axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Reinhold" <brianreinh...@lampreynetworks.com>
Subject RE: SAML Assertion not attached to soap header
Date Fri, 03 Apr 2015 08:31:13 GMT
Ahh, I see. Okay first its been a while since I have used axis 2 / rampart on the client side.
I have an Android client which has extreme difficulty supporting axis2 so I created the SOAP
message using basic Java http classes.

 

But I have done it using axis2/rampart. I will see if I can dig them up. But you are likely
missing something simple. It ends up looking like this with the SAML token highlighted in
blue. Get the latest version of Rampart as well. Earlier versions were not generating the
token correctly. It was missing some namespaces (I think it used the xsi prefix without defining
it in older versions but I forget…) which often occurred in other parts of the security
header so it didn’t cause a problem. But the token should be stand-alone.

 

POST /axis2/services/Exchange HTTP/1.1

Content-Type: application/soap+xml; charset=UTF-8; action="urn:ihe:pcd:2010:CommunicatePCDData"

User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.0.4; Nexus S Build/IMM26)

Host: 192.168.1.3:8443

Connection: Keep-Alive

Accept-Encoding: gzip

Content-Length: 8348

 

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">

    <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">

        <wsse:Security soapenv:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

            <wsu:Timestamp wsu:Id="Timestamp-3">

                <wsu:Created>2013-03-01T16:54:54.336</wsu:Created>

                <wsu:Expires>2013-03-01T16:59:54.336</wsu:Expires>

            </wsu:Timestamp>

                <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"
ID="urn:uuid:CCD9102DB9CE2669531362156867799" IssueInstant="2013-03-01T16:54:27.792Z" Version="2.0">

                     <saml2:Issuer>LNI SAML Token Service</saml2:Issuer>

                     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                           <ds:SignedInfo>

                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>

                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>

                                <ds:Reference URI="#urn:uuid:CCD9102DB9CE2669531362156867799">

                                     <ds:Transforms>

                                           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
/>

                                           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="xs" />

                                           </ds:Transform>

                                     </ds:Transforms>

                                     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>

                                     <ds:DigestValue>hL3WFtfHoQamGfaXGbMfGS7Nn0o=</ds:DigestValue>

                                </ds:Reference>

                           </ds:SignedInfo>

                          <ds:SignatureValue>dldKDhBH2YIAT7hQVdAFn1dbgZtQguJKHNOTz0QtfwAAAKb8iwYZMQuv/DwlgC0cIYprGWqp+4qnpX0Jp3OY8PpQESbrTl9/MumZcmQYEla8Ojey116mBGPiYmpnp1lNQvwwaZBqvOTChXRj0uns13wRteQy7vx99eQeubneIgo=</ds:SignatureValue>

                           <ds:KeyInfo>

                                <ds:X509Data>

                                     <ds:X509Certificate>MIICvjCCAiegAwIBAgIES1f+AjANBgkqhkiG9w0BAQUFADCBiTEhMB8GCSqGSIb3DQEJARYSbmFuZGFuYUBhcGFjaGUub3JnMQswCQYDVQQGEwJMSzEQMA4GA1UECAwHV2VzdGVybjEQMA4GA1UEBwwHQ29sb21ibzEPMA0GA1UECgwGQXBhY2hlMRAwDgYDVQQLDAdSYW1wYXJ0MRAwDgYDVQQDDAdzZXJ2aWNlMB4XDTEwMDEyMTA3MTA1OFoXDTM1MDExNTA3MTA1OFowgYkxITAfBgkqhkiG9w0BCQEWEm5hbmRhbmFAYXBhY2hlLm9yZzELMAkGA1UEBhMCTEsxEDAOBgNVBAgMB1dlc3Rlcm4xEDAOBgNVBAcMB0NvbG9tYm8xDzANBgNVBAoMBkFwYWNoZTEQMA4GA1UECwwHUmFtcGFydDEQMA4GA1UEAwwHc2VydmljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlAwDwx/FRgDReNc8Xuzo7/gHejimFkseCm+7WaFZp0dGwTnEJWNwWZk4yMw/1FqWCgGHAbJBT25TAljleKDMUlZJPaU6PkJD8Hn94A1EstBDYA70pH3wt1moDxYbcG2QLxC1WrFM6aqR3NB92zG8T3Q9X4jxGGWPkd39IndfdDMCAwEAAaMxMC8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIEsDANBgkqhkiG9w0BAQUFAAOBgQBeAOERzydvAUNipBKOVg3FcjGTyMg3lzo7S1DFg7qTM4FZwUf2zw9XMagVLJRsaw+Asj8mqnugTpB4jBJCrCGZ7YEviXz4PnqQjuuov5rXtFIc1Bp/PQmQt+LiZ2zln+fFxnSoHEzUsqs5zhdy/uIP0srAtBosdHxL9BJHxd7wQw==</ds:X509Certificate>

                                </ds:X509Data>

                           </ds:KeyInfo>

                     </ds:Signature>

                     <saml2:Subject>

                           <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">

                                <saml2:SubjectConfirmationData xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
NotBefore="2013-03-01T16:54:27.792Z" NotOnOrAfter="2013-03-01T17:37:39.792Z" xsi:type="saml2:KeyInfoConfirmationDataType">

                                     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                                           <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EK-C82A2592DB5193D51C13621568677947">

                                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
/>

                                                <ds:KeyInfo>

                                                     <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

                                                           <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">EPlMdE3oRiNlo8bGg3BLR3uGWT8=</wsse:KeyIdentifier>

                                                     </wsse:SecurityTokenReference>

                                                </ds:KeyInfo>

                                                <xenc:CipherData>

                                                     <xenc:CipherValue>JkAWwNH+FdRevF6o9zjB+FTmwxe58jYFeHQO684YNeM5zSLvKna47h/v1OowtnDf5htaBo3uEqp8xPf+IDOYjNQLHfsDHZ60EvVUjrHKXALE5pRcFtqX93iiUE/Ke4zpVvGQjyMxer454Qo/SL98xd6v4jpDc/zKMK4iGPO+YaI=</xenc:CipherValue>

                                                </xenc:CipherData>

                                           </xenc:EncryptedKey>

                                     </ds:KeyInfo>

                                </saml2:SubjectConfirmationData>

                           </saml2:SubjectConfirmation>

                     </saml2:Subject>

                     <saml2:Conditions NotBefore="2013-03-01T16:54:27.792Z" NotOnOrAfter="2013-03-01T17:37:39.792Z"
/>

                     <saml2:AttributeStatement>

                           <saml2:Attribute Name="program" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

                                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">Continua</saml2:AttributeValue>

                           </saml2:Attribute>

                           <saml2:Attribute Name="user" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

                                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">Sisansarah</saml2:AttributeValue>

                           </saml2:Attribute>

                     </saml2:AttributeStatement>

                </saml2:Assertion>

           </wsse:Security>

        <wsa:To soapenv:mustUnderstand="true">https://192.168.1.3:8443/axis2/services/Exchange</wsa:To>

        <wsa:ReplyTo soapenv:mustUnderstand="true">

            <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>

        </wsa:ReplyTo>

        <wsa:MessageID soapenv:mustUnderstand="true">urn:uuid:1_1362156894340</wsa:MessageID>

        <wsa:Action soapenv:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>

    </soapenv:Header>

    <soapenv:Body>

           <pcd:CommunicatePCDData xmlns:pcd="urn:ihe:pcd:dec:2010">

           MSH|^~\&amp;|LNI Example AHD^ECDE3D4E58532D31^EUI-64||||20130301115450.720-0500||ORU^R01^ORU_R01|002013030111545720|P|2.6|||NE|AL|||||IHE
PCD ORU-R012006^HL7^2.16.840.1.113883.9.n.m^HL7&#xD;

        PID|||28da0026bc42484^^^1.19.6.24.109.42.1.3^PI||Piggy^Sisansarah^L.^^^^L&#xD;

        OBR|1|JOXP-PCD^LNI Example AHD^ECDE3D4E58532D31^EUI-64|JOXP-PCD^LNI Example AHD^ECDE3D4E58532D31^EUI-64|182777000^monitoring
of patient^SNOMED-CT|||20130301115452.000-0500|20130301115455.001-0500&#xD;

          OBX|1||531981^MDC_MOC_VMS_MDS_AHD^MDC|0|||||||X|||||||ECDE3D4E58532D31^^ECDE3D4E58532D31^EUI-64&#xD;OBX|2|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|0.0.0.1|2^auth-body-continua||||||R&#xD;OBX|3|ST|532352^MDC_REG_CERT_DATA_CONTINUA_VERSION^MDC|0.0.0.1.1|2.0||||||R&#xD;OBX|4|CWE|532353^MDC_REG_CERT_DATA_CONTINUA_CERT_DEV_LIST^MDC|0.0.0.1.2|4||||||R&#xD;OBX|5|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|0.0.0.2|2^auth-body-continua||||||R&#xD;OBX|6|ST|532354^MDC_REG_CERT_DATA_CONTINUA_REG_STATUS^MDC|0.0.0.2.1|1^(0)||||||R&#xD;OBX|7|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|0.0.0.3|2^auth-body-continua||||||R&#xD;OBX|8|CWE|532355^MDC_REG_CERT_DATA_CONTINUA_AHD_CERT_LIST^MDC|0.0.0.3.1|0||||||R&#xD;OBX|9|CWE|68220^MDC_TIME_SYNC_PROTOCOL^MDC|0.0.0.4|532224^MDC_TIME_SYNC_NONE^MDC||||||R&#xD;OBX|10||528391^MDC_DEV_SPEC_PROFILE_BP^MDC|1|||||||X|||||||1234567800112233^^1234567800112233^EUI-64&#xD;OBX|11|ST|531970^MDC_ID_MODEL_MANUFACTURER^MDC|1.0.0.1|Lamprey
Networks||||||R&#xD;

           OBX|12|ST|531969^MDC_ID_MODEL_NUMBER^MDC|1.0.0.2|Blood Pressure 1.0.0||||||R&#xD;

           OBX|13|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|1.0.0.3|2^auth-body-continua||||||R&#xD;OBX|14|ST|532352^MDC_REG_CERT_DATA_CONTINUA_VERSION^MDC|1.0.0.3.1|2.0||||||R&#xD;OBX|15|CWE|532353^MDC_REG_CERT_DATA_CONTINUA_CERT_DEV_LIST^MDC|1.0.0.3.2|24583~8199~16391~7||||||R&#xD;OBX|16|CWE|68218^MDC_ATTR_REG_CERT_DATA_AUTH_BODY^MDC|1.0.0.4|2^auth-body-continua||||||R&#xD;OBX|17|CWE|532354^MDC_REG_CERT_DATA_CONTINUA_REG_STATUS^MDC|1.0.0.4.1|1^(0)||||||R&#xD;OBX|18|CWE|68219^MDC_TIME_CAP_STATE^MDC|1.0.0.5|1^(0)||||||R&#xD;OBX|19|CWE|68220^MDC_TIME_SYNC_PROTOCOL^MDC|1.0.0.6|532224^MDC_TIME_SYNC_NONE^MDC||||||R&#xD;OBX|20|NM|68221^MDC_TIME_SYNC_ACCURACY^MDC|1.0.0.7|0|264339^MDC_DIM_MICRO_SEC^MDC|||||R&#xD;OBX|21|DTM|67975^MDC_ATTR_TIME_ABS^MDC|1.0.0.8|20130301115423.00||||||R|||20130301115450.733-0500&#xD;OBX|22||150020^MDC_PRESS_BLD_NONINV^MDC|1.0.1|||||||X|||20130301115452.733-0500&#xD;OBX|23|NM|150021^MDC_PRESS_BLD_NONINV_SYS^MDC|1.0.1.1|105|266016^MDC_DIM_MMHG^MDC|||||R&#xD;OBX|24|NM|150022^MDC_PRESS_BLD_NONINV_DIA^MDC|1.0.1.2|70|266016^MDC_DIM_MMHG^MDC|||||R&#xD;OBX|25|NM|150023^MDC_PRESS_BLD_NONINV_MEAN^MDC|1.0.1.3|81.7|266016^MDC_DIM_MMHG^MDC|||||R&#xD;OBX|26|NM|149546^MDC_PULS_RATE_NON_INV^MDC|1.0.0.9|80|264864^MDC_DIM_BEAT_PER_MIN^MDC|||||R|||20130301115453.733-0500&#xD;

           </pcd:CommunicatePCDData>

     </soapenv:Body>

</soapenv:Envelope>

 

From: Rangasamy, Prakash [mailto:Prakash.Rangasamy@scientificgames.com] 
Sent: Fri, April 03, 2015 1:04 AM
To: java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Hi Brian,

                we have STS server which generates Token, that is perfectly fine. My doubt
is, how to include the token to soap header. I tried to include the token to soap request
through setproperty(refer code snippet below) 

options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId());

 

but when we examine the soap request in log, not able to locate the attached SAMl  token.

 

1.    I don't know where we are sending to the server the SAML assertion in the soapMessage,
is this because the information is encryptied?

2.    Could you please share me some tutorial about rampart policy(how to sign, encrypt, include
SAML)

 

your reply is highly appreciated..

 

Thanks,

Prakash

From: Brian Reinhold [mailto:brianreinhold@lampreynetworks.com] 
Sent: 03 April 2015 AM 03:22
To: java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Prakash,

 

I am not sure what you are trying to do. Usually the client requests a token from a SAML server
(perhaps with WS-Trust) and the token is generated on the server which you then use as an
opaque block in a message to the server. Are you creating the token on the client?

 

Brian

 

From: Rangasamy, Prakash [mailto:Prakash.Rangasamy@scientificgames.com] 
Sent: Thu, April 02, 2015 12:38 PM
To: java-dev@axis.apache.org
Subject: SAML Assertion not attached to soap header

 

Hi,
 I'm new in SAML with Axis2 Rampart. we are developing a web service client to communicate
to secure web service which has SAML enabled. 
we included the SAML Assertion to soap request thru KEY_CUSTOM_ISSUED_TOKEN. but when we examine
the request sent to endpoint, SAML Assertion is not present in header.

Is this issue in rampart or im missing something in the config. 

thanks,
Prakash

 

 

Prakash Rangasamy | Software Analyst |  <http://www.ballytech.com> Bally Technologies
 | (O) +1 702 532 2662 | (M) +91 77 6039 7260


May be privileged. May be confidential. Please delete if not the addressee.
Prakash Rangasamy

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15


Mime
View raw message