Francesco Stampacchia wrote: > Thank you Prabath, > I managed to send the token to my service, but I'm still getting the > exception I quoted a few posts ago, what could it possibly depend on?!
It seems like you have set an invalid crypto provider at your service policy - RampartConfig. Thanks & regards. -Prabath > > 2009/9/15 Prabath Siriwardena <[email protected] <mailto:[email protected]>> > > Francesco Stampacchia wrote: > > I'm finding myself stuck in implementing token validation, > > such as trying to validate token on client side, once the token is > > generated, doesn't work. > > > > But do I need to programmatically check the token or is it > possible to > > do so through some xml configuration file?! > Yes - once you received the SAML Token at the service end you need can > verify the issuer and it's validity. > > Thanks & regards. > -Prabath > > > > I'm getting a bit lost!!! > > > > Thanks. > > > > 2009/9/14 Francesco Stampacchia <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>> > > > > By the way, > > if I get to work the client and I have added my Service in > the STS > > list on the IS like: > > > > http://localhost:9080/axis2/services/WSO2Server/echo > > > > pointing to my keystore, do I have to add some extra code to my > > Server application?! Like validate Token or such?! How do I test > > that I can validate my assertion only if I am federated to the > > sender?! > > > > > > Thanks > > > > 2009/9/14 Francesco Stampacchia > <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>> > > > > Hello Prabath, > > I was able to obtain the token from the STS, but I'm finding > > this exception when performing the sendreceive(payload) > function > > > > org.wso2client.client.WSO2ClientException: Echo failed! > > at > > org.wso2client.client.WSO2Client.echo(WSO2Client.java:155 > > at > org.wso2client.test.ClientTest.echo(ClientTest.java:41) > > at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > Method) > > at > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > at > > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > > at java.lang.reflect.Method.invoke(Method.java:585) > > at > > > > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44) > > at > > > > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) > > at > > > > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41) > > at > > > > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20) > > at > > > > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) > > at > > > > org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) > > at > > > > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:73) > > at > > > > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:46) > > at > > > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:180) > > at > > > org.junit.runners.ParentRunner.access$000(ParentRunner.java:41) > > at > > > org.junit.runners.ParentRunner$1.evaluate(ParentRunner.java:173) > > at > > > > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) > > at > > > > org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) > > at > > org.junit.runners.ParentRunner.run(ParentRunner.java:220) > > at org.junit.runners.Suite.runChild(Suite.java:115) > > at org.junit.runners.Suite.runChild(Suite.java:23) > > at > > > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:180) > > at > > > org.junit.runners.ParentRunner.access$000(ParentRunner.java:41) > > at > > > org.junit.runners.ParentRunner$1.evaluate(ParentRunner.java:173) > > at > > > > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) > > at > > > > org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) > > at > > org.junit.runners.ParentRunner.run(ParentRunner.java:220) > > at > org.junit.runner.JUnitCore.run(JUnitCore.java:137) > > at > org.junit.runner.JUnitCore.run(JUnitCore.java:116) > > at > org.junit.runner.JUnitCore.run(JUnitCore.java:107) > > at > org.junit.runner.JUnitCore.runMain(JUnitCore.java:88) > > at > > org.junit.runner.JUnitCore.runMainAndExit(JUnitCore.java:54) > > at > org.junit.runner.JUnitCore.main(JUnitCore.java:46) > > at > org.wso2client.test.ClientTest.main(ClientTest.java:30) > > Caused by: java.lang.RuntimeException: > > org.apache.ws.security.components.crypto.Merlin cannot > create > > instance > > at > > > > org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:226) > > at > > > > org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:93) > > at > > > > org.apache.rampart.util.RampartUtil.getSignatureCrypto(RampartUtil.java:301) > > at > > > > org.apache.rampart.builder.BindingBuilder.getSignatureBuider(BindingBuilder.java:300) > > at > > > > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:626) > > at > > > > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:413) > > at > > > > org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:93) > > at > > > org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) > > at > > > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64) > > at > org.apache.axis2.engine.Phase.invoke(Phase.java:317) > > at > > > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > > at > > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:429) > > at > > > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401) > > at > > > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > > at > > > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > > at > > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548) > > at > > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528) > > at > > org.wso2client.client.WSO2Client.echo(WSO2Client.java:143) > > ... 34 more > > Caused by: java.lang.InstantiationException: > > org.apache.ws.security.components.crypto.Merlin > > at java.lang.Class.newInstance0(Class.java:335) > > at java.lang.Class.newInstance(Class.java:303) > > at > > > > org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:220) > > ... 51 more > > > > I'm trying to work it out, but if you have managed it or you > > can guess its cause, it would be great! > > Sorry for bothering, but your hints are being very > useful for > > my work! > > > > Thanks. > > > > 2009/9/14 Francesco Stampacchia > > <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>> > > > > Thank you Prabath, > > I'm trying to work the whole scenario out following some > > of your blog's posts, but I'm getting lost. > > > > Could you point me out which of your posts can help me > > find my way? > > > > Thanks. > > > > > > 2009/9/11 Prabath Siriwardena <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > Hi Stampacchia; > > > > Francesco Stampacchia wrote: > > > Hello Prabath, > > > I'm trying to set up my scenario using WSO2 > Identity > > Server 2.0, and > > > I'm findind some help in your useful blog. > > > > > > But I'm stuck on some consideration. > > > First of all I think Identity Server could help me > > as IdP if I use it > > > as STS, am I right?! > > Yes... you can use Identity Server as an IdP. > > > SO 've created my custom Web Service Server that > > exposes one method > > > (echo) and I put it under axis2. Then I pointed it > > through STS > > > Configuration, using wso2 standard keystore alias > > and keystore. > > Yes - correct - that is you have added you > service end > > point as a > > trusted end point to the STS. > > > > But - "using wso2 standard keystore alias and > > keystore" is not correct. > > You need to first upload the cert corresponding to > > your service to the > > IS keystore and then use that cert alias in the STS > > configuration > > against he service end point. > > > > > > In this way is my service protected?! Am I > doing right?! > > Please see my comment above. > > > > > > Then I coded the client sample you give in > your blog > > and merged it > > > with my standard client in order to first > perform a > > token retrival and > > > then, on successful retrival, give permissions to > > ask the service. > > > Is that ok or is there a way I can perform > this task > > better through > > > the Identity Server?! > > > > > > Could you point me out some samples or a corret > > workflow to make it > > > all work. > > At the service end you need to verify the SAML token > > received. Please go > > through my blog - tagged under Identity Server. > > > > Thanks & regards. > > -Prabath > > > > > > Thanks > > > > > > 2009/9/10 Francesco Stampacchia > > <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > > <mailto:[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>>> > > > > > > Thanks Prabath, > > > well, it would be great I you could address me > > to some how-to or > > > samples that could help me in setting up my > > scenario. > > > > > > I have to adapt an already developed WSC/WSP > > scenario that uses > > > rampart only for users authenticaton. Now I'd > > like to apply SSO > > > and Federation to my use case. > > > > > > How can Rampart and the Identity Server > help me?! > > > > > > Cheers. > > > > > > > > > 2009/9/10 Prabath Siriwardena > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>>>> > > > > > > Hi; > > > > > > Yes - in these scenarios you can use WSO2 > > Identity Server as > > > the IdP or > > > the token issuer. > > > > > > And - you need to build your client > side on > > top of Rampart. > > > > > > Please let us know how we could help > you... > > > > > > Thanks & regards. > > > -Prabath > > > > > > Francesco Stampacchia wrote: > > > > > > > > Hello everyone, > > > > we're setting up a WSC-WSP scenario on 2 > > machines. > > > > Machine A acts as IdP and as WSC, > Machine > > B is federated > > > with A and > > > > acts as WSP. > > > > Our WSC is a simple wss client > > (ejb-client) and WSP is a wss > > > server > > > > (ejb-server). > > > > we're trying to create a library > (used by > > both WSC and WSP) > > > that, > > > > develops the following actions: > > > > > > > > 1 - Non-Browser based user > single-sign-on > > and successive > > > token generation > > > > > > > > 2 - SAML assertion generation on WSC > side > > (through the token > > > obtained > > > > from step1) > > > > > > > > 3 - SAML validation on WSP side (the > > assertion should be > > > validated > > > > from the WSP) > > > > > > > > Can WSO2 Identity Server support > us?! Does > > it has some API to > > > > integrate it and help this development > > scenario?! > > > > > > > > Thanks in advance! > > > > > > > > Francesco > > > > > > > > > > > > > > > > -- > > > > Stampacchia Francesco > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > _______________________________________________ > > > > Carbon-dev mailing list > > > > [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > <mailto:[email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>>> > > > > > > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > > > > > > > > > _______________________________________________ > > > Carbon-dev mailing list > > > [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > <mailto:[email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>>> > > > > > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > > > > > > > > > > -- > > > Stampacchia Francesco > > > > > > > > > > > > > > > -- > > > Stampacchia Francesco > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Carbon-dev mailing list > > > [email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>> > > > > > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > > > > _______________________________________________ > > Carbon-dev mailing list > > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > > > > > -- > > Stampacchia Francesco > > > > > > > > > > -- > > Stampacchia Francesco > > > > > > > > > > -- > > Stampacchia Francesco > > > > > > > > > > -- > > Francesco Stampacchia > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Carbon-dev mailing list > > [email protected] <mailto:[email protected]> > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > _______________________________________________ > Carbon-dev mailing list > [email protected] <mailto:[email protected]> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > -- > Francesco Stampacchia > ------------------------------------------------------------------------ > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > _______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
