Francesco Stampacchia wrote: > I'm finding myself stuck in implementing token validation, > such as trying to validate token on client side, once the token is > generated, doesn't work. > > But do I need to programmatically check the token or is it possible to > do so through some xml configuration file?! Yes - once you received the SAML Token at the service end you need can verify the issuer and it's validity.
Thanks & regards. -Prabath > > I'm getting a bit lost!!! > > Thanks. > > 2009/9/14 Francesco Stampacchia <stampacchiafrance...@gmail.com > <mailto:stampacchiafrance...@gmail.com>> > > By the way, > if I get to work the client and I have added my Service in the STS > list on the IS like: > > http://localhost:9080/axis2/services/WSO2Server/echo > > pointing to my keystore, do I have to add some extra code to my > Server application?! Like validate Token or such?! How do I test > that I can validate my assertion only if I am federated to the > sender?! > > > Thanks > > 2009/9/14 Francesco Stampacchia <stampacchiafrance...@gmail.com > <mailto:stampacchiafrance...@gmail.com>> > > Hello Prabath, > I was able to obtain the token from the STS, but I'm finding > this exception when performing the sendreceive(payload) function > > org.wso2client.client.WSO2ClientException: Echo failed! > at > org.wso2client.client.WSO2Client.echo(WSO2Client.java:155 > at org.wso2client.test.ClientTest.echo(ClientTest.java:41) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at > > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44) > at > > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) > at > > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41) > at > > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20) > at > > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) > at > > org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) > at > > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:73) > at > > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:46) > at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:180) > at > org.junit.runners.ParentRunner.access$000(ParentRunner.java:41) > at > org.junit.runners.ParentRunner$1.evaluate(ParentRunner.java:173) > at > > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) > at > > org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) > at > org.junit.runners.ParentRunner.run(ParentRunner.java:220) > at org.junit.runners.Suite.runChild(Suite.java:115) > at org.junit.runners.Suite.runChild(Suite.java:23) > at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:180) > at > org.junit.runners.ParentRunner.access$000(ParentRunner.java:41) > at > org.junit.runners.ParentRunner$1.evaluate(ParentRunner.java:173) > at > > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) > at > > org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) > at > org.junit.runners.ParentRunner.run(ParentRunner.java:220) > at org.junit.runner.JUnitCore.run(JUnitCore.java:137) > at org.junit.runner.JUnitCore.run(JUnitCore.java:116) > at org.junit.runner.JUnitCore.run(JUnitCore.java:107) > at org.junit.runner.JUnitCore.runMain(JUnitCore.java:88) > at > org.junit.runner.JUnitCore.runMainAndExit(JUnitCore.java:54) > at org.junit.runner.JUnitCore.main(JUnitCore.java:46) > at org.wso2client.test.ClientTest.main(ClientTest.java:30) > Caused by: java.lang.RuntimeException: > org.apache.ws.security.components.crypto.Merlin cannot create > instance > at > > org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:226) > at > > org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:93) > at > > org.apache.rampart.util.RampartUtil.getSignatureCrypto(RampartUtil.java:301) > at > > org.apache.rampart.builder.BindingBuilder.getSignatureBuider(BindingBuilder.java:300) > at > > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:626) > at > > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:413) > at > > org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:93) > at > org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) > at > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64) > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > at > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > at > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:429) > at > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401) > at > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > at > > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548) > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528) > at > org.wso2client.client.WSO2Client.echo(WSO2Client.java:143) > ... 34 more > Caused by: java.lang.InstantiationException: > org.apache.ws.security.components.crypto.Merlin > at java.lang.Class.newInstance0(Class.java:335) > at java.lang.Class.newInstance(Class.java:303) > at > > org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:220) > ... 51 more > > I'm trying to work it out, but if you have managed it or you > can guess its cause, it would be great! > Sorry for bothering, but your hints are being very useful for > my work! > > Thanks. > > 2009/9/14 Francesco Stampacchia > <stampacchiafrance...@gmail.com > <mailto:stampacchiafrance...@gmail.com>> > > Thank you Prabath, > I'm trying to work the whole scenario out following some > of your blog's posts, but I'm getting lost. > > Could you point me out which of your posts can help me > find my way? > > Thanks. > > > 2009/9/11 Prabath Siriwardena <prab...@wso2.com > <mailto:prab...@wso2.com>> > > Hi Stampacchia; > > Francesco Stampacchia wrote: > > Hello Prabath, > > I'm trying to set up my scenario using WSO2 Identity > Server 2.0, and > > I'm findind some help in your useful blog. > > > > But I'm stuck on some consideration. > > First of all I think Identity Server could help me > as IdP if I use it > > as STS, am I right?! > Yes... you can use Identity Server as an IdP. > > SO 've created my custom Web Service Server that > exposes one method > > (echo) and I put it under axis2. Then I pointed it > through STS > > Configuration, using wso2 standard keystore alias > and keystore. > Yes - correct - that is you have added you service end > point as a > trusted end point to the STS. > > But - "using wso2 standard keystore alias and > keystore" is not correct. > You need to first upload the cert corresponding to > your service to the > IS keystore and then use that cert alias in the STS > configuration > against he service end point. > > > > In this way is my service protected?! Am I doing right?! > Please see my comment above. > > > > Then I coded the client sample you give in your blog > and merged it > > with my standard client in order to first perform a > token retrival and > > then, on successful retrival, give permissions to > ask the service. > > Is that ok or is there a way I can perform this task > better through > > the Identity Server?! > > > > Could you point me out some samples or a corret > workflow to make it > > all work. > At the service end you need to verify the SAML token > received. Please go > through my blog - tagged under Identity Server. > > Thanks & regards. > -Prabath > > > > Thanks > > > > 2009/9/10 Francesco Stampacchia > <stampacchiafrance...@gmail.com > <mailto:stampacchiafrance...@gmail.com> > > <mailto:stampacchiafrance...@gmail.com > <mailto:stampacchiafrance...@gmail.com>>> > > > > Thanks Prabath, > > well, it would be great I you could address me > to some how-to or > > samples that could help me in setting up my > scenario. > > > > I have to adapt an already developed WSC/WSP > scenario that uses > > rampart only for users authenticaton. Now I'd > like to apply SSO > > and Federation to my use case. > > > > How can Rampart and the Identity Server help me?! > > > > Cheers. > > > > > > 2009/9/10 Prabath Siriwardena <prab...@wso2.com > <mailto:prab...@wso2.com> > > <mailto:prab...@wso2.com <mailto:prab...@wso2.com>>> > > > > Hi; > > > > Yes - in these scenarios you can use WSO2 > Identity Server as > > the IdP or > > the token issuer. > > > > And - you need to build your client side on > top of Rampart. > > > > Please let us know how we could help you... > > > > Thanks & regards. > > -Prabath > > > > Francesco Stampacchia wrote: > > > > > > Hello everyone, > > > we're setting up a WSC-WSP scenario on 2 > machines. > > > Machine A acts as IdP and as WSC, Machine > B is federated > > with A and > > > acts as WSP. > > > Our WSC is a simple wss client > (ejb-client) and WSP is a wss > > server > > > (ejb-server). > > > we're trying to create a library (used by > both WSC and WSP) > > that, > > > develops the following actions: > > > > > > 1 - Non-Browser based user single-sign-on > and successive > > token generation > > > > > > 2 - SAML assertion generation on WSC side > (through the token > > obtained > > > from step1) > > > > > > 3 - SAML validation on WSP side (the > assertion should be > > validated > > > from the WSP) > > > > > > Can WSO2 Identity Server support us?! Does > it has some API to > > > integrate it and help this development > scenario?! > > > > > > Thanks in advance! > > > > > > Francesco > > > > > > > > > > > > -- > > > Stampacchia Francesco > > > > > > > ------------------------------------------------------------------------ > > > > > > > _______________________________________________ > > > Carbon-dev mailing list > > > Carbon-dev@wso2.org > <mailto:Carbon-dev@wso2.org> > <mailto:Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>> > > > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > > > > _______________________________________________ > > Carbon-dev mailing list > > Carbon-dev@wso2.org > <mailto:Carbon-dev@wso2.org> > <mailto:Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>> > > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > > > > > -- > > Stampacchia Francesco > > > > > > > > > > -- > > Stampacchia Francesco > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Carbon-dev mailing list > > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org> > > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > -- > Stampacchia Francesco > > > > > -- > Stampacchia Francesco > > > > > -- > Stampacchia Francesco > > > > > -- > Francesco Stampacchia > ------------------------------------------------------------------------ > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > _______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
