axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Reinhold" <brianreinh...@lampreynetworks.com>
Subject RE: [jira] [Created] (AXIS-2894) Error constructing valid security header for a SAML policy
Date Wed, 17 Jul 2013 08:29:56 GMT
I'm not sure what the problem is but my client includes the SAML token . It looks like this

<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
				<wsp:Policy>
					<sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
						<sp:Issuer>
							<Address xmlns="http://www.w3.org/2005/08/addressing">https://lnihealth.com/axis2/services/STSRampart</Address>
						</sp:Issuer>
						<sp:RequestSecurityTokenTemplate>
							<t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>
							<t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
							<t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
						</sp:RequestSecurityTokenTemplate>
						<wsp:Policy>
							<sp:RequireInternalReference/>
						</wsp:Policy>
					</sp:IssuedToken>
				</wsp:Policy>
			</sp:SupportingTokens>

The token is received from an STS service and it is signed. Of course I have to give the axis2
client the obtained SAML token in code:

            Axis2TokenProvider prov = new Axis2Saml2TokenProvider(sts, cfgCntxt);
            secToken = prov.getToken();
	...
            opts.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, secToken.getId());

Brian

-----Original Message-----
From: Abdul Mujeeb (JIRA) [mailto:axis-dev@ws.apache.org] 
Sent: Wednesday, July 17, 2013 2:01 AM
To: java-dev@axis.apache.org
Subject: [jira] [Created] (AXIS-2894) Error constructing valid security header for a SAML
policy

Abdul Mujeeb created AXIS-2894:
----------------------------------

             Summary: Error constructing valid security header for a SAML policy
                 Key: AXIS-2894
                 URL: https://issues.apache.org/jira/browse/AXIS-2894
             Project: Axis
          Issue Type: Bug
            Reporter: Abdul Mujeeb


The endpoint web service is deployed on weblogic with a SAML policy applied on it and expects
a SAML token, but when I use Axis + Rampart + Neethi to construct an axis2 client for the
given policy.

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
	<wsp:All>
		<ns1:AsymmetricBinding
			xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
			<wsp:Policy>
				<ns1:InitiatorToken>
					<wsp:Policy>
						<ns1:X509Token
							ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
							<wsp:Policy>
								<ns1:WssX509V3Token10 />
							</wsp:Policy>
						</ns1:X509Token>
					</wsp:Policy>
				</ns1:InitiatorToken>
				<ns1:RecipientToken>
					<wsp:Policy>
						<ns1:X509Token
							ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
							<wsp:Policy>
								<ns1:WssX509V3Token10 />
							</wsp:Policy>
						</ns1:X509Token>
					</wsp:Policy>
				</ns1:RecipientToken>
				<ns1:AlgorithmSuite>
					<wsp:Policy>
						<ns1:Basic256 />
					</wsp:Policy>
				</ns1:AlgorithmSuite>
				<ns1:Layout>
					<wsp:Policy>
						<ns1:Lax />
					</wsp:Policy>
				</ns1:Layout>
				<ns1:IncludeTimestamp />
				<ns1:ProtectTokens />
				<ns1:OnlySignEntireHeadersAndBody />
			</wsp:Policy>
		</ns1:AsymmetricBinding>

		<ns2:SignedSupportingTokens
			xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
			<wsp:Policy>
				<ns2:SamlToken
					ns2:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
					<wsp:Policy>
						<ns2:WssSamlV11Token10 />
					</wsp:Policy>
				</ns2:SamlToken>
			</wsp:Policy>
		</ns2:SignedSupportingTokens>

		<ns3:Wss10 xmlns:ns3="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
			<wsp:Policy>
				<ns3:MustSupportRefKeyIdentifier />
				<ns3:MustSupportRefIssuerSerial />
			</wsp:Policy>
		</ns3:Wss10>

		<ns4:EncryptedParts
			xmlns:ns4="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
			<ns4:Body />
		</ns4:EncryptedParts>

		<ns5:SignedParts
			xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
			<ns5:Body />
		</ns5:SignedParts>

	</wsp:All>
</wsp:Policy>


The generated SOAP request doesn't include the SAML token in the SOAP message. It is for some
reason excluding signedSupportingTokens part of SAML



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators For more information
on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org



-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2013.0.3349 / Virus Database: 3204/6496 - Release Date: 07/16/13

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2013.0.3349 / Virus Database: 3204/6496 - Release Date: 07/16/13


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message