exec-2] INFO org.apache.cxf.services.SecurityTokenService.Transport_Port.STS - Inbound Message ---------------------------- ID: 2 Response-Code: 200 Encoding: UTF-8 Content-Type: text/xml;charset=UTF-8 Headers: {content-type=[text/xml;charset=UTF-8], Date=[Tue, 30 Sep 2014 22:40:34 GMT], Server=[Apache-Coyote/1.1], transfer-encoding=[chunked]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"/><soap:Body><RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:ns2="http://www.w3.org/2005/08/addressing"; xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802";><RequestSecurityTokenResponse><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType><RequestedSecurityToken><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="_4C3D3D7257E6DF71B714121168344982" IssueInstant="2014-09-30T22:40:34.498Z" Version="2.0" xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm A</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_4C3D3D7257E6DF71B714121168344982"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>91uIcJic2hx5JQm3V+R3kGc5c2Y=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>YYrfZlfkwrDKS1nFBe8z8/ThCcCtefo+NRxNCJdYq0FpdFUoscZuLDtFQTr3q66TgN/Nj5FHF9pVvL54Azijv6Ontj1ucNcInk3XlUwJhk+StrgrlHLNYpknWUWotDIz6zAICupxLEu4xZcwFWj1fg1WDnrNDF14x85FERAuJyDWAycz+KoTfYbg8eGd3RkNvtQ74m5DQEXR7MJtu3+SPLC9m4lm0KAeBqRWGEjDbiw64CTOaIVjyB6rrSzNu5CZpYLb1vX1hnC2ADNzPyiPVE+bALgaJIN6WVRdpH5Fl6quVHzkGv/Gk5ZNuxGtzPnPN7UGsv6tuRe8grVkz8fkqA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4 N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts";>alice</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions NotBefore="2014-09-30T22:40:32.723Z" NotOnOrAfter="2014-09-30T23:40:32.723Z"><saml2:AudienceRestriction><saml2:Audience>urn:org:apache:cxf:fediz:storage</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AttributeStatement><saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xsi:type="xs:string">alice</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xsi:type="xs:string">alice</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xsi:type="xs:string">[email protected]</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xsi:type="xs:string">user</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_4C3D3D7257E6DF71B714121168344982</ns4:KeyIdentifier></ns4:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_4C3D3D7257E6DF71B714121168344982</ns4:KeyIdentifier></ns4:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>urn:org:apache:cxf:fediz:storage</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns3:Created>2014-09-30T22:40:32.723Z</ns3:Created><ns3:Expires>2014-09-30T23:40:32.723Z</ns3:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope> -------------------------------------- 2014-10-01 01:40:36,286 [http-bio-9443-exec-2] INFO org.apache.cxf.fediz.service.idp.beans.STSClientAction - [RP_TOKEN=_4C3D3D7257E6DF71B714121168344982] successfully created for realm [urn:org:apache:cxf:fediz:storage] on behalf of [IDP_TOKEN=_4C3D3D7257E6DF71B714121168315051] -- View this message in context: http://cxf.547215.n5.nabble.com/Use-Fediz-with-LDAP-tp5748800p5749361.html Sent from the cxf-user mailing list archive at Nabble.com.
