The problem I think is that "http://schemas.xmlsoap.org/ws/2003/06/secext"; is not a standard WS-Security namespace, and hence CXF is not processing the message header at all. The correct WS-Security namespace for the security header is instead " http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd ".
You could take a look at the CXF transformation feature to transform the namespace into the correct version (no idea if this will work or not): http://cxf.apache.org/docs/transformationfeature.html Colm. On Tue, Jan 23, 2018 at 6:19 PM, Tóth Csaba <[email protected]> wrote: > Hello! > Its in the header: > ------------ > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; > xmlns:a="http://www.w3.org/2005/08/addressing";> > <soapenv:Header> > <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"; > > > <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:xs="http://www.w3.org/2001/XMLSchema"; > ID="pfxccb2f4f7-ca9c-3b5e-89b1-1d3c777400bc" Version="2.0" > IssueInstant="2014-07-17T01:01:48Z"> > > [assertion] > > </saml:Assertion> > > </wsse:Security> > </soapenv:Header> > <soapenv:Body> > <ns:RequestSecurityToken > > > <ns:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue > </ns:RequestType> > > <ns:TokenType>http://docs.oasis-open.org/wss/oasis-wss- > saml-token-profile-1.1#SAMLV2.0</ns:TokenType> > <ns7:AppliesTo xmlns:ns7="http://www.w3.org/ns/ws-policy";> [url] > </ns7:AppliesTo> > <!-- > <ns:Claims Dialect="http://bag.admin.ch/epr/2017/annex/5/addendum/2";> > > [claims need to process too ] > > </ns:Claims> > --> > </ns:RequestSecurityToken> > </soapenv:Body> > </soapenv:Envelope> > --------------------- > > Its look like easy task for the first look: > get a SAML in the header, full of attributes, and a request with other > attributes. > Validate some attributes, and all header attributes + claims attributes > put the new SAML token. > > but, about a week long, I google, read source code, google again, and > try to config the thing. > no good tutorial, no good documentation, no good description :( > > Csaba > > > > On 2018.01.23. 18:08, Colm O hEigeartaigh wrote: > > What does the request look like, e.g. where is the SAML token in the > > request? Is it referred to directly in the SOAP Body? > > > > Colm. > > > > On Tue, Jan 23, 2018 at 4:37 PM, Tóth Csaba <[email protected]> wrote: > > > >> Hello! > >> > >> I'd like to parse the incomming SAML token to get the fields (user, etc) > >> and give it to the issuer. > >> I found, that is done in the > >> org.apache.cxf.sts.operation.TokenIssueOperation class but > >> stsProperties.getSamlRealmCodec() is always null in my code (how can i > >> set it, need to create a new one?) > >> but after in the fetchSAMLAssertionFromWSSecuritySAMLToken() function > >> List<WSSecurityEngineResult> engineResults = handlerResult.getResults(); > >> line give back an empty list. > >> > >> In the request there is an SAML token. > >> > >> I try to find some solution, but every example is working with the > >> usernametoken, and/or dont provide a valid cxf config xml. > >> > >> Thanx > >> Csaba > >> > >> > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
