Hi. I will continue in this thread to Finally it seems that we're going to keep using the axis2 1.1 version so we don't have to recompilate everything. I proved the sample05 example from the repository adjusting it for the version 1.1 and I've found two problems: It seems that there's a problem with the keys, not being able to process the signature from the client:
<?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <wsa:ReplyTo> <wsa:Address>http://www.w3.org/2005/08/addressing/none </wsa:Address> </wsa:ReplyTo> <wsa:MessageID>urn:uuid:33A9BEE1DA4319E68D11879091814372</wsa:MessageID> <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault </wsa:Action> </soapenv:Header> <soapenv:Body> <soapenv:Fault> <faultcode>soapenv:Client</faultcode> <faultstring>The signature verification failed (The provided certificate is invalid)</faultstring> <detail> <Exception>org.apache.axis2.AxisFault: The signature verification failed (The provided certificate is invalid); nested exception is: org.apache.ws.security.WSSecurityException: The signature verification failed (The provided certificate is invalid)
 at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:73)
 at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
 at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:518)
 at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:483)
 at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest( HTTPTransportUtils.java:319)
 at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:230)
 at org.apache.axis2.transport.http.server.DefaultHttpServiceProcessor.doService (DefaultHttpServiceProcessor.java:179)
 at org.apache.http.protocol.HttpService.handleRequest(HttpService.java:123)
 at org.apache.axis2.transport.http.server.DefaultHttpServiceProcessor.run( DefaultHttpServiceProcessor.java:251)
 at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask (ThreadPoolExecutor.java:665)
 at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:690)
 at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.ws.security.WSSecurityException: The signature verification failed (The provided certificate is invalid)
 at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature( SignatureProcessor.java:257)
 at org.apache.ws.security.processor.SignatureProcessor.handleToken( SignatureProcessor.java:79)
 at org.apache.ws.security.WSSecurityEngine.processSecurityHeader( WSSecurityEngine.java:279)
 at org.apache.ws.security.WSSecurityEngine.processSecurityHeader( WSSecurityEngine.java:201)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:71)
 at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:69)
 ... 11 more
</Exception> </detail> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> I guess the keys are outdated. Is there an updated version of the keys? Second: The SAML tokens I need must be SAML2.0 tokens. Is rahas or rampart capable of generating SAML2.0 tokens? It seems that opensaml-1.1.jar is used, which I think that only provides SAML1.0 tokens. Could you confirm me this? I hope I'm wrong and rampart and rahas can provide SAML2.0 tokens as well, I tried to change in the client the line in the getPayload method: tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10); to: tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_20); without any results. Any help would be greatly appreciated, thanks in advance. Christina. 2007/8/14, Christina Larocca <[EMAIL PROTECTED]>: > > Thanks for your quick response. I'm going to put the examples to work. > > Regards. > > Christina. > > 2007/8/14, Ruchith Fernando < [EMAIL PROTECTED]>: > > > > Hi Christina, > > > > Rampart supports adding SAML Tokens to the security header in the > > policy based implementation. You can see an example here : > > > > http://marc.info/?l=axis-user&m=118665642802630&w=2 > > > > By the way note that this requires the service to express it > > requirements in policy and this sample uses the token acquired from > > the Security Token Service to encrypt and sign the message. > > > > I'm not sure what you mean by "...SAML tokens with encryption of the > > user name and signature will be used ...". Please check whether the > > above sample fits your requirement. > > > > Thanks, > > Ruchith > > > > On 8/14/07, Christina Larocca < [EMAIL PROTECTED]> wrote: > > > Hi all Axis2 users: > > > > > > I have been managing some web services using UsernameTokens (without > > using > > > rampart) to convey identities. I've a client that connects to a Token > > issuer > > > service that provides it an EndpointReference and the Username token > > needed > > > to authenticate. Now I must remodelate the security of the whole model > > and > > > instead of that, SAML tokens with encryption of the user name and > > signature > > > will be used. The last axis2 version I've been using was the 1.1 and > > now I'm > > > thinking about updating to the newest one and start using rampart. > > > > > > I have read that, unfortunatelly, Rampart itself can't be configured > > to add > > > the SAML token to the Security header and that it delegates those > > functions > > > to a STS called Rahas. The documentation I found about Rahas is very > > weak > > > and despite my experience I don't have a clue about where or how to > > start. > > > Could anyone indicate me where to find a good tutorial or use > > examples? Or, > > > even better, could anyone show me some code to generate the tokens? If > > it's > > > possible, I would prefer to config rahas with code instead of creating > > text > > > config files. > > > > > > Thanks in advance. > > > > > > Christina. > > > > > > > > > > > > -- > > www.ruchith.org > > www.wso2.org > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > >