Hello! I dig deeper in the code: The problem with the SAML was: In the securty element contains not only the SAML, its contains before the SAML an <saml2:Issuer> and an <saml2p:Status> element (in his case The same is not processed)
If I delete it, its go thru the SAML validator Csaba On 2018.01.24. 19:25, Tóth Csaba wrote: > Hello! > Thanx. I changed the namespace, but not helped. > > The DefaultSubjectProvider cant retrieve the subject from this SAML: > > <saml2:Assertion ID="..." IssueInstant="..." Version="2.0" > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > > <saml2:Subject> > <saml2:NameID > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">[name]</saml2:NameID> > <saml2:SubjectConfirmation > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> > <saml2:SubjectConfirmationData > InResponseTo="_9c7644ce0fb93649cd2ca77bb9b5e6db22f68b52a9" > NotOnOrAfter="2018-01-24T18:06:33.305Z"/> > </saml2:SubjectConfirmation> > </saml2:Subject> > > </saml2:Assertion> > > But I get an error, because the subject is null > (At this point I cant change the SAML in the request) > > Thanx > > Csaba > > On 2018.01.24. 10:55, Colm O hEigeartaigh wrote: >> The problem I think is that "http://schemas.xmlsoap.org/ws/2003/06/secext"; >> is not a standard WS-Security namespace, and hence CXF is not processing >> the message header at all. The correct WS-Security namespace for the >> security header is instead " >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> ". >> >> You could take a look at the CXF transformation feature to transform the >> namespace into the correct version (no idea if this will work or not): >> >> http://cxf.apache.org/docs/transformationfeature.html >> >> Colm. >> >> >> On Tue, Jan 23, 2018 at 6:19 PM, Tóth Csaba <[email protected]> wrote: >> >>> Hello! >>> Its in the header: >>> ------------ >>> <soapenv:Envelope >>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; >>> xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; >>> xmlns:a="http://www.w3.org/2005/08/addressing";> >>> <soapenv:Header> >>> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"; >>> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>> xmlns:xs="http://www.w3.org/2001/XMLSchema"; >>> ID="pfxccb2f4f7-ca9c-3b5e-89b1-1d3c777400bc" Version="2.0" >>> IssueInstant="2014-07-17T01:01:48Z"> >>> >>> [assertion] >>> >>> </saml:Assertion> >>> >>> </wsse:Security> >>> </soapenv:Header> >>> <soapenv:Body> >>> <ns:RequestSecurityToken > >>> >>> <ns:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue >>> </ns:RequestType> >>> >>> <ns:TokenType>http://docs.oasis-open.org/wss/oasis-wss- >>> saml-token-profile-1.1#SAMLV2.0</ns:TokenType> >>> <ns7:AppliesTo xmlns:ns7="http://www.w3.org/ns/ws-policy";> [url] >>> </ns7:AppliesTo> >>> <!-- >>> <ns:Claims Dialect="http://bag.admin.ch/epr/2017/annex/5/addendum/2";> >>> >>> [claims need to process too ] >>> >>> </ns:Claims> >>> --> >>> </ns:RequestSecurityToken> >>> </soapenv:Body> >>> </soapenv:Envelope> >>> --------------------- >>> >>> Its look like easy task for the first look: >>> get a SAML in the header, full of attributes, and a request with other >>> attributes. >>> Validate some attributes, and all header attributes + claims attributes >>> put the new SAML token. >>> >>> but, about a week long, I google, read source code, google again, and >>> try to config the thing. >>> no good tutorial, no good documentation, no good description :( >>> >>> Csaba >>> >>> >>> >>> On 2018.01.23. 18:08, Colm O hEigeartaigh wrote: >>>> What does the request look like, e.g. where is the SAML token in the >>>> request? Is it referred to directly in the SOAP Body? >>>> >>>> Colm. >>>> >>>> On Tue, Jan 23, 2018 at 4:37 PM, Tóth Csaba <[email protected]> wrote: >>>> >>>>> Hello! >>>>> >>>>> I'd like to parse the incomming SAML token to get the fields (user, etc) >>>>> and give it to the issuer. >>>>> I found, that is done in the >>>>> org.apache.cxf.sts.operation.TokenIssueOperation class but >>>>> stsProperties.getSamlRealmCodec() is always null in my code (how can i >>>>> set it, need to create a new one?) >>>>> but after in the fetchSAMLAssertionFromWSSecuritySAMLToken() function >>>>> List<WSSecurityEngineResult> engineResults = handlerResult.getResults(); >>>>> line give back an empty list. >>>>> >>>>> In the request there is an SAML token. >>>>> >>>>> I try to find some solution, but every example is working with the >>>>> usernametoken, and/or dont provide a valid cxf config xml. >>>>> >>>>> Thanx >>>>> Csaba >>>>> >>>>> >
