Do you mean that there was a "saml2p:Status" element in the security header before the Assertion? If so then this is not valid, only the SAML Assertion should be there.
Colm. On Thu, Jan 25, 2018 at 8:47 AM, Tóth Csaba <[email protected]> wrote: > Hello! > > I dig deeper in the code: > The problem with the SAML was: > In the securty element contains not only the SAML, its contains before > the SAML an > <saml2:Issuer> and an <saml2p:Status> element > (in his case The same is not processed) > > If I delete it, its go thru the SAML validator > > Csaba > > On 2018.01.24. 19:25, Tóth Csaba wrote: > > Hello! > > Thanx. I changed the namespace, but not helped. > > > > The DefaultSubjectProvider cant retrieve the subject from this SAML: > > > > <saml2:Assertion ID="..." IssueInstant="..." Version="2.0" > > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > > > > <saml2:Subject> > > <saml2:NameID > > Format="urn:oasis:names:tc:SAML:2.0:nameid-format: > persistent">[name]</saml2:NameID> > > <saml2:SubjectConfirmation > > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> > > <saml2:SubjectConfirmationData > > InResponseTo="_9c7644ce0fb93649cd2ca77bb9b5e6db22f68b52a9" > > NotOnOrAfter="2018-01-24T18:06:33.305Z"/> > > </saml2:SubjectConfirmation> > > </saml2:Subject> > > > > </saml2:Assertion> > > > > But I get an error, because the subject is null > > (At this point I cant change the SAML in the request) > > > > Thanx > > > > Csaba > > > > On 2018.01.24. 10:55, Colm O hEigeartaigh wrote: > >> The problem I think is that "http://schemas.xmlsoap.org/ > ws/2003/06/secext" > >> is not a standard WS-Security namespace, and hence CXF is not processing > >> the message header at all. The correct WS-Security namespace for the > >> security header is instead " > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > wssecurity-secext-1.0.xsd > >> ". > >> > >> You could take a look at the CXF transformation feature to transform the > >> namespace into the correct version (no idea if this will work or not): > >> > >> http://cxf.apache.org/docs/transformationfeature.html > >> > >> Colm. > >> > >> > >> On Tue, Jan 23, 2018 at 6:19 PM, Tóth Csaba <[email protected]> wrote: > >> > >>> Hello! > >>> Its in the header: > >>> ------------ > >>> <soapenv:Envelope > >>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > >>> xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; > >>> xmlns:a="http://www.w3.org/2005/08/addressing";> > >>> <soapenv:Header> > >>> <wsse:Security xmlns:wsse="http://schemas. > xmlsoap.org/ws/2003/06/secext" > >>> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" > >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >>> xmlns:xs="http://www.w3.org/2001/XMLSchema"; > >>> ID="pfxccb2f4f7-ca9c-3b5e-89b1-1d3c777400bc" Version="2.0" > >>> IssueInstant="2014-07-17T01:01:48Z"> > >>> > >>> [assertion] > >>> > >>> </saml:Assertion> > >>> > >>> </wsse:Security> > >>> </soapenv:Header> > >>> <soapenv:Body> > >>> <ns:RequestSecurityToken > > >>> > >>> <ns:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue > >>> </ns:RequestType> > >>> > >>> <ns:TokenType>http://docs.oasis-open.org/wss/oasis-wss- > >>> saml-token-profile-1.1#SAMLV2.0</ns:TokenType> > >>> <ns7:AppliesTo xmlns:ns7="http://www.w3.org/ns/ws-policy";> [url] > >>> </ns7:AppliesTo> > >>> <!-- > >>> <ns:Claims Dialect="http://bag.admin.ch/epr/2017/annex/5/addendum/2 > "> > >>> > >>> [claims need to process too ] > >>> > >>> </ns:Claims> > >>> --> > >>> </ns:RequestSecurityToken> > >>> </soapenv:Body> > >>> </soapenv:Envelope> > >>> --------------------- > >>> > >>> Its look like easy task for the first look: > >>> get a SAML in the header, full of attributes, and a request with other > >>> attributes. > >>> Validate some attributes, and all header attributes + claims attributes > >>> put the new SAML token. > >>> > >>> but, about a week long, I google, read source code, google again, and > >>> try to config the thing. > >>> no good tutorial, no good documentation, no good description :( > >>> > >>> Csaba > >>> > >>> > >>> > >>> On 2018.01.23. 18:08, Colm O hEigeartaigh wrote: > >>>> What does the request look like, e.g. where is the SAML token in the > >>>> request? Is it referred to directly in the SOAP Body? > >>>> > >>>> Colm. > >>>> > >>>> On Tue, Jan 23, 2018 at 4:37 PM, Tóth Csaba <[email protected]> wrote: > >>>> > >>>>> Hello! > >>>>> > >>>>> I'd like to parse the incomming SAML token to get the fields (user, > etc) > >>>>> and give it to the issuer. > >>>>> I found, that is done in the > >>>>> org.apache.cxf.sts.operation.TokenIssueOperation class but > >>>>> stsProperties.getSamlRealmCodec() is always null in my code (how > can i > >>>>> set it, need to create a new one?) > >>>>> but after in the fetchSAMLAssertionFromWSSecuritySAMLToken() > function > >>>>> List<WSSecurityEngineResult> engineResults = > handlerResult.getResults(); > >>>>> line give back an empty list. > >>>>> > >>>>> In the request there is an SAML token. > >>>>> > >>>>> I try to find some solution, but every example is working with the > >>>>> usernametoken, and/or dont provide a valid cxf config xml. > >>>>> > >>>>> Thanx > >>>>> Csaba > >>>>> > >>>>> > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
