Re: Getting a server error trying to read SAML assertion

Sat, 25 Jul 2015 03:19:16 -0700 

Hi
I checked the code, the original exception is lost - I'll update the code reporting it, but it is originating from a STAX reader. 


You mentioned the deflation - do you see this issue even when the 
deflation is disabled on both ends ?


Cheers, Sergey
On 24/07/15 23:04, jsmith828 wrote:

Hi,

I have CXF JAX-RS application running on Tomcat and I am trying to implement
SAML security.  The payload for the service is JSON so I thought it might be
best if I use the Authorization header to send a signed SAML assertion to
the server.  On the client I used the SamlHeaderOutInterceptor with a custom
SamlCallbackHandler to actually create and sign the assertion.  When I
execute a request to my service through my client using Membrane I can see
that the header is present:

Authorization: SAML PHNhbWwyOkFzc2VydGlvbiBJRD0...

I turned off deflation so I could even paste it into Notepad++ and base64
decode it to see the contents.  Everything looks fine.  However when the
request reaches the server I get a very obscure error from the
SamlHeaderInHandler or more specifically the AbstractSamlInHandler.  Here is
the error:

24-Jul-2015 15:27:42.429 WARNING [http-nio-8080-exec-8]
org.apache.cxf.rs.security.saml.AbstractSamlInHandler.throwFault Assertion
can not be read as
XML document
24-Jul-2015 15:27:42.430 WARNING [http-nio-8080-exec-8]
org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper.toResponse
javax.ws.rs.NotAuthorizedEx
ception: HTTP 401 Unauthorized
         at
org.apache.cxf.jaxrs.utils.SpecExceptions.toNotAuthorizedException(SpecExceptions.java:94)
         at
org.apache.cxf.jaxrs.utils.ExceptionUtils.toNotAuthorizedException(ExceptionUtils.java:130)
         at
org.apache.cxf.rs.security.saml.AbstractSamlInHandler.throwFault(AbstractSamlInHandler.java:264)
         at
org.apache.cxf.rs.security.saml.AbstractSamlInHandler.readToken(AbstractSamlInHandler.java:107)
         at
org.apache.cxf.rs.security.saml.AbstractSamlInHandler.validateToken(AbstractSamlInHandler.java:96)
         at
org.apache.cxf.rs.security.saml.AbstractSamlBase64InHandler.handleToken(AbstractSamlBase64InHandler.java:53)
         at
org.apache.cxf.rs.security.saml.SamlHeaderInHandler.filter(SamlHeaderInHandler.java:52)

Again the assertion looks perfectly fine and the XML well-formed.  I was
hoping someone might have encountered this problem before and have a
solution.  Thanks in advance.




--
View this message in context: 
http://cxf.547215.n5.nabble.com/Getting-a-server-error-trying-to-read-SAML-assertion-tp5759446.html
Sent from the cxf-user mailing list archive at Nabble.com.




--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com






















					Reply via email to